Securing and Optimizing Linux:RedHat Edition | All about OS

Disable the Control-Alt-Delete keyboard shutdown command

Категория: Securing and Optimizing

Edit the syslog.conf file (vi /etc/syslog.conf) on the remote server (for example: mail.openna.com) and add at the end of this file the following line: authpriv.*;mail.*;local7.*;auth.*;daemon.info/dev/lpO
Since the default configuration of the syslog daemon is to not receive any messages from the network, we must enable on the remote server the facility to receive messages from the network. To enable the facility to receive messages from the network on the remote server, add the following option “-r” to your syslog daemon script file (only on the remote host):
• Edit the syslog daemon (vi +24 /etc/rc.d/init.d/syslog) and change:
daemon syslogd -m 0
To read:
daemon syslogd -r -m 0
• Now restart your syslog daemon on the remote host for the change to take effect:
[root@mail /]# /etc/rc.d/init.d/syslog restart
Now, if we have a firewall on the remote server (you are supposed to have one), we must add or verify the existence of the following lines:
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \ -s $SYSLOG_CLIENT \ -d $IPADDR 514 -j ACCEPT
Where EXTERNAL_INTERFACE=”ethO” in the firewall file.
Where IPADDR=”208.164.186.2″ in the firewall file.
Where SYSLOG_CLIENT=”208.164.168.0/24″ in the firewall file.
• Now restart your firewall on the remote host for the change to take effect:
[root@mail /]# /etc/rc.d/init.d/firewall restart
This firewall rule will allow incoming UDP packet on port 514 (syslog port) on the remote server that come from our internal client to be accepted. For more information on Firewall see Chapter 7 “Networking firewall”.
Finally, edit the syslog.conf file (vi /etc/syslog.conf) on the local server, and add at the end of this file the following line: authpriv.*;mail.*;local7.*;auth.*;daemon.info @mail
Where “mail” is the hostname of the remote server. Now if anyone ever hacks your box and menaces to erase vital system logs, you still have a hard copy of everything. It should then be fairly simple to trace where they came from and deal with it accordingly.
• Now restart your syslog daemon for the change to take effect:
[root@deep /]# /etc/rc.d/init.d/syslog restart
Same as on the remote host, we must add or verify the existence of the following lines in our firewall script file on the local host:
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \ -s$IPADDR514\ -d $SYSLOG_SERVER 514 -j ACCEPT
Where EXTERNAL_INTERFACE=”ethO” in the firewall file.
Where IPADDR=”208.164.186.1″ in the firewall file.
Where SYSLOG_SERVER=”mail.openna.com” in the firewall file.
• Now restart your firewall for the change to take effect:
[root@deep /]# /etc/rc.d/init.d/firewall restart
This firewall rule will allow outgoing UDP packet on port 514 (syslog port) on the local server destined to the remote syslog server to be accepted. For more information on Firewall see chapter 7 “Networking firewall”.
NOTE: Never use your Gateway Server as a host to control all syslog messages; this is a very bad idea. More options and strategies exist with the sysklogd program, see the man pages about sysklogd (8), syslog(2), and syslog.conf(5) for more information.

Страниц: 1 2

« Shell logging
Fix the permissions under “/etc/rc.d/init.d” directory for script files »