|
IMPORTANT
NOTE: This document is based on FreeBSD. The concepts should be similar across operating
systems, but the commands will very likely be different.
Also, never assume the directory structures exist in your system
as written in the document. Never blindly follow security
instructions -- read, review, compare, apply as it fits your
system.
Log into each server as root.
- cd /usr/ports/security/logcheck
- make
- make install
- cd /usr/local/etc
edit logcheck.sh to change "SYSADMIN=" to the email address you want the
reports to be emailed.
- cp -p logcheck.hacking.sample logcheck.hacking
cp -p logcheck.ignore.sample logcheck.ignore
cp -p logcheck.violations.sample logcheck.violations
cp -p logcheck.violations.ignore.sample logcheck.violations.ignore
Then edit the above files to your taste.
- Add the following to cron:
### send log summaries every 15 minutes
*/15 * * * * /usr/local/etc/logcheck.sh
If you want to set up your system to automatically
upgrade logcheck when upgrades become available, create a cron script to
run the following on a daily or weekly basis:
/usr/local/sbin/portupgrade -P logcheck
/usr/local/sbin/portupgrade -P portupgrade
|
IMPORTANT
NOTE: This document and all
linked document is being provided as a good will gesture to the
Parallels H-Sphere community and to others who may benefit from its use.
Dynamic Net, Inc. makes no representations implied or explicit
as to their value or warranty. Dynamic Net, Inc. will not be
held liable for any damage resulting in the application of the
steps and procedures noted. If you feel uncomfortable at
all about doing any of the steps, make a complete system backup
and hire a third party like
We Manage Servers
to do the work for you.
|
|
