General :: Install Logwatch As A Security Precaution?

Sep 11, 2010

I was advised by a fellow forum owner to install logwatch as a security precaution. Our forum runs on a dedicated server. CentOS 5.5. I ran "yum install logwatch" and got the following:

Code:
Examining logwatch-7.3.6-1.noarch.rpm: logwatch-7.3.6-1.noarch
Marking logwatch-7.3.6-1.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-1 set to be updated
--> Finished Dependency Resolution

[Code]...

View 15 Replies


ADVERTISEMENT

Security :: Some Precaution Should Take To Protect Notebook From Intruders?

Jun 3, 2010

I am planning a trip for a few days and I will be staying at an inn with Wifi access. All the guests are allowed to use it. A friend of mine has been there, he told me there are several other private spots around the house, i.e. lots of other people using Wifi. My friend told me the inn uses WEP, so who knows how many times their access point has been hacked and accessed without permission...

My concern is that I will be there for a few days with my notebook, I will have to work once in a while, connected to the Internet. Is there some precaution I should take to protect my notebook from intruders? Is it advisable to install a firewall in my notebook (iptables?) or am I just overreacting? Is it possible for one of the guests or neighbors to break into my notebook?

View 8 Replies View Related

Security :: How To Configure Logwatch

Mar 4, 2010

how to configure Logwatch? where can I find its config file? I never configure it but I received email everyday from Logwatch@mydomain.com..

View 1 Replies View Related

Security :: Centos 5.5 / Rkhunter Result In Logwatch Mail

Apr 20, 2011

I have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.

I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.

On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.

How can I get the rkhunter results in the logwatch mail on my Centos server?

View 2 Replies View Related

Security :: Logwatch Reported Possible Exploits On Gateway Machine?

Mar 15, 2011

I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):

/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?

[code]...

View 7 Replies View Related

Security :: Attack Warning In Logwatch Message: Loopback Relay

Dec 14, 2010

I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.

[code]...

View 1 Replies View Related

General :: E-mail Only Received From Logwatch

Aug 11, 2009

I am receving emails from logwatch but when I setup my own mail script using mutt, the script succeeds but no email is received.Any ideas what the difference is between the two mail methods?

View 14 Replies View Related

General :: What Is (1xx 0, 2xx 8, 3xx 0, 4xx 3, 5xx 0) In Logwatch Httpd Section

Nov 27, 2010

In this part of logwatch:

Code:
--------------------- httpd Begin ------------------------
0.12 MB transferred in 11 responses (1xx 0, 2xx 8, 3xx 0, 4xx 3, 5xx 0)

[code]....

View 2 Replies View Related

General :: Logwatch Warning: Kernel Errors

Oct 22, 2010

I'm having some issues on a server running redhat for specific application and lately it has been for some reason kicking out some services. I just checked the Logwatch mail on the root user and here is one of the main error:

[code]...

View 2 Replies View Related

General :: IP Tables Logwatch - Ports 28960 And 28964?

Nov 27, 2010

Everyday logwatch sends me the following information from IPTables and it seems odd, can anyone tell me are these entries odd, they all seem to be to two ports 28960 and 28964

[Code]....

View 5 Replies View Related

General :: Logwatch Configure To Use SSH Tunnel Into Mail Server To Send Log Reports

Feb 28, 2011

We have following setup,

1. Webserver (Centos 5.5)
2. Mail server (Centos 5.5)

We have configured autossh successfully to create/manage the ssh tunnel into mail server in order to dump all emails to localhost port.

To auto start autossh in boot time we have included following into /etc/rc.d/rc.local,

Quote:

So whenever our web application wants to send out emails it dump all emails to localhost:33465 port, easy piecy, all are working great

Now we have a requirement that logwatch reports should get delivered via the same ssh tunnel rather than installing postfix and configuring as a relay.

In logwatch is there a way to achieve that?

View 4 Replies View Related

Software :: Does Logwatch Run Automatically?

Jun 16, 2009

Does logwatch run automatically, or do I need to make a cron entry for it? How can I reset logwatch? When I run logwatch from the command line twice, it sends the same email twice.

View 4 Replies View Related

Ubuntu Servers :: Logwatch On 10.04 Dhcp?

Jun 16, 2010

i was wondering if there is anybody out there who has logwatch running and configured to just grab dhcp leases only

View 3 Replies View Related

Red Hat / Fedora :: Logwatch Reports Are Nearly Empty

Apr 10, 2010

I've installed Logwatch 7.3.6 via the rpm on my CentOS 5.4 server. The issue is I'm getting basically empty reports from logwatch. The only two sections which have any information are samba and diskspace.

The only default options in the config file I've modified are: Code: print = No output = html I'm suspecting the issue has to do with the fact that the as-logged host name doesn't match my current host name. However, I've tried manually changing this on a few entries so they match but they didn't show up in the report. According to the config file, the default for option HostLimit is "No" -- so Logwatch should not care what hostname it sees in a log file, right?

View 1 Replies View Related

Server :: Can't Understand Logwatch Error

May 23, 2011

This problem is occurring on Red Hat EL 5 WS. However, I have two CentOS 5 systems, with similar configuration to RH EL 5, where this problem does not occur.

I am getting this error:

Can't exec "sendmail": No such file or directory at ./0logwatch line 1018, <TESTFILE> line 1.
Can't execute sendmail -t: No such file or directory

View 3 Replies View Related

CentOS 5 :: Logwatch Not Sending Reports?

Aug 31, 2010

When I installed Cent before I got my logwatch messages sent to me. for somreason this new server I built I am not getting them. can mail off the server and there is no mail in the Q or in root. I also put in a .forward file in my root to mail to my external account and it works fine. I get mail from fail2ban and denyhosts but not the logwatch.Thoughts on what I could be missing? I check the link and the files are all there. I changed the config file to give me a High level of detail. Thats about it. If I use the command line for logwatch it sends mail fine. logwatch --detail high --logfile messages --mailto yourname@domain.com

View 6 Replies View Related

Server :: Can't Get Logwatch To Email A Daily Summary?

Oct 12, 2010

I have a squid proxy server (which I am very new too) which all traffic from my office goes through. The proxy itself is working fine, but I can not get logwatch to email me a daily summary. logrotate seems to be throwing an error:

# logrotate /etc/logrotate.conf
error: squid:1 duplicate log entry for /var/log/squid/access.log

My /etc/logrotate.d/squid file is below... My access logs are in /logs/squid not in /var/log/squid.

[Code]...

View 1 Replies View Related

Server :: Getting Logwatch Working With Shorewall Logs?

Sep 9, 2010

How to get logwatch working with shorewall logs. I tried fwlogwatch but could not get that working.

View 1 Replies View Related

Software :: Logwatch Not Sending Emails - No Mail

Jun 8, 2010

I'm trying to get logwatch to email me. I think my logwatch.conf file is okay. I have postfix installed. The mailer as far as I can tell is set correctly ("usr/bin/mail"). When I run logwatch - I get "no mail for aubrey"

Heres my logwatch.conf file:
Code:
linux-qwkb:/home/aubrey # edit /usr/share/logwatch/default.conf/logwatch.conf
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
######################################################## .....

View 13 Replies View Related

Red Hat :: Servers Don't Send Out A Daily Logwatch Email?

May 9, 2010

Gidday, for some reason some of my RHEL servers don't send out a daily logwatch email (most do, but two don't) - and sadly I have no idea how to troubleshoot this.

Can anybody give some help/hints as to where/how I may troubleshoot this. I should add that these servers can/do send emails (I have some cronjobs that fire off emails upon completion of their jobs, so I know its not a sendmail config issue).

View 8 Replies View Related

Red Hat :: Logwatch Kernal Error Report RHEL 6

May 19, 2011

Logwatch has been showing me there is kernal errors present on my server.Below is the full report from logwatch, please let me know if there is anything I should be aware of and fix.

View 1 Replies View Related

Ubuntu Servers :: Make Logwatch (Postfix) Less Chatty?

Mar 12, 2010

Does anyone know the trick to getting Logwatch to make its entries a little less chatty and leave out the "Detailed" section of the Postfix report? I can't seem to tone it down and the daily reports I get include every recipient, host, etc., which is too much info to make a summary report useful.The first portion I get looks like this:

****** Summary *************************************************

9 *Warning: Pre-queue content-filter connection overload
2 SASL authentication failed
432 Miscellaneous warnings[code]....

This would be fine for a quick review that I do first thing. However,the "Detailed" portion that follows is over 2,800 lines long!

View 2 Replies View Related

Software :: Secure Way To Handle Logwatch Reports / Rather Than Using Email?

Oct 13, 2009

Is their a more secure way to handle logwatch reports, rather than using email?

View 5 Replies View Related

Software :: Logwatch Has Identical Entries For Disk Space?

Apr 14, 2010

I have logwatch 5.2.2 setup for 51 RHEL servers (mostly RHEL 4.8) and they all forward to a central server for a single email to be sent each day. This part works great. However, the "Disk Space" section is identical for every one of the entries. Obviously, this cannot be true for every server. What do I need to adjust such that real disk space data is being reported (or at least reported for the servers that are running low)?

The other entries like sendmail, pam_unix, and sshd data are working great and unique for each server.

View 3 Replies View Related

CentOS 5 :: Would Like A Proftpd Log To Trigger Logwatch To Send Email?

May 8, 2010

I have CentOS 5.4 running my file server. I finally got proftpd to work. I configured logwatch to send me email on a daily basis however I would like to be sent an email immediately when the proftpd log file changes. Is this possible?

View 5 Replies View Related

Ubuntu Servers :: Logwatch Emails Not Sent If Named Logs Are Included?

Jun 15, 2011

I've suddenly stopped getting emails from logwatch which runs on an Ubuntu server daily using cron.After a good day or so of troubleshooting, I was able to establish that it was the 'Service = named' line in my logwatch.conf file, which was stopping the emails from coming through. If I commented out this line, the logwatch emails come through with no issues, uncomment, and I don't get an email. I don't get any error from logwatch itself when I run it, even with '--debug high', leading me to think that my email configuration is setup ok, at least. Furthermore, I tried running logwatch with '--output file --format html' and logwatch produces a valid html file.

I then thought: "Could I have a entry in my Bind/named log files which could be rejected by my ISP's smtp server?". So, (to the best of my knowledge) I cleared out the log files in /var/log that contained messages from named. I then ran logwatch (including the named service in my logwatch.conf file) and I got an email through, with a pretty much empty named section, which is exactly what I anticipated. Great! - it's fixed.

So, the cron.daily ran early this morning, but still no email in my inbox when I got up. I then tried to run 'logwatch --Range today' and lo and behold, I got a logwatch report email, which included a named section, with log entries in there. So it seems that something that's been logged by named overnight to my logfiles (i.e. '--Range yesterday') has caused issues again with logwatch's ability to send reports through my ISP's smtp servers.

View 1 Replies View Related

Server :: Deferrals Appearing Frequently In Nightly Logwatch Report

Apr 14, 2010

i want to make sure my mail server is behaving as expected. the past two nights, i've received logwatch notices below. the section in question is the 20 or so deferrals from some .ru e-mail address. i've since removed the user that registered on my wordpress blog (wlvp@yandex.ru) and added the three IP address to iptables DROP, but these "e-mails" still look like they're in some queue unless i'm reading wrong. i've removed known usernames in case you find the numbers useful. why are all these deferred messages here? if they're stuck in a queue, can i remove them?

View 2 Replies View Related

Server :: Logwatch On Multiple Servers, Need Only Short/critical Output?

Apr 27, 2010

I have currently 7 servers that report logwatch every day.Fact is that it's lot of information to process every day, I would like to have as short as possible overview of events happened in last 24h is only critical/warning information . It would be + if all servers output could be gathered in 1 email

View 2 Replies View Related

CentOS 5 Server :: Read Sendmail Log In Logwatch (what Is Arg1 And Arg2)?

Jun 6, 2009

how do I decipher the following entries from sendmail log:ruleset=check_relay, arg1=[120.2.197.187], arg2=127.0.0.11, relay=[120.2.197.187], reject=553 5.3.0 Rejected - your IP is blacklisted by http://www.spamhaus.org: 1 Time(s)

View 3 Replies View Related

CentOS 5 Server :: Sending Logwatch To External Mail Address?

Nov 4, 2009

My ISP blocks outgoing email if it does not login properly with a valid account. I successfully configured sendmail to use SMART_HOST and confAUTH_OPTIONS with confAUTH_MECHANISM set to LOGIN PLAIN.

It successfully sends email because I tested it with evolution sending through 127.0.0.1, but I need to specify myacount@mydomain.com as the email address for root.

But it doesn't work for logwatch because it sends as from root@localhost.localdomain, and my ISP's smtp server rejects it. The message I get back in root@localhost account is the following:

----- Transcript of session follows -----
... while talking to smtp.mydomain.com.:
>>> MAIL From:<root@localhost.localdomain> SIZE=581 AUTH=<>
<<< 550 5.7.1 Client does not have permissions to send as this sender
554 5.0.0 Service unavailable

I thought that I should masquerade all emails from this domain, so I configured sendmail as specified in [1] section "24.3.1.4. Masquerading", but it doesn't work. It seems that masquerading in sendmail is broken or something is wrong in the documentation.

[1] [URL]

I have sendmail 8.13.8-2 and centos-release-5-4.el5.centos.1.

Is there a way to specify the "From:myacount@mydomain.com" in logwatch ? or Is there a way to make it work the masquerading in sendmail so I can masquerade everything as coming from a specific account?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved