rinri
/
system-and-network-administration-course
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
1.6 MiB
 
 
 
Tree: 89edcc5866
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '89edcc5866'
${ noResults }
system-and-network-administ.../week10/lab10-solution.org

1.2 KiB
Raw Blame History

Lab9 Solution Amirlan Sharipov (BS21-CS-01)

Question 1

I would use rsyslog and journald. Forward them to ELK stack and use it as a SIEM. There are many people people familiar with the ELK stack, and it's easy to scale it.

Question 2

> sudo cat /etc/rsyslog.d/auth-errors.conf auth.alert,authpriv.alert /var/log/auth-errors

rsyslogpriority

Question 3 

cat /etc/logrotate.d/httpd

/var/log/httpd/*log {
   rotate 10
   compress
   missingok
   sharedscripts
   postrotate
      /usr/bin/systemctl reload httpd.service 2>/dev/null || true
   endscript
}

'* */6 * * * logrotate /etc/logrotate.d/httpd

logrotate

Question 4

Question 5

in /etc/bashrc:

export PROMPT_COMMAND='RETRN_VAL=$?ogger -p local6.debug "$(oami) [$$]$(story 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"'

in /etc/rsyslog.d/bash.conf local6.* /var/log/commands.log

Taken from https://unix.stackexchange.com/questions/664581/how-do-i-log-all-commands-executed-by-all-users