Logwatch
Logwatch compiles various logs together and delivers them as a report via email on a regular daily basis. This is a useful tool for detecting unauthorized access and problems and monitoring servers.
①Install
|
1 |
# apt -y install logwatch |
②Copy the default configuration file
|
1 |
# cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ |
➂Change email address, etc.
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/logwatch/conf/logwatch.conf Line 52 : Add the email address where you want to receive notifications below as a comment. #MailTo = root MailTo = [E-mail address] Line 85 : Set the level of detail for log notifications #Detail = Low Detail = High |
④Creating Directories
|
1 |
# mkdir /var/cache/logwatch |
⑤Confirmation of Operation
When logwatch is installed, cron is registered by default, so report mail is delivered every day.
Test if the report is delivered to the address you set.
|
1 |
# /etc/cron.daily/00logwatch |
Chkrootkit
chkrootkit is a tool to detect the presence of rootkits.
Note that chkrootkit is meaningless after it has already been tampered with, so consideration must be given when introducing it. In addition, chkrootkit has no function to automatically deal with a rootkit even if it detects it, so it must be dealt with manually after detection.
①Install chkrootkit
|
1 |
# apt -y install chkrootkit |
➁Check chkrootkit
|
1 2 |
# chkrootkit | grep INFECTED If nothing is displayed, there is no problem. |
④Create chkrootkit periodic execution script and change permissions
Automatically creates /etc/cron.daily/chkrtootkit based on /usr/sbin/chkrootkit-daily and runs it automatically every day, so no script creation is required
Disk Usage Check Script
1. Script creation
|
1 2 |
# cd /opt/script/ # vi disk_capacity_check.sh |
Contents of disk_capacity_check.sh
|
1 2 3 4 5 6 7 8 9 10 |
#!/bin/bash #Specify notification email address MAIL="<your mailaddress>" DVAL=`/bin/df / | /usr/bin/tail -1 | /bin/sed 's/^.* \([0-9]*\)%.*$/\1/'` if [ $DVAL -gt 80 ]; then echo "Disk usage alert: $DVAL %" | mail -s "Disk Space Alert in `hostname`" $MAIL fi |
|
1 |
# chmod 700 disk_capacity_check.sh |
2. Execution check
①Check current usage
|
1 |
# df -h |
It appears as follows
|
1 2 3 4 5 6 7 |
Filesystem Size Used Avail Use% Mounted on udev 1.9G 0 1.9G 0% /dev tmpfs 389M 772K 388M 1% /run /dev/sda1 19G 2.9G 15G 17% / tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 389M 0 389M 0% /run/user/1000 |
②Create a dummy file (in the example, it is called "dummyfile" and is about 14G) so that the utilization is 80% or more.
|
1 |
# dd if=/dev/zero of=dummyfile bs=1M count=14000 |
③Check again
|
1 |
# df -h |
Verify that it is running and has reached over 80%.
④Run disk space check script
|
1 |
# /opt/script/disk_capacity_check.sh |
You will receive an e-mail to the e-mail address you have set up with the body of the message as "Disk usage alert : 94%".
⑤Delete the "dummyfile" you created.
|
1 |
# rm dummyfile |
⑥Periodic Execution Setting
|
1 2 |
# crontab -e 30 2 * * * /opt/script/disk_capacity_check.sh |
DNS Update
Whenever the internet connection is lost or the router reboots, causing the global IP address to change, you must access the dynamic DNS service to notify it of the new IP address.
Create a dedicated Python file and schedule it for regular execution via Cron.
This time, it's about DNS settings in Valudomain.
|
1 2 |
# cd /opt/script # vi ddnsset.py |
Content of ddnsset.py
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
#setddns.py import requests import ipaddress from datetime import datetime from pathlib import Path # SETTING DATA MY_DOMAIN = "example.jp" ←Self-hosted domain MY_PASS = "xxxxxxxxxx" ←Password MY_HOSTNAME = "xxxx" ←Host name OUT_FILE = Path("/tmp/ipadress") ←IP Address Log File def time_msg(): now = datetime.now() return now.strftime("%Y/%m/%d %H:%M:%S") def is_valid_ip(ip_str): try: ipaddress.ip_address(ip_str) return True except ValueError: return False def main(): # Check Global IP Address url_get_ip = "https://dyn.value-domain.com/cgi-bin/dyn.fcg?ip" try: response = requests.get(url_get_ip, timeout=10) response.raise_for_status() current_ip = response.text.strip() except requests.RequestException as e: print(f"{time_msg()} Failed to get IP: {e}") return # IP check mssg = time_msg() if not current_ip: print(f"{mssg} invalid IP NULL") return if not is_valid_ip(current_ip): print(f"{mssg} invalid IP={current_ip}") return # Read previous IP previous_ip = "" if OUT_FILE.exists(): with open(OUT_FILE, "r") as f: previous_ip = f.read().strip() if current_ip == previous_ip: print(f"{time_msg()} no change IP={current_ip}") return else: print(f"change IP from {previous_ip} to {current_ip}") # Update DDNS mssg = time_msg() print(f"{mssg} access to value-domain") url_set_ddns = ( f"https://dyn.value-domain.com/cgi-bin/dyn.fcg?" f"d={MY_DOMAIN}&p={MY_PASS}&h={MY_HOSTNAME}" ) try: response = requests.get(url_set_ddns, timeout=10) response.raise_for_status() # Convert line breaks to spaces and consolidate consecutive spaces into a single space. result = ' '.join(response.text.strip().split()) except requests.RequestException as e: print(f"{time_msg()} Failed to update DDNS: {e}") return mssg = time_msg() print(f"{mssg} {MY_HOSTNAME}.{MY_DOMAIN} {result} IP={current_ip}") # Only save the IP address if the DDNS update is successful. if "status=0" in result: with open(OUT_FILE, "w") as f: f.write(current_ip) print(f"{mssg} Successfully saved new IP: {current_ip}") else: print(f"{mssg} DDNS update failed, IP not saved") if __name__ == "__main__": main() |
IP Address Log File Creation
|
1 |
# touch /tmp/ipadress |
Run periodically
|
1 2 3 |
# crontab -e * 00 * * * /usr/bin/python3 /var/www/system/ddnsset.py >> /var/log/ddns_updater.log 2>&1 |
