Generic Linux server setup

From dtype.org
Revision as of 14:04, 23 April 2017 by Drew (talk | contribs)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Things to do on all servers:

awslogs

  • /var/log/auth.log
  • /var/log/mail.log
  • /var/log/syslog

move cron off to its own log

  • /etc/rsyslog.d/50-default.conf
*.*;auth,authpriv.none,cron.none   -/var/log/syslog
cron.*                             /var/log/cron.log

get rid of cron in auth.log

  • /etc/pam.d/common-session-noninteractive, at end of file
# and here are more per-package modules (the "Additional" block)
session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid
session	required	pam_unix.so

fail2ban

  • do
Retrieved from "https://dtype.org/index.php?title=Generic_Linux_server_setup&oldid=235"