2,187
edits
Difference between revisions of "Configuration (Ubuntu)"
Jump to navigation
Jump to search
→Setup (Post v12 Ubunutu): Updated restart command
m (→Firewall: Added NTP example) |
(→Setup (Post v12 Ubunutu): Updated restart command) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 34: | Line 34: | ||
= Firewall = | = Firewall = | ||
'''See also [[Troubleshooting_(Ubuntu)#Firewall|Troubleshooting > Firewall]]''' | |||
Ubuntu comes with UFW (Uncomplicated Firewall), which is a config tool used to modify the standard inbuilt Netfilter. If preferred, <code>iptables</code> can still be used, both <code>ufw</code> and <code>iptables</code> are essentially config tools for Netfilter. | Ubuntu comes with UFW (Uncomplicated Firewall), which is a config tool used to modify the standard inbuilt Netfilter. If preferred, <code>iptables</code> can still be used, both <code>ufw</code> and <code>iptables</code> are essentially config tools for Netfilter. | ||
| Line 69: | Line 71: | ||
=== Deny a Specific Host === | === Deny a Specific Host === | ||
If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed. Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic). | If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed. Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic). To do so you need to insert a deny rule at the top of your rule-set, | ||
To deny all traffic from 46.118.117.13... | To deny all traffic from 46.118.117.13... | ||
<pre> ufw insert 1 deny from 46.118.117.13 to any </pre> | |||
Alternatively you can edit the UFW config file direct, but the denied hosts will ''not'' appear when showing the firewall status, which will cause you problems later down the line... | |||
# Edit <code>/etc/ufw/before.rules</code> | # Edit <code>/etc/ufw/before.rules</code> | ||
# Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file) | # Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file) | ||
| Line 81: | Line 86: | ||
#* <code> ufw reload </code> | #* <code> ufw reload </code> | ||
Note that the | = SNMP = | ||
Note that the way in which the SNMP daemon/agent needs to be configured varies between OS version. | |||
== Setup (Pre v10 Ubuntu) == | == Setup (Pre v10 Ubuntu) == | ||
# Run the following command to update the package database | # Run the following command to update the package database | ||
| Line 105: | Line 110: | ||
syscontact info@sandfordit.com | syscontact info@sandfordit.com | ||
== Setup (v10 Ubuntu | == Setup (v10/v12 Ubuntu) == | ||
# Run the following command to update the package database | # Run the following command to update the package database | ||
#* <code> apt-get update </code> | #* <code> apt-get update </code> | ||
| Line 135: | Line 140: | ||
syslocation "CR DC" | syslocation "CR DC" | ||
syscontact info@sandfordit.com | syscontact info@sandfordit.com | ||
== Setup (Post v12 Ubunutu) == | |||
# Run the following command to update the package database | |||
#* <code> apt-get update </code> | |||
# Run the following command to install SNMP | |||
#* <code> apt-get install snmpd </code> | |||
# Replace existing config file with contents as shown below the procedure | |||
#* <code> vi /etc/snmp/snmpd.conf </code> | |||
# Throttle down logging verbosity (otherwise log is spammed with <code>Connection from UDP</code> messages | |||
#* <code> vi /etc/default/snmpd </code> | |||
#* Set the option <code>-LS0-5d</code> so the config line starts... | |||
#* <code>SNMPDOPTS='-LS0-5d -Lf /dev/null </code> | |||
# Restart SNMP | |||
#* <code> systemctl restart snmpd </code> | |||
# Test with the following, replacing <hostname> with server's hostname (must be run from a machine with snmp installed, not just snmpd) | |||
#* <code> snmpwalk -v 1 -c public <hostname> system <hostname> </code> | |||
# Allows SNMP Get's from IP | |||
rocommunity dont-leave-as-public 192.168.123.10 | |||
sysLocation CR DC | |||
sysContact info@sandfordit.com | |||
= Hostname Change = | = Hostname Change = | ||
| Line 193: | Line 219: | ||
</source> | </source> | ||
= Syslog to MySQL Database = | = Syslog = | ||
== Server == | |||
To setup your server as a central syslog receiver, edit the <code>/etc/resyslog.conf</code>, and deleted the comment outs for the following | |||
<pre># Provides UDP syslog reception | |||
$ModLoad imudp | |||
$UDPServerRun 514 | |||
# Provides TCP syslog reception | |||
$ModLoad imtcp | |||
$InputTCPServerRun 514</pre> | |||
Add the following section so that received syslog messages get put into a folder for each host its received from... | |||
$template PerHostLog,"/var/log/%HOSTNAME%/messages" | |||
*.* -?PerHostLog | |||
Then restart the syslog service to apply... | |||
service rsyslog restart | |||
== To MySQL Database == | |||
This procedure achieves three things... | This procedure achieves three things... | ||
# Allows remote hosts to use the local server as a syslog destination | # Allows remote hosts to use the local server as a syslog destination | ||