2,187
edits
(→Syslog to MySQL Database: Added Syslog server setup) |
(→Setup (Post v12 Ubunutu): Updated restart command) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 71: | Line 71: | ||
=== Deny a Specific Host === | === Deny a Specific Host === | ||
If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed. Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic). | If you want to deny a specific host (because its spamming or hacking you for example) you need to ensure that the deny rule is one of the first processed. Otherwise the host might still be able to access on port 80 (if you're running a web server and have a general allow rule for http traffic). To do so you need to insert a deny rule at the top of your rule-set, | ||
To deny all traffic from 46.118.117.13... | To deny all traffic from 46.118.117.13... | ||
<pre> ufw insert 1 deny from 46.118.117.13 to any </pre> | |||
Alternatively you can edit the UFW config file direct, but the denied hosts will ''not'' appear when showing the firewall status, which will cause you problems later down the line... | |||
# Edit <code>/etc/ufw/before.rules</code> | # Edit <code>/etc/ufw/before.rules</code> | ||
# Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file) | # Create a new section under the <code> # drop INVALID packets </code> section (near the top of the file) | ||
Line 83: | Line 86: | ||
#* <code> ufw reload </code> | #* <code> ufw reload </code> | ||
Note that the | = SNMP = | ||
Note that the way in which the SNMP daemon/agent needs to be configured varies between OS version. | |||
== Setup (Pre v10 Ubuntu) == | == Setup (Pre v10 Ubuntu) == | ||
# Run the following command to update the package database | # Run the following command to update the package database | ||
Line 107: | Line 110: | ||
syscontact info@sandfordit.com | syscontact info@sandfordit.com | ||
== Setup (v10 Ubuntu | == Setup (v10/v12 Ubuntu) == | ||
# Run the following command to update the package database | # Run the following command to update the package database | ||
#* <code> apt-get update </code> | #* <code> apt-get update </code> | ||
Line 137: | Line 140: | ||
syslocation "CR DC" | syslocation "CR DC" | ||
syscontact info@sandfordit.com | syscontact info@sandfordit.com | ||
== Setup (Post v12 Ubunutu) == | |||
# Run the following command to update the package database | |||
#* <code> apt-get update </code> | |||
# Run the following command to install SNMP | |||
#* <code> apt-get install snmpd </code> | |||
# Replace existing config file with contents as shown below the procedure | |||
#* <code> vi /etc/snmp/snmpd.conf </code> | |||
# Throttle down logging verbosity (otherwise log is spammed with <code>Connection from UDP</code> messages | |||
#* <code> vi /etc/default/snmpd </code> | |||
#* Set the option <code>-LS0-5d</code> so the config line starts... | |||
#* <code>SNMPDOPTS='-LS0-5d -Lf /dev/null </code> | |||
# Restart SNMP | |||
#* <code> systemctl restart snmpd </code> | |||
# Test with the following, replacing <hostname> with server's hostname (must be run from a machine with snmp installed, not just snmpd) | |||
#* <code> snmpwalk -v 1 -c public <hostname> system <hostname> </code> | |||
# Allows SNMP Get's from IP | |||
rocommunity dont-leave-as-public 192.168.123.10 | |||
sysLocation CR DC | |||
sysContact info@sandfordit.com | |||
= Hostname Change = | = Hostname Change = | ||
Line 207: | Line 231: | ||
Add the following section so that received syslog messages get put into a folder for each host its received from... | Add the following section so that received syslog messages get put into a folder for each host its received from... | ||
$template PerHostLog,"/var/log/ | $template PerHostLog,"/var/log/%HOSTNAME%/messages" | ||
*.* -?PerHostLog | *.* -?PerHostLog | ||
Line 213: | Line 237: | ||
service rsyslog restart | service rsyslog restart | ||
== To MySQL Database = | == To MySQL Database == | ||
This procedure achieves three things... | This procedure achieves three things... | ||
# Allows remote hosts to use the local server as a syslog destination | # Allows remote hosts to use the local server as a syslog destination |