Secure File Transfer Protocol (SFTP) is a great tool for performing secure file transfers. This is a short note to explain how to enable sftp logging without chroot. 1. To enable logging of sftp-server in /var/log/messages, add command-line arguments to the Subsystem sftp line in /etc/ssh/sshd_config # vi /etc/ssh/ssh_config Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE Restart the sshd service for the changes to take effect. # service sshd restart # For CentOS/RHEL … [Read more...] about How to enable SFTP Logging without chroot in CentOS/RHEL
By default, /var/log/messages* are created with read-write permissions for 'root' user only. There might be a requirement to make the log files world readable for eg to allow an application to read and process the data in it. Changing the permissions on such files using 'chmod' might be a temporary solution as they will be recreated with the original permission during the next logrotate cron job. This post will help understand how to set custom permissions (eg 644) on /var/log/messages … [Read more...] about How to Change Default Permission of /var/log/messages in CentOS/RHEL
Need of a Centralized Rsyslog Server Every *NIX system has some sort of logging facility that will produce text logs that can be written into an arbitrary location on a storage device (normally, defaulting to a local disk partition). Now, this is essential but can also produce issues like: You need to have adequate storage space on the local server to save the logs. You need to put in place rotation to stop them from growing too large. If the logs contain sensitive information such as … [Read more...] about Rsyslog : How to Send log files to remote server in CentOS/RHEL 6,7
This short note explains steps to direct audit logs to remote rsyslog server on a CentOS/RHEL 6,7 Server. Server Side Configuration Perform these steps to set up the syslog server: 1. Uncomment the following lines in the 'MODULES' section of /etc/rsyslog.conf: # vi /etc/rsyslog.conf $ModLoad imtcp $InputTCPServerRun 514 If you are using UDP then uncomment following lines: # vi /etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 2. Configure the rsyslog server to recieve rsyslog … [Read more...] about How to send Audit Logs to Remote Rsyslog Server in CentOS/RHEL 6,7
System auditing is a very important task that should be a part of every server. It allows us to audit minute details related to what exactly is happening within the system. Most system administrators might be aware of basic auditing functionalities such as looking into /var/log/secure file for login attempts, but when it comes to low-level auditing, this is where the work needs to be done. Some of the cases when system auditing helps are: Watching for file access: We want to have a report … [Read more...] about How to monitor /etc/shadow and /etc/passwd file for changes with Auditd?
The post explains how to configure rsyslog to filter messages with a specific IP address and drop those messages. By default, syslog doesn't consist of any advance filtering like rsyslog. Follow below steps to configure rsyslog to filter messages with specific IP address. 1. Install rsyslog if it is not already present on the system. For Redhat Based distributions: # yum install rsyslog 2. Use chkconfig/systemctl commands to enable rsyslog service on boot. Also start the service. # … [Read more...] about How to Configure rsyslog to Filter/discard Specific IP Address in CentOS/RHEL 6,7