[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

127844

 
 

909

 
 

105823

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 24547 Download | Alert*

Enable rsyslog to Accept Messages via TCP, if Acting As Log Server The 'rsyslog' daemon should not accept remote messages unless the system acts as a log server. If the system needs to act as a central log server, add the following lines to '/etc/rsyslog.conf' to enable reception of messages over TCP: $ModLoad imtcp $InputTCPServerRun 514

Enable rsyslog to Accept Messages via UDP, if Acting As Log Server The 'rsyslog' daemon should not accept remote messages unless the system acts as a log server. If the system needs to act as a central log server, add the following lines to '/etc/rsyslog.conf' to enable reception of messages over UDP: $ModLoad imudp $UDPServerRun 514

Ensure Logrotate Runs Periodically The 'logrotate' utility allows for the automatic rotation of log files. The frequency of rotation is specified in '/etc/logrotate.conf', which triggers a cron task. To configure logrotate to run daily, add or correct the following line in '/etc/logrotate.conf': # rotate log files

Configure Logwatch HostLimit Line On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The 'HostLimit' setting tells Logwatch to report on all hosts, not just the one on which it is running. ' HostLimit = no '

Configure Logwatch SplitHosts Line If 'SplitHosts' is set, Logwatch will separate entries by hostname. This makes the report longer but significantly more usable. If it is not set, then Logwatch will not report which host generated a given log entry, and that information is almost always necessary ' SplitHosts = yes '

Disable Logwatch on Clients if a Logserver Exists Does your site have a central logserver which has been configured to report on logs received from all systems? If so: $ sudo rm /etc/cron.daily/0logwatch If no logserver exists, it will be necessary for each machine to run Logwatch individually. Using a central logserver provides the security and reliability benefits discussed earlier, and ...

Enable auditd Service The 'auditd' service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The 'auditd' service can be enabled with the following command: '$ sudo systemctl enable auditd'

Configure auditd Number of Logs Retained Determine how many log files 'auditd' should retain when it rotates logs. Edit the file '/etc/audit/auditd.conf'. Add or modify the following line, substituting

Configure auditd Max Log File Size Determine the amount of audit data (in megabytes) which should be retained in each log file. Edit the file '/etc/audit/auditd.conf'. Add or modify the following line, substituting the correct value for

Configure auditd max_log_file_action Upon Reaching Maximum Log Size The default action to take when the logs reach their maximum size is to rotate the log files, discarding the oldest one. To configure the action taken by 'auditd', add or correct the line in '/etc/audit/auditd.conf': 'max_log_file_action = ACTION' Possible values for


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2454

© SecPod Technologies