rinri
/
system-and-network-administration-course
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
1.6 MiB
 
 
 
Tree: 89edcc5866
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '89edcc5866'
${ noResults }
system-and-network-administ.../week10/lab10-solution.html

334 lines
11 KiB
Raw Blame History 

  1. <?xml version="1.0" encoding="utf-8"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

  3. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

  4. <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

  5. <head>

  6. <!-- 2023-04-14 Fri 00:00 -->

  7. <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />

  8. <meta name="viewport" content="width=device-width, initial-scale=1" />

  9. <title>Lab9 Solution Amirlan Sharipov (BS21-CS-01)</title>

  10. <meta name="author" content="Amirlan Sharipov (BS21-CS-01)" />

  11. <meta name="generator" content="Org Mode" />

  12. <style>

  13.   #content { max-width: 60em; margin: auto; }

  14.   .title  { text-align: center;

  15.              margin-bottom: .2em; }

  16.   .subtitle { text-align: center;

  17.               font-size: medium;

  18.               font-weight: bold;

  19.               margin-top:0; }

  20.   .todo   { font-family: monospace; color: red; }

  21.   .done   { font-family: monospace; color: green; }

  22.   .priority { font-family: monospace; color: orange; }

  23.   .tag    { background-color: #eee; font-family: monospace;

  24.             padding: 2px; font-size: 80%; font-weight: normal; }

  25.   .timestamp { color: #bebebe; }

  26.   .timestamp-kwd { color: #5f9ea0; }

  27.   .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }

  28.   .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }

  29.   .org-center { margin-left: auto; margin-right: auto; text-align: center; }

  30.   .underline { text-decoration: underline; }

  31.   #postamble p, #preamble p { font-size: 90%; margin: .2em; }

  32.   p.verse { margin-left: 3%; }

  33.   pre {

  34.     border: 1px solid #e6e6e6;

  35.     border-radius: 3px;

  36.     background-color: #f2f2f2;

  37.     padding: 8pt;

  38.     font-family: monospace;

  39.     overflow: auto;

  40.     margin: 1.2em;

  41.   }

  42.   pre.src {

  43.     position: relative;

  44.     overflow: auto;

  45.   }

  46.   pre.src:before {

  47.     display: none;

  48.     position: absolute;

  49.     top: -8px;

  50.     right: 12px;

  51.     padding: 3px;

  52.     color: #555;

  53.     background-color: #f2f2f299;

  54.   }

  55.   pre.src:hover:before { display: inline; margin-top: 14px;}

  56.   /* Languages per Org manual */

  57.   pre.src-asymptote:before { content: 'Asymptote'; }

  58.   pre.src-awk:before { content: 'Awk'; }

  59.   pre.src-authinfo::before { content: 'Authinfo'; }

  60.   pre.src-C:before { content: 'C'; }

  61.   /* pre.src-C++ doesn't work in CSS */

  62.   pre.src-clojure:before { content: 'Clojure'; }

  63.   pre.src-css:before { content: 'CSS'; }

  64.   pre.src-D:before { content: 'D'; }

  65.   pre.src-ditaa:before { content: 'ditaa'; }

  66.   pre.src-dot:before { content: 'Graphviz'; }

  67.   pre.src-calc:before { content: 'Emacs Calc'; }

  68.   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }

  69.   pre.src-fortran:before { content: 'Fortran'; }

  70.   pre.src-gnuplot:before { content: 'gnuplot'; }

  71.   pre.src-haskell:before { content: 'Haskell'; }

  72.   pre.src-hledger:before { content: 'hledger'; }

  73.   pre.src-java:before { content: 'Java'; }

  74.   pre.src-js:before { content: 'Javascript'; }

  75.   pre.src-latex:before { content: 'LaTeX'; }

  76.   pre.src-ledger:before { content: 'Ledger'; }

  77.   pre.src-lisp:before { content: 'Lisp'; }

  78.   pre.src-lilypond:before { content: 'Lilypond'; }

  79.   pre.src-lua:before { content: 'Lua'; }

  80.   pre.src-matlab:before { content: 'MATLAB'; }

  81.   pre.src-mscgen:before { content: 'Mscgen'; }

  82.   pre.src-ocaml:before { content: 'Objective Caml'; }

  83.   pre.src-octave:before { content: 'Octave'; }

  84.   pre.src-org:before { content: 'Org mode'; }

  85.   pre.src-oz:before { content: 'OZ'; }

  86.   pre.src-plantuml:before { content: 'Plantuml'; }

  87.   pre.src-processing:before { content: 'Processing.js'; }

  88.   pre.src-python:before { content: 'Python'; }

  89.   pre.src-R:before { content: 'R'; }

  90.   pre.src-ruby:before { content: 'Ruby'; }

  91.   pre.src-sass:before { content: 'Sass'; }

  92.   pre.src-scheme:before { content: 'Scheme'; }

  93.   pre.src-screen:before { content: 'Gnu Screen'; }

  94.   pre.src-sed:before { content: 'Sed'; }

  95.   pre.src-sh:before { content: 'shell'; }

  96.   pre.src-sql:before { content: 'SQL'; }

  97.   pre.src-sqlite:before { content: 'SQLite'; }

  98.   /* additional languages in org.el's org-babel-load-languages alist */

  99.   pre.src-forth:before { content: 'Forth'; }

  100.   pre.src-io:before { content: 'IO'; }

  101.   pre.src-J:before { content: 'J'; }

  102.   pre.src-makefile:before { content: 'Makefile'; }

  103.   pre.src-maxima:before { content: 'Maxima'; }

  104.   pre.src-perl:before { content: 'Perl'; }

  105.   pre.src-picolisp:before { content: 'Pico Lisp'; }

  106.   pre.src-scala:before { content: 'Scala'; }

  107.   pre.src-shell:before { content: 'Shell Script'; }

  108.   pre.src-ebnf2ps:before { content: 'ebfn2ps'; }

  109.   /* additional language identifiers per "defun org-babel-execute"

  110.        in ob-*.el */

  111.   pre.src-cpp:before  { content: 'C++'; }

  112.   pre.src-abc:before  { content: 'ABC'; }

  113.   pre.src-coq:before  { content: 'Coq'; }

  114.   pre.src-groovy:before  { content: 'Groovy'; }

  115.   /* additional language identifiers from org-babel-shell-names in

  116.      ob-shell.el: ob-shell is the only babel language using a lambda to put

  117.      the execution function name together. */

  118.   pre.src-bash:before  { content: 'bash'; }

  119.   pre.src-csh:before  { content: 'csh'; }

  120.   pre.src-ash:before  { content: 'ash'; }

  121.   pre.src-dash:before  { content: 'dash'; }

  122.   pre.src-ksh:before  { content: 'ksh'; }

  123.   pre.src-mksh:before  { content: 'mksh'; }

  124.   pre.src-posh:before  { content: 'posh'; }

  125.   /* Additional Emacs modes also supported by the LaTeX listings package */

  126.   pre.src-ada:before { content: 'Ada'; }

  127.   pre.src-asm:before { content: 'Assembler'; }

  128.   pre.src-caml:before { content: 'Caml'; }

  129.   pre.src-delphi:before { content: 'Delphi'; }

  130.   pre.src-html:before { content: 'HTML'; }

  131.   pre.src-idl:before { content: 'IDL'; }

  132.   pre.src-mercury:before { content: 'Mercury'; }

  133.   pre.src-metapost:before { content: 'MetaPost'; }

  134.   pre.src-modula-2:before { content: 'Modula-2'; }

  135.   pre.src-pascal:before { content: 'Pascal'; }

  136.   pre.src-ps:before { content: 'PostScript'; }

  137.   pre.src-prolog:before { content: 'Prolog'; }

  138.   pre.src-simula:before { content: 'Simula'; }

  139.   pre.src-tcl:before { content: 'tcl'; }

  140.   pre.src-tex:before { content: 'TeX'; }

  141.   pre.src-plain-tex:before { content: 'Plain TeX'; }

  142.   pre.src-verilog:before { content: 'Verilog'; }

  143.   pre.src-vhdl:before { content: 'VHDL'; }

  144.   pre.src-xml:before { content: 'XML'; }

  145.   pre.src-nxml:before { content: 'XML'; }

  146.   /* add a generic configuration mode; LaTeX export needs an additional

  147.      (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */

  148.   pre.src-conf:before { content: 'Configuration File'; }

  149. 

  150.   table { border-collapse:collapse; }

  151.   caption.t-above { caption-side: top; }

  152.   caption.t-bottom { caption-side: bottom; }

  153.   td, th { vertical-align:top;  }

  154.   th.org-right  { text-align: center;  }

  155.   th.org-left   { text-align: center;   }

  156.   th.org-center { text-align: center; }

  157.   td.org-right  { text-align: right;  }

  158.   td.org-left   { text-align: left;   }

  159.   td.org-center { text-align: center; }

  160.   dt { font-weight: bold; }

  161.   .footpara { display: inline; }

  162.   .footdef  { margin-bottom: 1em; }

  163.   .figure { padding: 1em; }

  164.   .figure p { text-align: center; }

  165.   .equation-container {

  166.     display: table;

  167.     text-align: center;

  168.     width: 100%;

  169.   }

  170.   .equation {

  171.     vertical-align: middle;

  172.   }

  173.   .equation-label {

  174.     display: table-cell;

  175.     text-align: right;

  176.     vertical-align: middle;

  177.   }

  178.   .inlinetask {

  179.     padding: 10px;

  180.     border: 2px solid gray;

  181.     margin: 10px;

  182.     background: #ffffcc;

  183.   }

  184.   #org-div-home-and-up

  185.    { text-align: right; font-size: 70%; white-space: nowrap; }

  186.   textarea { overflow-x: auto; }

  187.   .linenr { font-size: smaller }

  188.   .code-highlighted { background-color: #ffff00; }

  189.   .org-info-js_info-navigation { border-style: none; }

  190.   #org-info-js_console-label

  191.     { font-size: 10px; font-weight: bold; white-space: nowrap; }

  192.   .org-info-js_search-highlight

  193.     { background-color: #ffff00; color: #000000; font-weight: bold; }

  194.   .org-svg { }

  195. </style>

  196. <script>

  197.   window.MathJax = {

  198.     tex: {

  199.       ams: {

  200.         multlineWidth: '85%'

  201.       },

  202.       tags: 'ams',

  203.       tagSide: 'right',

  204.       tagIndent: '.8em'

  205.     },

  206.     chtml: {

  207.       scale: 1.0,

  208.       displayAlign: 'center',

  209.       displayIndent: '0em'

  210.     },

  211.     svg: {

  212.       scale: 1.0,

  213.       displayAlign: 'center',

  214.       displayIndent: '0em'

  215.     },

  216.     output: {

  217.       font: 'mathjax-modern',

  218.       displayOverflow: 'overflow'

  219.     }

  220.   };

  221. </script>

  222. 

  223. <script

  224.   id="MathJax-script"

  225.   async

  226.   src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js">

  227. </script>

  228. </head>

  229. <body>

  230. <div id="content" class="content">

  231. <h1 class="title">Lab9 Solution Amirlan Sharipov (BS21-CS-01)</h1>

  232. <div id="table-of-contents" role="doc-toc">

  233. <h2>Table of Contents</h2>

  234. <div id="text-table-of-contents" role="doc-toc">

  235. <ul>

  236. <li><a href="#org0dd7aad">1. Question 1</a></li>

  237. <li><a href="#org3526c7a">2. Question 2</a></li>

  238. <li><a href="#orgac5e4b2">3. Question 3</a></li>

  239. <li><a href="#orgf20b9b2">4. Question 4</a></li>

  240. <li><a href="#org215ffc5">5. Question 5</a></li>

  241. </ul>

  242. </div>

  243. </div>

  244. 

  245. <div id="outline-container-org0dd7aad" class="outline-2">

  246. <h2 id="org0dd7aad"><span class="section-number-2">1.</span> Question 1</h2>

  247. <div class="outline-text-2" id="text-1">

  248. <p>

  249. I would use rsyslog and journald. Forward them to ELK stack and use it as a SIEM.

  250. There are many people people familiar with the ELK stack, and it&rsquo;s easy to scale it.

  251. </p>

  252. </div>

  253. </div>

  254. 

  255. <div id="outline-container-org3526c7a" class="outline-2">

  256. <h2 id="org3526c7a"><span class="section-number-2">2.</span> Question 2</h2>

  257. <div class="outline-text-2" id="text-2">

  258. <p>

  259. &gt; sudo cat  /etc/rsyslog.d/auth-errors.conf

  260. auth.alert,authpriv.alert       /var/log/auth-errors

  261. </p>

  262. 

  263. <p>

  264. <a href="./rsyslogpriority.jpg">rsyslogpriority

  265. </a>

  266. </p>

  267. </div>

  268. </div>

  269. 

  270. <div id="outline-container-orgac5e4b2" class="outline-2">

  271. <h2 id="orgac5e4b2"><span class="section-number-2">3.</span> Question 3</h2>

  272. <div class="outline-text-2" id="text-3">

  273. <div class="org-src-container">

  274. <pre class="src src-bash"><span style="color: #c792ea;">cat</span> /etc/logrotate.d/httpd

  275. </pre>

  276. </div>

  277. 

  278. <pre class="example">

  279. /var/log/httpd/*log {

  280.    rotate 10

  281.    compress

  282.    missingok

  283.    sharedscripts

  284.    postrotate

  285.       /usr/bin/systemctl reload httpd.service 2&gt;/dev/null || true

  286.    endscript

  287. }

  288. </pre>

  289. 

  290. 

  291. <p>

  292. &rsquo;* */6 * * * logrotate /etc/logrotate.d/httpd

  293. </p>

  294. 

  295. <p>

  296. <a href="./logrotate.jpg">logrotate

  297. </a>

  298. </p>

  299. </div>

  300. </div>

  301. 

  302. <div id="outline-container-orgf20b9b2" class="outline-2">

  303. <h2 id="orgf20b9b2"><span class="section-number-2">4.</span> Question 4</h2>

  304. </div>

  305. 

  306. 

  307. <div id="outline-container-org215ffc5" class="outline-2">

  308. <h2 id="org215ffc5"><span class="section-number-2">5.</span> Question 5</h2>

  309. <div class="outline-text-2" id="text-5">

  310. <p>

  311. in /etc/bashrc:

  312. </p>

  313. 

  314. <p>

  315. export PROMPT_COMMAND=&rsquo;RETRN_VAL=\(?;logger -p local6.debug "\)(whoami) [$$]: $(history 1 | sed &ldquo;s/^[ ]*[0-9]\+[ ]*//&rdquo; )&ldquo;&rsquo;

  316. </p>

  317. 

  318. <p>

  319. in /etc/rsyslog.d/bash.conf

  320. local6.*    /var/log/commands.log

  321. </p>

  322. 

  323. <p>

  324. Taken from <a href="https://unix.stackexchange.com/questions/664581/how-do-i-log-all-commands-executed-by-all-users">https://unix.stackexchange.com/questions/664581/how-do-i-log-all-commands-executed-by-all-users</a>

  325. </p>

  326. </div>

  327. </div>

  328. </div>

  329. <div id="postamble" class="status">

  330. <p class="author">Author: Amirlan Sharipov (BS21-CS-01)</p>

  331. <p class="date">Created: 2023-04-14 Fri 00:00</p>

  332. </div>

  333. </body>

  334. </html>