RHEL6 – Getting Up Close and Personal With Rsyslog

LogRsyslog has replaced Syslog as the default logging daemon in RHEL6. Rsyslog was designed to complete with syslog-ng and has several enhancements over plain old syslog. This includes but is not limited to more granularity with timestamps, direct database logging,   TCP support, and  relay server names in host fields which makes it easier to track the path a message has taken.

Below we are going to take a look at a few simple rsyslog configuration items.

Configure Rsyslog to Accept Remote Logs.

Within /etc/rsyslog.conf, comment out either the TCP or UDP syslog reception lines below. TCP is more reliable, however UDP is more widely supported.

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514

Configure a Server to Send Logs to a Remote Host.

To send all messages of info priority or higher to a remote host via udp, use the following format. Note that 10.1.224.34 is the remote server that I want to send logs to.

*.info    @10.1.224.34

To send the same priorities to the remote host via TCP, use two "@@"

*.info    @@10.1.224.34

Note that you can specify the port number on which to send by using IP:PORT. When no port is specified the default port of 514 is used.

Note that depending on your configuration you may need to alter your IPtables configuration on your sending and/or receiving server. In my case I needed to allow UDP on port 514 on my remote syslog server. To accomplish this I used system-config-firewall-tui which added the following line to /etc/sysconfig/iptables.

-A INPUT -m state –state NEW -m udp -p udp –dport 514 -j ACCEPT

Which shows up as what you see below in the output of 'iptables -L'

ACCEPT     udp  –  anywhere             anywhere            state NEW udp dpt:syslog

Testing Your Configuration

Ok lets send a test to our remote syslog server. Note that rsyslog has been restarted on both hosts.

# logger "testing to remote rsyslog server"

Checking the messages file on the remote host we can see that the test message has arrived.

Aug 13 14:55:26 vfatmin02 root: testing to remote rsyslog server

 

Advertisements

RHEL6 – Using htpasswd to Create a Secure Apache Directory

Bank-vaultThe process of setting up a simple password protected web directory on an Apache server is rather easy. The simplest way to accomplish this task is to use flat-file user authentication. Disclaimer, I am not claiming that the directions below are the most complete, or the most secure. However they work and are probably the most simple.

The first thing that you need to do is to create a "secret" directory. In this instance my web root is /var/www2/html, so I will create my secure directory under that tree.

#mkdir /var/www2/html/secret

Now lets create an index.html inside our secret directory for the purpose of testing.

#echo "Secret Directory Working" > /var/www2/html/secret/index.html

This way we have something to look at when we actually are able to get this working correctly.

Now using the htpasswd command we need to create an htpasswd file and add a user that will have access to our top secret directory. Note that you should not create this file inside your web-root.

#htpasswd -c /etc/httpd/.htpasswd fatmin

In the example above the "-c" option creates our htpasswd file, fatmin is the user that we want to grant access to. You will be prompted for a password.

Now add the following stanza to your httpd.conf. Note that AuthName is the text that will display when the user is prompted for a password. AuthUserFile is the location of the password file. Basic is pretty much the only auth method that anyone uses.

<Directory /var/www2/html/secret>
AuthName "Secret Directory"
AuthType basic
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>

Now restart apache, and when you navigate to www.mysite.com/secret you should be prompted for a userid and password.

 

 

RHCE Exam Objectives

TCBND00ZWant to become an Red Hat Certified Engineer and ride around in trains all the live-long day. Well, you best get to studying and the exam is notoriously hard with a very agressive time limit. Bottom line, you walk in the door and sit down at the desk you better have a good idea of whats on the test, and your better be prepared to work fast.

Anyway, below is the link to the exam outline, courtesy of Redhat.

http://www.redhat.com/training/courses/ex300/examobjective

One item of note, if you want cannot become a RHCE until you are a RHCSA, however you can pass the RHCE and then take the RHCSA. You do not have to pass them in order.

Link below to the RHCSA exam outline, also from Redhat.

http://www.redhat.com/training/courses/ex200/examobjective

The links above will open in a new page, and are guaranteed to bring you pain and suffering.