Security :: How To Configure Logwatch
Mar 4, 2010how to configure Logwatch? where can I find its config file? I never configure it but I received email everyday from Logwatch@mydomain.com..
View 1 Replies
ADVERTISEMENT
General :: Logwatch Configure To Use SSH Tunnel Into Mail Server To Send Log Reports
Feb 28, 2011We have following setup,
1. Webserver (Centos 5.5)
2. Mail server (Centos 5.5)
We have configured autossh successfully to create/manage the ssh tunnel into mail server in order to dump all emails to localhost port.
To auto start autossh in boot time we have included following into /etc/rc.d/rc.local,
Quote:
So whenever our web application wants to send out emails it dump all emails to localhost:33465 port, easy piecy, all are working great
Now we have a requirement that logwatch reports should get delivered via the same ssh tunnel rather than installing postfix and configuring as a relay.
In logwatch is there a way to achieve that?
General :: Install Logwatch As A Security Precaution?
Sep 11, 2010I was advised by a fellow forum owner to install logwatch as a security precaution. Our forum runs on a dedicated server. CentOS 5.5. I ran "yum install logwatch" and got the following:
Code:
Examining logwatch-7.3.6-1.noarch.rpm: logwatch-7.3.6-1.noarch
Marking logwatch-7.3.6-1.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-1 set to be updated
--> Finished Dependency Resolution
[Code]...
Security :: Centos 5.5 / Rkhunter Result In Logwatch Mail
Apr 20, 2011I have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.
I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.
On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.
How can I get the rkhunter results in the logwatch mail on my Centos server?
Security :: Logwatch Reported Possible Exploits On Gateway Machine?
Mar 15, 2011I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
Security :: Attack Warning In Logwatch Message: Loopback Relay
Dec 14, 2010I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.
[code]...
Security :: Configure IPtables To Only Allow VNC Over SSH
Apr 4, 2010I am trying to figure out how I can configure IPtables to only allow VNC traffic to an internal server over SSH.
My configuration is WAN < --- > Gateway (Ubuntu 9.10 Server) < --- > Internal Server (that I want to control with VNC over SSH)
Security :: How To Configure Rsh Server
Apr 15, 2011How to Configure rsh Server and where to restrict instances?
View 3 Replies View RelatedSecurity :: Configure IMSpector On My Cent OS Box ?
Apr 29, 2011I want configure IMSpector on my Cent OS box.
View 4 Replies View RelatedSecurity :: Configure A Spare Pc As A Firewall?
Jul 16, 2010How do I configure a spare pc as a firewall for my home and what distro would I use?
View 1 Replies View RelatedSecurity :: Configure Syslogd To Email Reports?
Mar 13, 2011I'm going through the linux hardening checklist, and the only bit I'm having trouble with is how to configure syslogd to email daily reports to my email. my mta is postfix
How do I do this? Or should I ask... where is the HOWTO?
Security :: Configure PAM To Use The Remember Option For The Password?
Jan 7, 2010How do I configure PAM to use the remember option for the passwd. It should remember the last 10 passwords and shouldnt allow the user to use the same old passwords. Here is what I have configured but doesnt work
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required /lib64/security/pam_tally.so deny=2 onerr=fail even_deny_root_account unlock_time=5
auth sufficient pam_unix.so likeauth nullok
[Code]...
Security :: Configure Deny.hosts For Opensuse 11.1?
Sep 7, 2010I just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?
View 1 Replies View RelatedSoftware :: Does Logwatch Run Automatically?
Jun 16, 2009Does logwatch run automatically, or do I need to make a cron entry for it? How can I reset logwatch? When I run logwatch from the command line twice, it sends the same email twice.
View 4 Replies View RelatedFedora Security :: Configure See To Protect The Contents Of A Folder?
Jul 28, 2011im currently trying to configure SE Linux policy for a folder so that only my user with root privileges can access it and not just root but i don't know the commend to run on the folder to change its permissions
View 4 Replies View RelatedUbuntu Security :: Setup And Configure Snort 2.8.5.2 On A 10.10 System?
Dec 11, 2010does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
View 9 Replies View RelatedUbuntu Security :: Configure To Log In With A Password Fingerprint And Usb Token?
Mar 24, 2011First off is there any way to configure ubuntu to log in with a password, fingerprint and usb token? Secondly what is the difference between the standard home folder encryption and the alternate install encryption?
Thirdly is it possible on new external hard drives that incorporate thumb scanners to install truecrypt on these? Fourthly does anyone here on ubuntu forums use lastpass with the 'yubikey' device-does it work well on ubuntu? And fifthly are ironkey usb keys worth the money or are they a scam?
Ubuntu Security :: Configure Firewall And User Rights?
Apr 27, 2011I am novice user of linux. I need to know how to configure firewall so my system cant be compromised...In windows my system was greatly compromised. keyloggers were installed without my approval and my desktop was taken on remote. What should I do so without my knowledge no software can be installed and i can close all ports and only open which ever port is required to open. What should i do so my desktop cant be taken on remote?How do I configure user rights ? So except me no one can install any software. I will have another general user id for internet surfing
View 3 Replies View RelatedSecurity :: Configure Server To Block Unsecured VNC Connection?
Jun 23, 2009securing VNC connections by tunneling the connection over SSH. However, from the server perspective it will still allow an unsecured connections and you're relying on the client to setup up the SSH tunneling. Is there a way to configure the Linux server to now allow connection over an unsecured channel?
View 4 Replies View RelatedSecurity :: Configure Shorewall To Allow Syslog Messages From Router?
Jan 29, 2011I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
View 1 Replies View RelatedSecurity :: How To Configure Guest Account (for Computer Repair)
Jan 26, 2011I spill my soda on my keyboard and ended up in a 4 day war with my pc.Now my tab, capslock, left shift, and down vol no longer works. I'm going to take it into the shop in the next couple of days to probably replace the keyboard. (If only lenovo kept the easy access keyboards like ibm had on the thinkpads). Something tells me that they will want to log in and test out the keyboard. So I created a guest account with a simple password. I changed my normal user home dir to 770 permissions and changed guest's shell to /bin/rbash. (both found in other posts.) Is there anything else I should do to secure the computer while it is in the shop?[I use su, sudo isn't configured to work (its a dependency so I can't uninstall)]. I have a pretty decent root password.
View 10 Replies View RelatedSecurity :: Configure Squid Active Directory And Dansguardian?
Jul 19, 2009I have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
View 1 Replies View RelatedUbuntu Servers :: Logwatch On 10.04 Dhcp?
Jun 16, 2010i was wondering if there is anybody out there who has logwatch running and configured to just grab dhcp leases only
View 3 Replies View RelatedRed Hat / Fedora :: Logwatch Reports Are Nearly Empty
Apr 10, 2010I've installed Logwatch 7.3.6 via the rpm on my CentOS 5.4 server. The issue is I'm getting basically empty reports from logwatch. The only two sections which have any information are samba and diskspace.
The only default options in the config file I've modified are: Code: print = No output = html I'm suspecting the issue has to do with the fact that the as-logged host name doesn't match my current host name. However, I've tried manually changing this on a few entries so they match but they didn't show up in the report. According to the config file, the default for option HostLimit is "No" -- so Logwatch should not care what hostname it sees in a log file, right?
General :: E-mail Only Received From Logwatch
Aug 11, 2009I am receving emails from logwatch but when I setup my own mail script using mutt, the script succeeds but no email is received.Any ideas what the difference is between the two mail methods?
View 14 Replies View RelatedGeneral :: What Is (1xx 0, 2xx 8, 3xx 0, 4xx 3, 5xx 0) In Logwatch Httpd Section
Nov 27, 2010In this part of logwatch:
Code:
--------------------- httpd Begin ------------------------
0.12 MB transferred in 11 responses (1xx 0, 2xx 8, 3xx 0, 4xx 3, 5xx 0)
[code]....
Server :: Can't Understand Logwatch Error
May 23, 2011This problem is occurring on Red Hat EL 5 WS. However, I have two CentOS 5 systems, with similar configuration to RH EL 5, where this problem does not occur.
I am getting this error:
Can't exec "sendmail": No such file or directory at ./0logwatch line 1018, <TESTFILE> line 1.
Can't execute sendmail -t: No such file or directory
CentOS 5 :: Logwatch Not Sending Reports?
Aug 31, 2010When I installed Cent before I got my logwatch messages sent to me. for somreason this new server I built I am not getting them. can mail off the server and there is no mail in the Q or in root. I also put in a .forward file in my root to mail to my external account and it works fine. I get mail from fail2ban and denyhosts but not the logwatch.Thoughts on what I could be missing? I check the link and the files are all there. I changed the config file to give me a High level of detail. Thats about it. If I use the command line for logwatch it sends mail fine. logwatch --detail high --logfile messages --mailto yourname@domain.com
View 6 Replies View RelatedFedora Security :: Configure Firewall And Software Plus User Rights?
Apr 27, 2011I am novice user of linux. I need to know how to configure firewall so my system cant be compromised...In windows my system was greatly compromised. keyloggers were installed without my approval and my desktop was taken on remote.What should I do so without my knowledge no software can be installed and i can close all ports and only open which ever port is required to open. What should i do so my desktop cant be taken on remote?How do I configure user rights? So only root and one admin can install softwares and no one else.
View 5 Replies View RelatedUbuntu Security :: Configure Ufw To Drop Icmp Echo Requests?
Jul 12, 2010I've been trying to configure ufw to drop ping requests for a couple days now, and I can't figure it out. I've tried a couple different methods in some different guides, still nothing. Anyone know how to do this?
View 4 Replies View Related