Visa obesvarade inlägg | Visa aktiva trådar Aktuellt datum och tid: 17 aug 2018, 13:27

Kategoriregler


Här ligger de utförliga instruktionerna vi kan tänkas behöva. Leta här om du tex behöver installera nåt program eller sätta upp någon funktion. Starta inte trådar utan att ha ett svar.



Svara på tråd  [ 6 inlägg ] 
 HOWTO Logwatch - security 
Författare Meddelande

Blev medlem: 24 sep 2008, 10:08
Inlägg: 446
OS: Xubuntu
Utgåva: 14.04 Trusty Tahr LTS
Svara med citat
Inlägg HOWTO Logwatch - security
Hello - Logwatch is a program that watch your system and creates logs.
You can pick different levels of your logs of your system - low, medium and high security.
And you can pick what to monitor with your logging - http, sudo and more ...
This is a great way monitor you system - where you can pick to get yeasterdays logs or todays logs sent to your email.

First i just want to tell you how difficult it was to get all this working.
I try to get a working email system to work with my Ubuntu so Logwatch can send me emails using my Ubuntu system.
And i end up trying to configurating Postfix - i follow many guides online and none working.
This made me very angry.

But thanks to this great forum [ubuntu org] i describe my issue and got help to solve my problem.
A user suggest me to install SSMTP instead of Postfix and it did work direct after the first install and configuration.
After that i was going to install Logwatch - but then i notice that the guides say different things how to install Logwatch.
This was at first confusing - but at the end i solve the wrong information to a working solution to install and configurating Logwatch.

1) So now i will show you how to install and configurating the mail software SSMTP so you can get emails from Logwatch.

2) After getting SSMTP working i will show you how to install and configurating LOGWATCH.

3) During this installation process you need a gmail.com account to get this guide to work.

Installing and configurationg SSMTP to send emails from your Ubuntu system

First you run the following code to get updated system:

Kod:
sudo apt-get update


After that you install ssmtp

Kod:
sudo apt-get install ssmtp


Now you will open a text file using a editor with the name nano.
After editing a file you click on "ctrl" and "o" to save the changes and click "enter" then close nano with "ctrl" and "x"
This is the all commands you need to open, save and close using nano.

Type the following in the command line:

Kod:
sudo nano /etc/ssmtp/ssmtp.conf


Then you will get a file and it should look like this:
You have to add the missing parts and add your email.

Kod:
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=MyEmailAddress@gmail.com

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
#mailhub=mail
mailhub=smtp.gmail.com:587

AuthUser=MyEmailAddress@gmail.com
AuthPass=MyPassword
UseTLS=YES
UseSTARTTLS=YES

# Where will the mail seem to come from?
#rewriteDomain=
rewriteDomain=gmail.com

# The full hostname
#hostname=MyMediaServer.home
hostname=MyEmailAddress@gmail.com

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES - See more at: http://www.havetheknowhow.com/Configure-the-server/Install-ssmtp.html#sthash.vpOeOryu.dpuf

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=MyEmailAddress@gmail.com

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
#mailhub=mail
mailhub=smtp.gmail.com:587

AuthUser=MyEmailAddress@gmail.com
AuthPass=MyPassword
UseTLS=YES
UseSTARTTLS=YES

# Where will the mail seem to come from?
#rewriteDomain=
rewriteDomain=gmail.com

# The full hostname
#hostname=MyMediaServer.home
hostname=MyEmailAddress@gmail.com

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES


When you are done you can test to send email to your gmail account.
But at first it will not work because gmail will complain about you being spamming the email account and also issue how the deamon can know your password to your gmail account.
Then gmail will ask if you want to change secutiry settings and you should answaer yes or activate the funktion allowing emails from your Ubuntu system.
When this is done you can test send email again - then it should work just fine.

This is how you send email using the command line with ssmtp:

Kod:
ssmtp recipient_YourEmail@gmail.com


Afer typing this into the command line you click on Enter and type your message.
For example:

Kod:
Hello world


After that you need to end this session with Ctrl D.
Now you can check your email and you will see your message Hello world.
Here is the ssmtp guide i follow http://www.havetheknowhow.com/Configure ... ssmtp.html

Now when you get this working you can move on to next part - installing and configurating Logwatch.

Installing and configurationg LOGWATCH to send security logs to your email account:

First we install Logwatch

Kod:
sudo apt-get install logwatch


We have to create a directory that Logwatch dosent do by default.
Write the following code to create /var/cache/logwatch
Kod:
sudo mkdir /var/cache/logwatch




Now we should not add and configurationg the logwatch.conf file using this path /usr/share/logwatch
We should copy logwatch.conf to /etc/logwatch/conf/ and that is the file we will configurate.
So now we copy the file using following code
Kod:
sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/


Now you open up the logwatch.conf file using following path

Kod:
sudo nano /etc/logwatch/conf/logwatch.conf


First you change the output to mail and mailto with your email account.

Kod:
Output = mail
MailTo = YourEmail@gmail.com


Then you can add your email again at this line

Kod:
MailFrom = Logwatch




Now you can set the reports to yesterday or today - i pick Today

Kod:
Range = Today


At last you can pick if you want low security issues or medium or high - i pick medium

Kod:
Detail = Medium


Now you can test Logwatch to send security report to your mail.
Just write logwatch in the command line and check your email account.

Kod:
sudo logwatch


I follow different guides to understand how to install and configurate Logwatch correct.
I post them in the order you should read and refering to the guides to understand what is correct settings with Logwatch.
First guide to use is https://help.ubuntu.com/community/Logwatch
Secound guide to use is https://wiki.amahi.org/index.php/Monito ... via_E-mail
And last guide to get more details https://www.digitalocean.com/community/ ... r-on-a-vps


Senast redigerad av pompado 08 jun 2015, 17:57, redigerad totalt 1 gång.



08 jun 2015, 17:40
Profil

Blev medlem: 24 sep 2008, 10:08
Inlägg: 446
OS: Xubuntu
Utgåva: 14.04 Trusty Tahr LTS
Svara med citat
Inlägg Re: HOWTO Logwatch - security
You also might need to unlock the captcha by visiting this page https://www.google.com/accounts/DisplayUnlockCaptcha
But if the email working then there is no need.

Fy fan va Ubuntu äger när saker och ting fungerar :-)


08 jun 2015, 17:41
Profil

Blev medlem: 24 sep 2008, 10:08
Inlägg: 446
OS: Xubuntu
Utgåva: 14.04 Trusty Tahr LTS
Svara med citat
Inlägg Re: HOWTO Logwatch - security
I forgot to mention that you need to test your internet provider if they allow you to connect using smtp.gmail.com.

Here's a simple test. Open a terminal and run the command:
Code:
Kod:

     telnet alt1.gmail-smtp-in.l.google.com 25

If you can connect, you'll see GMail reply with its "banner" like this:
Code:[/code]
Kod:
     Trying 74.125.24.27...
Connected to alt1.gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP s1si2787214wiy.52 - gsmt

If you don't see that, you'll need to talk to your ISP and make sure they are not filtering traffic to remote SMTP servers.
To close the telnet session, hold down the Ctrl key and type the "]" character. Then type "quit" at the prompt.


08 jun 2015, 17:42
Profil
Global Moderator

Blev medlem: 30 mar 2006, 10:34
Inlägg: 4264
Ort: Trollhättan
OS: Kubuntu
Utgåva: 17.04 Zesty Zapus
Svara med citat
Inlägg Re: HOWTO Logwatch - security
Bra att du delar med dig av din kunskap, men varför skriver du på engelska?


08 jun 2015, 20:13
Profil

Blev medlem: 24 sep 2008, 10:08
Inlägg: 446
OS: Xubuntu
Utgåva: 14.04 Trusty Tahr LTS
Svara med citat
Inlägg Re: HOWTO Logwatch - security
Hej orkar inte skriva om Guiden från engelska till svenska.
Brukar börja nysta upp problem på Ubuntu org och då blir det på engelska.
Hoppas det går bra.

Note, most ISPs I have seen will block any traffic on port 25 if the connection is residential. If this is the case, it is unlikely they will unblock it, so you would need to send email via port 587, instead of port 25.

Ska även nämna att jag ska lägga till hur man gör ett cron job så logwatch skickar email automatiskt varje dag.


09 jun 2015, 08:54
Profil

Blev medlem: 24 sep 2008, 10:08
Inlägg: 446
OS: Xubuntu
Utgåva: 14.04 Trusty Tahr LTS
Svara med citat
Inlägg Re: HOWTO Logwatch - security
Försöker få cron att fungera och skicka email varje dag med Logwatch.
Råka skriva fel lösenord med sudo och gissa vad som händer...

Jag får ett epost från Logwatch som talar om för mig om ett misslyckat sudo försök hahaha häftigt.
Det betyder att jag har en säkerhets lösning i realtid, eftersom det tog inte mer än 2 sekunder för mobilen att plinga och meddela mig om ny epost.

Detta känns jätte bra!

Kod:
patrik : Jun  9 14:32:50 : patrik : 1 incorrect password attempt ; TTY=pts/0 ; PWD=/home/patrik ; USER=root ; COMMAND=/usr/bin/nano crontab -e


09 jun 2015, 14:59
Profil
Visa inlägg nyare än:  Sortera efter  
Svara på tråd   [ 6 inlägg ] 

Vilka är online

Användare som besöker denna kategori: Inga registrerade användare och 1 gäst


Du kan inte skapa nya trådar i denna kategori
Du kan inte svara på trådar i denna kategori
Du kan inte redigera dina inlägg i denna kategori
Du kan inte ta bort dina inlägg i denna kategori
Du kan inte bifoga filer i denna kategori

Sök efter:
Hoppa till:  
cron
Main Engineer for phpBB3: Bertie at phpBB.com © 2000 - 2002, 2005 - 2007, the Group behind the Open Source code of phpBB.
Designed by STSoftware, modified by Katt, Konservburk & Peetra. Swedish translation by Peetra & phpBB Sweden © 2006-2011