Difference between revisions of "Configuration (Ubuntu)"

Jump to navigation Jump to search
1,251 bytes added ,  19:30, 26 July 2020
→‎Setup (Post v12 Ubunutu): Updated restart command
(→‎Syslog to MySQL Database: Added Syslog server setup)
(→‎Setup (Post v12 Ubunutu): Updated restart command)
 
(5 intermediate revisions by the same user not shown)
Line 71: Line 71:


=== Deny a Specific Host ===
=== Deny a Specific Host ===
If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed.  Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic).  It's easiest to edit the config files directly.
If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed.  Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic).  To do so you need to insert a deny rule at the top of your rule-set,


To deny all traffic from 46.118.117.13...
To deny all traffic from 46.118.117.13...
<pre> ufw insert 1 deny from 46.118.117.13 to any </pre>
Alternatively you can edit the UFW config file direct, but the denied hosts will ''not'' appear when showing the firewall status, which will cause you problems later down the line...
# Edit <code>/etc/ufw/before.rules</code>
# Edit <code>/etc/ufw/before.rules</code>
# Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file)
# Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file)
Line 83: Line 86:
#* <code> ufw reload </code>
#* <code> ufw reload </code>


Note that the denied hosts will ''not'' appear when showing the firewall status, which is an irritation.
= SNMP =
Note that the way in which the SNMP daemon/agent needs to be configured varies between OS version.


= SNMP =
== Setup (Pre v10 Ubuntu) ==
== Setup (Pre v10 Ubuntu) ==
# Run the following command to update the package database
# Run the following command to update the package database
Line 107: Line 110:
  syscontact info@sandfordit.com
  syscontact info@sandfordit.com


== Setup (v10 Ubuntu onwards) ==
== Setup (v10/v12 Ubuntu) ==
# Run the following command to update the package database
# Run the following command to update the package database
#* <code> apt-get update </code>
#* <code> apt-get update </code>
Line 137: Line 140:
  syslocation "CR DC"
  syslocation "CR DC"
  syscontact info@sandfordit.com
  syscontact info@sandfordit.com
== Setup (Post v12 Ubunutu) ==
# Run the following command to update the package database
#* <code> apt-get update </code>
# Run the following command to install SNMP
#* <code> apt-get install snmpd </code>
# Replace existing config file with contents as shown below the procedure
#* <code> vi /etc/snmp/snmpd.conf </code>
# Throttle down logging verbosity (otherwise log is spammed with <code>Connection from UDP</code> messages
#* <code> vi /etc/default/snmpd </code>
#* Set the option <code>-LS0-5d</code> so the config line starts...
#* <code>SNMPDOPTS='-LS0-5d -Lf /dev/null </code>
# Restart SNMP
#* <code> systemctl restart snmpd </code>
# Test with the following, replacing <hostname> with server's hostname (must be run from a machine with snmp installed, not just snmpd)
#* <code> snmpwalk -v 1 -c public <hostname> system <hostname> </code>
#  Allows SNMP Get's from IP
rocommunity    dont-leave-as-public    192.168.123.10
sysLocation    CR DC
sysContact    info@sandfordit.com


= Hostname Change =
= Hostname Change =
Line 207: Line 231:


Add the following section so that received syslog messages get put into a folder for each host its received from...
Add the following section so that received syslog messages get put into a folder for each host its received from...
  $template PerHostLog,"/var/log/system-%HOSTNAME%.log"
  $template PerHostLog,"/var/log/%HOSTNAME%/messages"
  *.* -?PerHostLog
  *.* -?PerHostLog


Line 213: Line 237:
  service rsyslog restart
  service rsyslog restart


== To MySQL Database =
== To MySQL Database ==
This procedure achieves three things...
This procedure achieves three things...
# Allows remote hosts to use the local server as a syslog destination
# Allows remote hosts to use the local server as a syslog destination

Navigation menu