Logwatch is a program that will parse your logs and send you an email every day about what has taken place on your server, a very friendly program.
Installation is simple:
apt-get install logwatch
Edit the config file in /usr/share/logwatch/default.conf/logwatch.conf
Basically all you have to do is change the:
mailto = your_email_address
With Ubuntu I kept getting this error, though I checked, I could not find a solution so, as it looked like it was missing a location /var/cache/logwatch, I created one and it worked perfectly.
/var/cache/logwatch No such file or directory at /usr/sbin/logwatch line 632.
sudo mkdir /var/cache/logwatch
Now run the program as root with:
or run in debug mode to get more information.
logwatch –debug 6
That will provide a lot of info.
As an administrator you may be face with the task of constantly monitoring web servers, mail servers, ftp servers, etc. Basically, your organization wants all of their servers up and running all of the time. Nagios 3 offers an easy set up and configuration to make this happen so that you can monitor multiple servers and have Nagios alert you to problems. Nagios can notify you by email, pager or phone. This will allow you to have a life and count on Nagios to contact you when problems develop.
In the past Nagios has been a real difficult set up and configure job. Many have just given up and moved on. However, using Ubuntu 8.10 and the new Nagios 3 this is a breeze to set up and use effectively. Here are some key links to get you going:
Nagios is based on Objects. Objects are hosts, services, contacts and timeperiods. A host is a physical device on your network like a server, router, switch or printer. Each of these hosts has an IP Address or MAC Address that you can use to monitor it with. A service is an attribute of the host. For example a service might be CPU load, disk usage, or uptime. A service might also be something that the host provides like HTTP, FTP, or POP3. Once you have set up a host and as service, Nagios will begin to monitor that service on the host. The contacts are the administrators that should get notified and how they should get notified when there are problems. Finally, timeperiods are blocks of time that determine when an administrator should get notified by Nagios. Put this all together, and you have a sophisticated monitoring process that will make your life easier.
Nagios has a web interface that you may log into so that you can see various hosts and services that you are monitoring. Here is an example.
Now you can use the recently released Elpicx 2.0 live DVD to dual-boot Ubuntu 8.04 and Fedora 9 KDE with LPI (Linux Professional Institute) training materials like test emulators, reference cards, study notes and exercises for the LPI certification exam. Elpicx 2.0 is available as a 1.6 GB download in German and English. The Elpicx homepage states that “Ubuntu-Documentation and LPIC-Documentation were added together with software to prepare for the LPI exams.” It seems the combination of the Ubuntu 8.04 LTS and Fedora 9 desktops along with the LPI training in one package may be the key. Newbies often show symptoms of frustration when left to sort through Linux lingo in the forums. Combining training with the distribution may be what we’ve all eben waiting for. Buy Elpicx 2.0 on DVD
Mail servers today are especially overburdened with Spam. This is actually costing organizations millions of dollars in purchasing hardware just to process the Spam. It takes server memory and CPU cycles to determine if an email is Spam or not and as Spam increases new servers have to be built to separate the good from the bad. Using Blackholes is a way to reduce the load on your server. Blackholes are databases of known Spammers that are kept so that you can include them in your mail server configuration to eliminate those email without having your mail server process each email. However, when using blackholes these DNS blacklists require Postfix to do a DNS lookup which will take resources from your server and create latency. However, this can be a significant reduction in Spam.
Gete more information about Postfix on a daily basis…try the Postfix Blog.
The examples below are for a Postfix Mail Server. One thing to note, there are a lot of Blackholes online, you need to check them closely to be sure they meet the needs of your organization. The ones we list are simply examples.
In the example below two kinds of lists are used to block spam, these are only illustrations you should research your list carefully. Each list will have an address that you can enter to access the list. These two are combined in one address. That address is then entered into your smtpd restrictions.
Exploits Block List (http://www.spamhaus.org/xbl/index.lasso)
The following information is taken from spamhaus site.
“The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.”
The Spamhaus Block List (http://www.spamhaus.org/sbl/index.lasso)
The following information is taken from spamhaus site.
“The SBL is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams.
The SBL is queriable in realtime by mail systems thoughout the Internet, allowing email administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending or origination of Unsolicited Bulk Email (aka “Spam”).
The SBL database is maintained by a dedicated international Spamhaus team based in 9 countries, working 24 hours a day, 7 days a week to list new confirmed spam issues and – just as importantly – to delist resolved issues.”
These two lists are combined into this address.
Address Sender Verification
One of the best methods of restricting SPAM is to require address verification. This means that Postfix will initiate a SMTP session with the client’s server to verify that it is a legitimate address. This takes time and resources but…it a very effective way to deal with SPAM. You will need to add the reject_unverified_sender option.
There is a way to enhance this process. One thing that Postfix will do is to cache the addresses it checks out and saves them in memory. This is great because the system will not have to look the same address up again…unless you restart the server as the memory will lose the addresses. However, you can tell Postfix to write the addresses to a map file that will allow Postfix to cache them permanently. Use the address_verify_map feature to make this work.
address_verify_map = btree:/var/spool/postfix/verified_senders
If you did not want to cache the negative sender addresses you can use this parameter.
address_verify_negative_cache = no
Choosing the correct password, as well as informing and enforcing password security for users is an important task for the administrator. Security is built upon passwords, so close attention should be paid to making passwords an effective tool in security.
Aspects of a Good Password
1. 8 characters or more
2. use numbers in the password
3. use letters in the password
4. use case in the password
5. avoid dictionary words
These five aspects are critical because software programs can employ “brute force” tactics to try to guess passwords on your network. Using the five aspects above will make it more difficult to crack your passwords. Security usually begins with most systems at the user level. One of the most important aspects of user security is the user password. A lot of security can go down the drain with poor passwords that can be easily cracked. Several important elements of a user password are length of the password, randomness and the forced creation of new passwords at regular intervals. Most users resist all of these elements.
The length of a password is directly proportional to the ease at which it could be cracked. As a result all passwords should be at least 8 characters long. In addition, passwords should not be based on dictionary words, they should be random. One way to make secure passwords is to create passwords from phrases that are common to you. For example in the phrase ” I live at 101 Maple Street in Phoenix Arizona,” could be turned into the password
This is a password built on the first letter of each word to create a secure password. Remember Linux is case sensitive.
Password Management allows you to force changes in the password or have the account be automatically disabled in a period of time. It is a good idea to force users to change their passwords at regular intervals. Of course this is even more important for administrator’s to do as well. The downside to this is that users forget their passwords if forced to change often making possibly a worse situation.