Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

MiracleLinux9.0 :  Tripwire Chkrootkit Logwatch DiCE etc.

Tripwire

1.Download and installation

2.Passphrase setting

Set site passphrase and local passphrase

3.Tripwire Configuration

①Configuration File Edit

②Create a Tripwire configuration file (cryptographically signed version)

③Delete Tripwire configuration file (text version)

④Policy File Settings

Contents of twpolmake.pl

⑤Policy File Optimizations

⑥Create policy file (cryptographically signed version) based on optimized policy file
⑦Create database and check operation

Delete test files

⑧Tripwire Scheduled Scripts

Contents of tripwire.sh

⑨Tripwire Autorun Script Execution Settings

Reference: Script for reporting results by e-mail

Confirmation that the results of the tripwire execution are notified to the specified e-mail address

Chkrootkit

①Download and install chkrootkit

➁Create /root/bin directory and move chkrootkit command to that directory
➂Check chkrootkit.
Checking `chsh'... INFECTED

If the above display appears, it is probably a false positive.

④Create chkrootkit periodic execution script and change permissions

Scheduled Script Contents

Add execution permission to chkrootkit execution script

⑥Backup commands used by chkrootkit
If the commands used by chkrootkit are tampered with, rootkit will not be detected.
Back up these commands.
If necessary, run chkrootkit with the backed up command

⑦Run chkrootkit on the copied command

If nothing is displayed, no problem.

⑧Compresses backed up commands
⑨Send chkrootkit use command (compressed version) to root by e-mail
⑩Download and save chkrootkit_cmd.tar.gz file to Windows
⑪Delete commands on the backed up server

Logwatch

①Install

②Edit configuration file

③Output Logwatch reports

It will appear as follows

④Test to see if the report arrives at the address you set. Check if you receive a log report email like the one above.

DiCE

Whenever the global IP changes, which happens when the network is disconnected or the router is disconnected and rebooted, the dynamic DNS must be accessed to inform the user that the global IP has changed. DiCE does this automatically!

①Download and install Dice

②DiCE Settings
DiCE output characters are EUC and therefore garbled; install nkf to convert to UTF-8

Installed the following to run 32-bit software Dice on 64-bit OS

③Launch DiCE

④Add Event
When the DNS service is VALUEDOMAIN

⑤Automatic execution of Dice

Start the DiCE daemon
Check if it is activated
Set to start automatically
Update domain information acquired through ValueDomain
There is no English version of DiCE.
Since the above DiCE is only available in Japanese and is old and has not been updated, I have prepared a shell script to update it.
I'm not sure if it will work, but I'll try it on a trial basis.
Auto Update Settings
With crontab -e, add the following to update periodically

Introduce disk usage check script

3.1 Script Creation

Contents of disk_capacity_check.sh

3.2 Execution Confirmation

①Check current usage rates

It appears as follows

②Create a dummy file to achieve at least 80% utilization

③check again
Confirmation that it is at 80% or higher

④Run check scripts

You will receive an email to the email address you have set up, stating something like "Disk usage alert: 89 %".

⑤Delete "dummyfile"

⑥Periodic Execution Setting
タイトルとURLをコピーしました