System Engineering

rsyslog + MySQL + LogAnalyzer on OpenSUSE

Posted on
rsyslog Features Map

1. Install requirements zypper install rsyslog rsyslog-module-relp rsyslog-module-mysql rsyslog-module-snmp rsyslog-module-mmnormalize 2. Create RuleBase for PHP log vi /etc/rsyslog.d/phplog.rulebase # PHP Logs rule=: %server:char-to:\x3a%\x3a PHP %priority:char-to:\x3a%\x3a%message:rest% rule=: PHP %priority:char-to:\x3a%\x3a%message:rest% 3. Prepare MySQL CREATE DATABASE `syslog`; USE `syslog`; CREATE USER ‘syslog’@’localhost’ IDENTIFIED BY ‘my_password’; GRANT EXECUTE, INSERT, LOCK TABLES, SELECT, SHOW VIEW, UPDATE ON syslog.* TO ‘syslog’@’localhost’; […]

System Engineering

Install OpenVPN on openSUSE

Posted on
OpenVPN

0. Plan Public IF : eth1 (210.1.1.1) Private IF : eth0 (10.1.0.0/16) Virtual Tunneling IF : tun0 (172.16.1.0/24) 1. Download and install packages zypper install openvpn openvpn-auth-pam-plugin 2. Install EasyRSA and create server ertificates cd /usr/local/src wget -O easy-rsa-2.x.tar.gz https://github.com/OpenVPN/easy-rsa/archive/release/2.x.tar.gz tar xvf easy-rsa-2.x.tar.gz cp -r easy-rsa-release-2.x/easy-rsa /etc/openvpn/ cd /etc/openvpn/easy-rsa/2.0/ vi /etc/openvpn/easy-rsa/2.0/vars # Fill KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, […]

System Engineering

Enable SFTP Logging on OpenSUSE

Posted on

1. Update rsyslog(syslog) configuration vi /etc/rsyslog.conf #sftp logging local5.* -/var/log/sftpd.log service rsyslog restart 2. SSHD Configuration file vi /etc/ssh/sshd_config Subsystem sftp /usr/lib/ssh/sftp-server -f LOCAL5 -l INFO service sshd restart  

System Engineering

Chroot for SFTP on OpenSUSE

Posted on

1. Add chroot to SSHD Configuration file vi /etc/ssh/sshd_config Match Group uploaders,!admin X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ChrootDirectory /home/uploaders Match User cacti Address *,!10.10.1.0/24 ForceCommand /bin/false 2. Mount directory to home directory vi /etc/fstab /home/www/www.mysite.com /home/uploaders/www.mysite.com none bind 0 0  

System Engineering

Install DKIMproxy on OpenSUSE

Posted on

1. Install requirements zypper install dkimproxy 2. Create keys cd /usr/share/dkimproxy/etc openssl genrsa -out dkim-private.key 1024 openssl rsa -in dkim-private.key -pubout -out dkim-public.key chown dkim dkim-private.key chmod 400 dkim-private.key 3. Configuration file cp dkimproxy_in.conf.example dkimproxy_in.conf cp dkimproxy_out.conf.example dkimproxy_out.conf vi dkimproxy_out.conf # add your domain of sender … domain domain1.com,domain2.com # locate private-key file … keyfile /usr/share/dkimproxy/etc/dkim-private.key […]

System Engineering

Install Subversion Server on OpenSUSE 12.3

Posted on

1. Install requirements zypper install subversion subversion-server apache2 apache2-doc apache2-prefork libapr1 libapr-util1 libneon libneon-devel 2. Create account groupadd -r svn useradd -r -g svn -d /home/svn -s /bin/false svn 3. Add Apache2 module a2enmod dav a2enmod dav_svn a2enmod authz_svn 4. Configure Apache vi /etc/apache2/conf.d/subversion.conf <IfModule mod_dav_svn.c> <Location /svn> Order allow,deny Allow from all DAV svn SVNParentPath […]

System Engineering

Install Cacti on OpenSUSE 12.3

Posted on

1. Install requirements # add repository # mirror was expired(2014-12-22) : zypper ar -f -c -n openSUSE-12.3-server:monitoring http://download.opensuse.org/repositories/server:monitoring/openSUSE_12.3/ repo-monitoring zypper ar -f -c -n openSUSE-12.3-server:monitoring http://mirror.euserv.net/linux/opensuse/repositories/server%3a/monitoring/openSUSE_12.3/ repo-monitoring # install zypper install cacti cacti-spine cacti-plugin-docs cacti-plugin-hostinfo cacti-plugin-tools apache2 apache2-doc apache2-prefork 2. Create user cacti useradd -d /srv/www/cacti -s /bin/bash -g nobody cacti mkdir ~cacti/.ssh chown cacti:www […]

System Engineering

Install Nagios on OpenSUSE 12.3

Posted on

1. Install requirements zypper install nagios nagios-plugins nagios-www nagiosgraph apache2 apache2-doc apache2-prefork 2. Prepare mysql CREATE USER nagios@localhost CREATE DATABASE nagios GRANT … 3. Configure ndo2db vi /etc/nagios/ndo2db.cfg lock_file=/var/run/nagios/ndo2db.pid db_user=nagios db_pass=PASSWORD chgrp nagios /var/spool/nagios chmod g+w /var/spool/nagios mkdir /var/run/nagios chown nagios:nagios /var/run/nagios cd /usr/share/doc/packages/ndoutils/db perl ./installdb -u nagios -h localhost -d nagios -p PASSWORD vi /etc/sysctl.conf […]