Logwatch
①Install
1 |
# apt -y install logwatch |
②Copy the default configuration file
1 |
# cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ |
➂Change email address, etc.
1 2 3 4 5 6 7 8 |
# vi /etc/logwatch/conf/logwatch.conf ● Per Line 52 #MailTo = root ← Comment out and add the following MailTo =<your mailaddress> ← Mailing address ●Per Line 85 #Detail = Low Detail = High |
④Creating Directories
1 |
# mkdir /var/cache/logwatch |
⑤Confirmation of Operation
When logwatch is installed, cron is registered by default, so report mail is delivered every day.
Test if the report is delivered to the address you set.
1 |
# /etc/cron.daily/00logwatch |
Chkrootkit
①Install chkrootkit
1 |
# apt -y install chkrootkit |
➁Check chkrootkit
1 2 |
# chkrootkit | grep INFECTED If nothing is displayed, no problem. |
④Create chkrootkit periodic execution script and change permissions
Automatically creates /etc/cron.daily/chkrtootkit based on /usr/sbin/chkrootkit-daily and runs it automatically every day, so no script creation is required
Disk Usage Check Script
1. Scripting
1 2 |
# cd /opt/script/ # vi disk_capacity_check.sh |
Contents of disk_capacity_check.sh
1 2 3 4 5 6 7 8 9 10 |
#!/bin/bash #Email Address for Notification MAIL="<your mailaddress> " DVAL=`/bin/df / | /usr/bin/tail -1 | /bin/sed 's/^.* \([0-9]*\)%.*$/\1/'` if [ $DVAL -gt 80 ]; then echo "Disk usage alert: $DVAL %" | mail -s "Disk Space Alert in `hostname`" $MAIL fi |
1 |
# chmod 700 disk_capacity_check.sh |
2. Execution check
①Check current usage
1 |
# df -h |
It appears as follows
1 2 3 4 5 6 7 |
Filesystem Size Used Avail Use% Mounted on udev 1.9G 0 1.9G 0% /dev tmpfs 389M 772K 388M 1% /run /dev/sda1 19G 1.9G 16G 11% / tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 389M 0 389M 0% /run/user/1000 |
②Create a dummy file (in the example, it is called "dummyfile" and is about 15G) so that the utilization is 80% or more.
1 |
# dd if=/dev/zero of=dummyfile bs=1M count=15000 |
③Check again
1 |
# df -h |
Run it and make sure it is above 80%.
④Run disk space check script
1 |
# /opt/script/disk_capacity_check.sh |
You will receive an e-mail to the e-mail address you have set up with the body of the message as "Disk usage alert : 94%".
⑤Delete the "dummyfile" you created.
1 |
# rm dummyfile |
⑥Periodic Execution Setting
1 2 |
# crontab -e 30 2 * * * /opt/script/disk_capacity_check.sh |