Central Rsyslog server with TLS encrytion. | rsyslog log central splunk

Certificate setup.

Server Certificate.

Create the following directory

Install the following package to enable encryption on rsyslog.

Execute the following command which create the certificates.

Client Certificate.

 

Copy the following three certificates to the client machine to the following location /etc/ssl/rsyslog/.

 

 

Server Setup.

Create the following configuration file.

Restart the server.

This will allow the changes to take effect.

Running netstat will show you that its listen on encrypted and un-encrypted ports for logging traffic.

Client Setup.

Replace the SERVER with the IP address of your rsyslog server.

Restart rsyslog on the client so that changes can take effect.

Now to test the logs are transmitted execute.

To verify that the logs are received on the encrypted port, connect to the server and run the following.

This will listen for traffic on the encrypted port. Successful results should look like this.

 

Converting a text file from uppercase to lowercase. | converting text files from uppercase to lowercase

I had a bunch of hostnames in a text file, but some were uppercase and some lowercase. This presents problems when searching and automating tasks, so  I wanted a way to convert them all into lowercase as all text should be in Linux.

Here we are using “tr” to completed this task.

 

How to disable root access to RHEL Redhat systems. | disable root access linux

For security reasons, root access to Linux systems should be disabled as  standard theses days. Some distributions still allow it but other have blocked it by default. We should be taking advantage of sudo, which allows you to log in with your standard unprivileged account but execute root commands with the sudo app.

Here are some quick and easy steps to stop root access to your system and improve your security footprint.

This command will lock the root account

This will replace the hashed password with “!”, which is another way to stop logons

To add another level of security you should also disable root logons from the ssh server too. Here is how to do so,

Ensure the following entry is set, if it currently does not exist in the config file, add it anywhere.

 

sudo: no tty present and no askpass program specified | sudo: no tty present and no askpass program specified

I was setting up automated logon with SSH, and wanted to have root access via sudo to perform certain tasks. Ended up getting these errors when I tried to run sudo commands over the ssh link.

The cause of this error is not having the correct setup on your /etc/sudoers file. Here is the fix.

Edit your sudoers file with

visudo

Ensure your usernames entry looks like this.

Ensure the NOPASSWD is present, that does the trick.

 

Syslog permissions blocking Splunk Access | syslog splunk permissions /var/log/messages

Had a problem splunk having access permissions to /var/log/messages, syslog would change the permissions to read only by root and no one else. The fix is in the syslog config file. See below.

Should have an entry like this 

Pay particular attentions to,

Then restart syslog