Category Archives: Linux Administration

Central Rsyslog server with TLS encrytion. | rsyslog log central splunk

Certificate setup.

Server Certificate.

Create the following directory

Install the following package to enable encryption on rsyslog.

Execute the following command which create the certificates.

Client Certificate.

 

Copy the following three certificates to the client machine to the following location /etc/ssl/rsyslog/.

 

 

Server Setup.

Create the following configuration file.

Restart the server.

This will allow the changes to take effect.

Running netstat will show you that its listen on encrypted and un-encrypted ports for logging traffic.

Client Setup.

Replace the SERVER with the IP address of your rsyslog server.

Restart rsyslog on the client so that changes can take effect.

Now to test the logs are transmitted execute.

To verify that the logs are received on the encrypted port, connect to the server and run the following.

This will listen for traffic on the encrypted port. Successful results should look like this.

 

Converting a text file from uppercase to lowercase. | converting text files from uppercase to lowercase

I had a bunch of hostnames in a text file, but some were uppercase and some lowercase. This presents problems when searching and automating tasks, so  I wanted a way to convert them all into lowercase as all text should be in Linux.

Here we are using “tr” to completed this task.

 

How to disable root access to RHEL Redhat systems. | disable root access linux

For security reasons, root access to Linux systems should be disabled as  standard theses days. Some distributions still allow it but other have blocked it by default. We should be taking advantage of sudo, which allows you to log in with your standard unprivileged account but execute root commands with the sudo app.

Here are some quick and easy steps to stop root access to your system and improve your security footprint.

This command will lock the root account

This will replace the hashed password with “!”, which is another way to stop logons

To add another level of security you should also disable root logons from the ssh server too. Here is how to do so,

Ensure the following entry is set, if it currently does not exist in the config file, add it anywhere.

 

sudo: no tty present and no askpass program specified | sudo: no tty present and no askpass program specified

I was setting up automated logon with SSH, and wanted to have root access via sudo to perform certain tasks. Ended up getting these errors when I tried to run sudo commands over the ssh link.

The cause of this error is not having the correct setup on your /etc/sudoers file. Here is the fix.

Edit your sudoers file with

visudo

Ensure your usernames entry looks like this.

Ensure the NOPASSWD is present, that does the trick.

 

Syslog permissions blocking Splunk Access | syslog splunk permissions /var/log/messages

Had a problem splunk having access permissions to /var/log/messages, syslog would change the permissions to read only by root and no one else. The fix is in the syslog config file. See below.

Should have an entry like this 

Pay particular attentions to,

Then restart syslog

 

RHEL and Fedora setting password expiry | bash linux password expire chage

A very common Linux administration task is to set user account to expire their password and request a new account password from the user.

To see what the current policy is set to, execute the following.

You should see output like.

You can change the password expiry with the following command

 

Howto setup Rasbian Buster with BATMAN Mesh networking | raspberry pi 3 rasbian mesh batman network

I wrote this article a while ago about setting up BATMAN mesh networking with Rasbian Jesse on a Raspberry Pi 3.

This worked well, but stopped working with the newer versions of Rasbian, since there have been changes to the operating system.

After testing for several days, I found adding one command into the original script gets it to work just fine.

How to below.

After a fresh install of Rasbian Buster, connect to the system via ssh and run the following command to install BATMAN.

Lets create the mesh startup script.

The script will contain the instructions for bring up the interfaces and get  mesh, just change the IP address at the bottom on the next hosts, increment by one. Copy and past the following into the mesh.sh file.

Now let make the script executable.

And add to crontab so that its executed at every reboot

Add the following

Reboot and mesh should be up and running.

Test by executing the following command.

Should see something like this.

 

Raspberry Pi 3 error IPTables | Raspberry pi error – iptables v1.4.21: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)

Was building a RPi3 machine and got the following error after an update.

Turns out nothing to worry about, just reboot the Pi.

Nextcloud 13 – 14 Error, Missing Appstore | nextcloud missing availible applications

I encountered an error yesterday which stopped the availible application being displayed on both my Nextcloud 13 and 14 installations.

It turns out to be a bug which can be fixed by inserting the following line into the installdir/config/config.php file.

The entire file should look something like this.

 

Setup a central rsyslog server Howto | Setup a central log server

This document has the instructions required to setup a centralized log server. This should be a minimum requirement for all organizations. A must have tool for intrusion prevention and detection.

Server Setup

Install rsyslog and vim text editor.

Edit the configuration file.

Ensure the configuration file has the following enabled.

Restart the service to allow the change of configuration to take effect.

The following command “netstat” will check to see which ports are open on the system and listening. Port 514 should be open and listening, waiting for logs to be shipped from the client.

If the above ports appear open, then the server configuration is operating correctly.

 

Client Setup

Let install rsyslog and vim text editor

Edit config file.

Appending the following line to the end of the configuration file. Ensure you change the IP address of the forward to the IP address of the rsyslog server configured earlier.

Restart rsyslog to allow the changes to take effect.

To test, issue the following command and tail the logs of the rsyslog server.

You should see the above quoted line appear on the servers logs.