Book Image

Red Hat Enterprise Linux Server Cookbook

By : Jakub Gaj, Leemans
5 (1)
Book Image

Red Hat Enterprise Linux Server Cookbook

5 (1)
By: Jakub Gaj, Leemans

Overview of this book

Dominating the server market, the Red Hat Enterprise Linux operating system gives you the support you need to modernize your infrastructure and boost your organization’s efficiency. Combining both stability and flexibility, RHEL helps you meet the challenges of today and adapt to the demands of tomorrow. This practical Cookbook guide will help you get to grips with RHEL 7 Server and automating its installation. Designed to provide targeted assistance through hands-on recipe guidance, it will introduce you to everything you need to know about KVM guests and deploying multiple standardized RHEL systems effortlessly. Get practical reference advice that will make complex networks setups look like child’s play, and dive into in-depth coverage of configuring a RHEL system. Also including full recipe coverage of how to set up, configuring, and troubleshoot SELinux, you’ll also discover how secure your operating system, as well as how to monitor it.
Table of Contents (12 chapters)
11
Index

Auditing the system


The Linux audit system allows you to track security-related information about your systems. It allows you to watch security events, filesystem access, network access, commands run by users, and system calls.

How to do it…

By default, audit is installed as part of the core packages. So, there's no need to install this.

Configuring a centralized syslog server to accept audit logs

Perform these steps to set up the syslog server:

  1. On the syslog server, create a /etc/rsyslog.d/audit_server.conf file containing the following:

    # Receive syslog audit messages via TCP over port 65514
    $ModLoad imtcp
    $InputTCPServerRun 65514
    $AllowedSender TCP, 127.0.0.1, 192.168.1.0/24
    $template HostAudit, "/var/log/audit/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%/audit.log"
    $template auditFormat, "%msg%\n" local6.*  ?HostAudit;auditFormat
  2. On the syslog server, restart rsyslog, as follows:

    ~]# systemctl restart rsyslog
    
  3. On the client, create a /etc/rsyslog.d/audit_client.conf file containing the following:

    $ModLoad...