Generic Linux server setup: Difference between revisions
From dtype.org
(moving cron) |
(mail config) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Things to do on all servers: | Things to do on all servers: | ||
= Log management = | |||
== awslogs == | |||
* /var/log/auth.log | |||
* /var/log/mail.log | |||
* /var/log/syslog | |||
== move cron off to its own log == | == move cron off to its own log == | ||
Line 7: | Line 15: | ||
<nowiki>*.*;auth,authpriv.none,cron.none -/var/log/syslog | <nowiki>*.*;auth,authpriv.none,cron.none -/var/log/syslog | ||
cron.* /var/log/cron.log</nowiki> | cron.* /var/log/cron.log</nowiki> | ||
== get rid of cron in auth.log == | |||
* /etc/pam.d/common-session-noninteractive, at end of file | |||
<nowiki># and here are more per-package modules (the "Additional" block) | |||
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid | |||
session required pam_unix.so</nowiki> | |||
= Other = | |||
== mail through SES relay == | |||
* /etc/postfix/main.cf | |||
<nowiki>## AWS | |||
relayhost = [email-smtp.us-east-1.amazonaws.com]:25 | |||
smtp_sasl_auth_enable = yes | |||
smtp_sasl_security_options = noanonymous | |||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd | |||
smtp_use_tls = yes | |||
smtp_tls_security_level = encrypt | |||
smtp_tls_note_starttls_offer = yes | |||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt</nowiki> | |||
== fail2ban == | |||
* do |
Latest revision as of 17:13, 23 April 2017
Things to do on all servers:
Log management
awslogs
- /var/log/auth.log
- /var/log/mail.log
- /var/log/syslog
move cron off to its own log
- /etc/rsyslog.d/50-default.conf
*.*;auth,authpriv.none,cron.none -/var/log/syslog cron.* /var/log/cron.log
get rid of cron in auth.log
- /etc/pam.d/common-session-noninteractive, at end of file
# and here are more per-package modules (the "Additional" block) session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid session required pam_unix.so
Other
mail through SES relay
- /etc/postfix/main.cf
## AWS relayhost = [email-smtp.us-east-1.amazonaws.com]:25 smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_use_tls = yes smtp_tls_security_level = encrypt smtp_tls_note_starttls_offer = yes smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
fail2ban
- do