Tag Archives: centos

Central Rsyslog server with TLS encrytion. | rsyslog log central splunk

Certificate setup.

Server Certificate.

Create the following directory

Install the following package to enable encryption on rsyslog.

Execute the following command which create the certificates.

Client Certificate.

 

Copy the following three certificates to the client machine to the following location /etc/ssl/rsyslog/.

 

 

Server Setup.

Create the following configuration file.

Restart the server.

This will allow the changes to take effect.

Running netstat will show you that its listen on encrypted and un-encrypted ports for logging traffic.

Client Setup.

Replace the SERVER with the IP address of your rsyslog server.

Restart rsyslog on the client so that changes can take effect.

Now to test the logs are transmitted execute.

To verify that the logs are received on the encrypted port, connect to the server and run the following.

This will listen for traffic on the encrypted port. Successful results should look like this.

 

How to disable root access to RHEL Redhat systems. | disable root access linux

For security reasons, root access to Linux systems should be disabled as  standard theses days. Some distributions still allow it but other have blocked it by default. We should be taking advantage of sudo, which allows you to log in with your standard unprivileged account but execute root commands with the sudo app.

Here are some quick and easy steps to stop root access to your system and improve your security footprint.

This command will lock the root account

This will replace the hashed password with “!”, which is another way to stop logons

To add another level of security you should also disable root logons from the ssh server too. Here is how to do so,

Ensure the following entry is set, if it currently does not exist in the config file, add it anywhere.

 

Syslog permissions blocking Splunk Access | syslog splunk permissions /var/log/messages

Had a problem splunk having access permissions to /var/log/messages, syslog would change the permissions to read only by root and no one else. The fix is in the syslog config file. See below.

Should have an entry like this 

Pay particular attentions to,

Then restart syslog

 

Top 6 common uses for grep | top six uses for grep linux systems administration centos redhat

Grep is the number one tool used by linux systems administrators. I rely on this tool everyday, but its used in many different ways. I decided to list my top six uses.

 

Top use is grep with the recursive switch (grep -r). This is used for searching a particular filesystem path for a particular word. One common reason why I use this switch is when Im searching in a nagios configuration directory for mentions of a hostname. This allows me to find all the locations where a hostname has been mentioned and I can then alter it if needed.

 

This straightforward search allows you to look in a text file and find all the locations where the expression or search word can be found. The results will include the entire line where the expression has been matched.

 

The will do the opposite from he previous command, this will exclude all mentions of the search criteria. This will remove the entire line from the search results.

 

This will match the line but also include a certain number of subsequent lines, the number indicates how many lines after the match you would like included.

 

Again this the opposite of the previous command, this will include a certain number of lines before the match line.

 

This also proves to be very useful, this will remove case sensitivity from your search string.

 

IPTables blocking outbound port to specific host. | centos redhat linux iptables outbound port block drop dport ip

I needed to write a iptables rule to block outbound traffic to a specific host here.

Now I need to write a similar rule which will not block the entire host but just a single port to a host.

The rule is very simlar to the previously state but with the port flag, see below.

 

Moving files Older than 7 days. | linux centos moving old files 7 days find /var/log/source/ -mtime 7 -exec mv “{}” /tmp/destination \;

A incident came through to me this morning stating /var is getting full (95%).

I wanted a command which will quick go through the contents of the directory and move anything older than 7 days to /tmp.

Moving the files will get me out of trouble fast and allow me to compress the data in the temp location.

See command below.

 

Howto resize full disk partitions with LVM | lvm vgs pvs lvs redhat resize2fs centos filesystem

One of the most common tasks that I have been performing lately is disk resize, especially in environment which have not been planned well and taking the application into account.

This was the procedure I performed the other day when an incident was raised.

 

Find the problem.

 

Find out if LVM and the volume group has available space.

Confirm the logical volume name.

Issue the command to extend.

Issue the command to resize the file system.

Confirmation it has taken affect.

 

Adding Splunk to chkconfig for Centos and RHEL

Adding the splunk client service to chkconfig