DOCSLIB.ORG

Stable and Should Be Used Instead

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Stable and Should Be Used Instead SIMP Documentation THE SIMP TEAM Dec 09, 2020 Contents 1 Level of Knowledge 3 1.1 Quick Start................................................4 1.2 Changelogs................................................4 1.3 SIMP Getting Started Guide....................................... 103 1.4 SIMP User Guide............................................ 119 1.5 SIMP HOWTO Guides.......................................... 208 1.6 Frequently Asked Questions....................................... 281 1.7 Contributing to SIMP.......................................... 290 1.8 SIMP Security Concepts......................................... 326 1.9 SIMP Security Control Mapping..................................... 344 1.10 Vulnerability Supplement........................................ 705 1.11 Help................................................... 707 1.12 License.................................................. 708 1.13 Contact.................................................. 709 1.14 Glossary of Terms............................................ 709 Index 725 i ii SIMP Documentation This is the documentation for the 6.5.0-1 release of SIMP, which is compatible with CentOS and Red Hat Enterprise Linux (RHEL). This guide will walk a user through the process of installing and managing a SIMP system. It also provides a mapping of security features to security requirements, which can be used to document a system’s security conformance. Warning: Be EXTREMELY CAREFUL when performing copy/paste operations from this document! Different web browsers and operating systems may substitute incompatible quotes and/or line endings in your files. The System Integrity Management Platform (SIMP) is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding upon this philosophy, SIMP also aims to take care of routine policy compliance to include NIST 800-53, FIPS 140-2, the DISA STIG, and the SCAP Security Guide. By using the Puppet automation stack, SIMP is working toward the concept of a self-healing infrastructure that, when used with a consistent configuration management process, will allow users to have confidence that their systems not only start in compliance but remain in compliance over time. Finally, SIMP has a goal of remaining flexible enough to properly maintain your operational infrastructure. To this end, where possible, the SIMP components are written to allow all security-related capabilities to be easily adjusted to meet the needs of individual applications. Contents 1 SIMP Documentation 2 Contents CHAPTER 1 Level of Knowledge SIMP is designed for use by system administrators/users with a strong background in Linux operating systems. The core technologies that require prerequisite knowledge are: • Puppet - 5.5 or later • Domain Name System (DNS) - BIND 9 • Dynamic Host Configuration Protocol (DHCP) - Internet Systems Consortium (ISC) DHCP • Lightweight Directory Access Protocol (LDAP) - OpenLDAP • RedHat Kickstart, including all technologies involved: Trivial File Transfer Protocol (TFTP), PXE, PXELinux, etc. • The Apache HTTP Server • The Yellowdog Updater, Modified (YUM) package manager • Rsyslog 8+ • IPTables (Internet Protocol Tables)/Firewalld, basic knowledge of the rules • Auditd, Basic knowledge of how the daemon works • Advanced Intrusion Detection Environment (AIDE), basic knowledge of the rules • Basic X.509-based PKI Key Management SIMP handles as much of the initial setup and management of these tools as possible However, you will need at least some understanding of them in order to tailor a SIMP system to fit the desired environment. You will also need a general understanding of how to control and manipulate these tools from the command line interface (CLI); SIMP does not provide a graphical user interface (GUI). Knowledge of scripting and Ruby programming will also help to further customize a SIMP install but is not required for routine use. Contents: 3 SIMP Documentation 1.1 Quick Start 1.1.1 What is SIMP? The System Integrity Management Platform (SIMP) is an Open Source framework designed around the concept that individuals and organizations should not need to repeat the work of automating the basic components of their operating system infrastructure. Expanding upon this philosophy, SIMP also aims to take care of routine policy compliance to include NIST 800-53, FIPS 140-2, the DISA STIG, and the SCAP Security Guide. By using the Puppet automation stack, SIMP is working toward the concept of a self-healing infrastructure that, when used with a consistent configuration management process, will allow users to have confidence that their systems not only start in compliance but remain in compliance over time. Finally, SIMP has a goal of remaining flexible enough to properly maintain your operational infrastructure. To this end, where possible, the SIMP components are written to allow all security-related capabilities to be easily adjusted to meet the needs of individual applications. 1.1.2 Diving Right In The fastest way to get started with SIMP is to use one of the following two guides: 1. You need an ISO for bare metal or VM installation • Installing SIMP from an ISO 2. You have an existing system • Installing SIMP From A Repository You should then follow the SIMP User Guide to start configuring the system. 1.2 Changelogs This contains all SIMP changelogs for reference. Important: Please read the intermediary changelogs if you are jumping versions during an upgrade! 1.2.1 SIMP 6.0.0-0 Contents • SIMP 6.0.0-0 – Breaking Changes – Significant Updates – Security Announcements – RPM Updates 4 Chapter 1. Level of Knowledge SIMP Documentation – Removed Modules – Fixed Bugs – New Features – Known Bugs This release is known to work with: • RHEL 6.8 x86_64 • RHEL 7.3 x86_64 • CentOS 6.8 x86_64 • CentOS 7.0 1611 x86_64 Breaking Changes Warning: This release of SIMP is NOT backwards compatible with previous releases. Direct updates will not work. At this point, do not expect any of our code moving forward to work with Puppet 3. If you find any issues, please file bugs! Note: If you are working to integrate SIMP into Puppet Enterprise, these are the modules that you need to use since they are Puppet 4 compatible. Breaking Changes Since RC1 Unfortunately, a few items were identified which necessitated additional breaking changes prior to the final release. These are specifically enumerated here to make sure that they are not missed. simp::yum Refactor The simp::yum class was confusing and, as we attempted to install systems via yum, we found out just how bad it was. Fundamentally, most installations of SIMP are going to have their own repos at some unknown location that they want to use. In ISO installations, which we can detect, there will be a local repo and we can set the parameters accordingly via simp config. All of the old parameters have been removed, and to get back to old functionality, all that has to be done is add the following classes to nodes and adjust previous hiera settings to use the new classes: --- classes: -'simp::yum::repo::local_os_updates' -'simp::yum::repo::local_simp' --- 1.2. Changelogs 5 SIMP Documentation RPM Installation If installing from RPM, you will want to take a look at the latest documentation. The most important thing to be aware of is that there is now something called simp-adapter that must be installed with, or before, the simp RPM. If you are using Puppet Enterprise, you’ll want to use the simp-adapter-pe RPM instead. Paths Puppet AIO Paths The system has been updated to use the Puppet AIO paths. Please see the Puppet Location Reference for full details. SIMP Installation Paths For better integration with r10k and Puppet Code Manager, SIMP now installs all materials in /usr/share/simp by default. A script simp_rpm_helper has been added to copy the environment and module data into place at /etc/ puppetlabs/code if configured to do so. On the ISO, this configuration is done by default and will be set to auto-update for all future RPM updates. If you wish to disable this behavior, you should edit the options in /etc/simp/adapter_config.yaml. Note: Anything that is in a Git or Subversion repository in the simp environment will NOT be overwritten by simp_rpm_helper. SIMP Dynamic Content Paths To ensure that SIMP dynamic content (ssh keys, generated passwords) are not mixed with Git-managed infrastructure, the SIMP dynamic content has been moved to simp_autofiles at the top level of the environment. This will be moved down into /var/simp/environments for consistency in the final 6.0.0 release. SIMP Rsync Paths The SIMP Rsync subsystem now fully supports multiple environments. All environment-relevant materials have been moved to /var/simp/environments/simp/rsync. Please copy the contents of that directory if you create another environment. SIMP Partitioning Scheme SIMP no longer creates a /srv partition on EL 6 or 7. /var has assumed the role of /srv. The root partition size has been increased from 4GB to 10GB. 6 Chapter 1. Level of Knowledge SIMP Documentation Significant Updates Root Login via Console Root is no longer allowed to log into clients or the SIMP server by default. SIMP Scenarios and simp_config_settings.yaml We have changed the way that SIMP includes classes. There is a new top-level variable, set in manifests/site. pp that controls the list of classes to be included. The goal of this change is to ease users with existing infrastructures into using full-bore
Load more

Recommended publications
  • Log-Management-Tenshi.Pdf
    Network Monitoring and Management Log Management Network Startup Resource Center www.ws.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Log Management & Monitoring • Keep your logs in a secure place • Where they can be easily inspected • Watch your log file • They contain important information – Many things happen – Someone needs to review them – It’s not practical to do this manually Log Management & Monitoring On your routers and switches And, on your servers Log Management • Centralize and consolidate log files • Send all log messages from your routers, switches and servers to a single node – a log server. • All network hardware and UNIX/Linux servers can be monitored using some version of syslog (we use either syslog-ng or rsyslog for this workshop). • Windows can, also, use syslog with extra tools. • Save a copy of the logs locally, but, also, save them to a central log server. Syslog Basics Uses UDP protocol, port 514 Syslog messages have two attributes (in addition to the message itself): Facility Level Auth Security | Emergency (0) Authpriv User | Alert (1) Console Syslog | Critical (2) Cron UUCP | Error (3) Daemon Mail | Warning (4) Ftp Ntp | Notice (5) Kern News | Info (6) Lpr | Debug (7) Local0 ...Local7 | Centralized Logging Configuring Centralized Logging Cisco hardware – At a minimum: logging ip.of.logging.host Unix and Linux nodes – In syslogd.conf, or in rsyslog.conf, add: *.* @ip.of.log.host – Restart syslogd, rsyslog or syslog-ng Other equipment have similar options – Options to control facility and level Receiving Messages – syslog-ng • Identify the facility that the equipment is going to use to send its messages.
    [Show full text]
  • NXLOG Community Edition Reference Manual for V2.9.1716 I
    Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 i NXLOG Community Edition Reference Manual for v2.9.1716 Ed. v2.9.1716 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 ii Copyright © 2009-2014 NXLog Ltd. Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iii Contents 1 Introduction 1 1.1 Overview . .1 1.2 Features . .1 1.2.1 Multiplatform . .1 1.2.2 Modular architecture . .1 1.2.3 Client-server mode . .2 1.2.4 Log message sources and destinations . .2 1.2.5 Importance of security . .2 1.2.6 Scalable multi-threaded architecture . .2 1.2.7 High performance I/O . .2 1.2.8 Message buffering . .2 1.2.9 Prioritized processing . .3 1.2.10 Avoiding lost messages . .3 1.2.11 Apache-style configuration syntax . .3 1.2.12 Built-in config language . .3 1.2.13 Scheduled tasks . .3 1.2.14 Log rotation . .3 1.2.15 Different log message formats . .4 1.2.16 Advanced message processing capabilites . .4 1.2.17 Offline processing mode . .4 1.2.18 Character set and i18n support . .4 2 Installation and quickstart 5 2.1 Microsoft Windows . .5 2.2 GNU/Linux . .6 2.2.1 Installing from DEB packages (Debian, Ubuntu) . .6 2.2.2 Installing from RPM packages (CentOS, RedHat) . .6 2.2.3 Configuring nxlog on GNU/Linux . .6 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iv 3 Architecture and concepts 7 3.1 History .
    [Show full text]
  • Fedora 16 System Administrator's Guide
    Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Jaromír Hradílek Douglas Silas Martin Prpič Eva Kopalová Eliška Slobodová Tomáš Čapek Petr Kovář Miroslav Svoboda System Administrator's Guide John Ha David O'Brien Michael Hideo Don Domingo Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Edition 1 Author Jaromír Hradílek [email protected] Author Douglas Silas [email protected] Author Martin Prpič [email protected] Author Eva Kopalová [email protected] Author Eliška Slobodová [email protected] Author Tomáš Čapek [email protected] Author Petr Kovář [email protected] Author Miroslav Svoboda [email protected] Author John Ha Author David O'Brien Author Michael Hideo Author Don Domingo Copyright © 2011 Red Hat, Inc. and others. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
    [Show full text]
  • 2020 Spring Product Guide Final-Min
    2020 SPRING INTEGRATOR PRODUCT GUIDE COME SWIM WITH THE BIG FISH November 9 – 11, 2020 | Cleveland, OH | Huntington Convention Center Take control of your business success. Gain insights from the integration industry elite this November at Total Tech Summit. This uniquely powerful by invitation-only event drives extraordinary progress in the integration industry. Total Tech Summit is where the industry elite gather. Total Tech Summit helps to grow and improve your company through: › Educational, deep-dive sessions from the industry elite › 1-on-1 and boardroom meetings with new vendors that can take your offerings from better to best › Networking at every turn. Connect with both integrators in your industry and beyond to help give you fresh ideas and business strategies › Complimentary flights, hotel, “Gathering of professionals that registration, and meals to help you are non-competition to collaborate focus on what matters most on ideas to grow business in profits, procurement, strategies, staffing and general business practices is a wealth of knowledge at the cost of a couple days’ time and to also have the added benefit of meeting one on one with manufacturers that you may not have reached out to.” — John Rudolph, Vice President, PCD To learn more and to apply to join the best in the industry, please visit www.totaltechsummit.com Table of Contents Page 6 Audio ▶ Page 23 Control/Networking/Energy Management ▶ Page 36 Home Enhancements (central vacuum, wire and cable, tools, testers, furniture) ▶ Page 48 Security ▶ Page 53 Video ▶ Page
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Greg Kroah-Hartman [email protected] Github.Com/Gregkh/Presentation-Kdbus
    kdbus IPC for the modern world Greg Kroah-Hartman [email protected] github.com/gregkh/presentation-kdbus Interprocess Communication ● signal ● synchronization ● communication standard signals realtime The Linux Programming Interface, Michael Kerrisk, page 878 POSIX semaphore futex synchronization named eventfd unnamed semaphore System V semaphore “record” lock file lock file lock mutex threads condition variables barrier read/write lock The Linux Programming Interface, Michael Kerrisk, page 878 data transfer pipe communication FIFO stream socket pseudoterminal POSIX message queue message System V message queue memory mapping System V shared memory POSIX shared memory shared memory memory mapping Anonymous mapping mapped file The Linux Programming Interface, Michael Kerrisk, page 878 Android ● ashmem ● pmem ● binder ashmem ● POSIX shared memory for the lazy ● Uses virtual memory ● Can discard segments under pressure ● Unknown future pmem ● shares memory between kernel and user ● uses physically contigous memory ● GPUs ● Unknown future binder ● IPC bus for Android system ● Like D-Bus, but “different” ● Came from system without SysV types ● Works on object / message level ● Needs large userspace library ● NEVER use outside an Android system binder ● File descriptor passing ● Used for Intents and application separation ● Good for small messages ● Not for streams of data ● NEVER use outside an Android system QNX message passing ● Tight coupling to microkernel ● Send message and control, to another process ● Used to build complex messages
    [Show full text]
  • Linux and Open Source for (Almost) Zero Cost PCI Compliance
    Linux and Open Source for (Almost) Zero Cost PCI Compliance Rafeeq Rehman 2 Some Introductory Notes ¡ Payment Card Industry (PCI) standard is not a government regulaon. ¡ Who needs to comply with PCI? ¡ Twelve major requirements covering policy, processes, and technology to protect Credit Card Data. ¡ What is Credit Card Data? ¡ Few Clarificaons ¡ Payment Card Industry (PCI) requires some tasks to be performed by external vendors depending upon merchant level. There is no other way around, unfortunately. ¡ Open Source soluCons do need people. That is why it is almost free but not totally free. 9/10/11 3 What the Auditors Look For? ¡ Is PCI just a checklist? ¡ Are auditors genuinely interested in securing the PCI data? ¡ Does it maer if you use an open source or commercial product to meet PCI requirements? ¡ What if you meet PCI requirements while improving security and spending less money? 9/10/11 4 Is it viable to use Open Source for PCI Compliance? ¡ Is there a real company who uses Open Source soQware to achieve PCI compliance? Is it even possible? ¡ PCI 2.0 focuses more on Risk based approach. ¡ PCI (or any compliance) is boring! Make it interesCng by using Open Source. 9/10/11 5 PCI Biggest Expenses 1. Log Management (Storage and archiving, Monitoring and Alerng) 2. Vulnerability Scanning 3. Network Firewalls and Network Segmentaon 4. Intrusion DetecCon System 5. EncrypCon for data-at-rest 6. File Integrity Monitoring 7. IdenCty Management (Password controls, Two factor for remote access, Role based access) 9/10/11 6 AddiConal PCI
    [Show full text]
  • Performance Tuning Guide
    Red Hat Enterprise Linux 7 Performance Tuning Guide Optimizing subsystem throughput in Red Hat Enterprise Linux 7 Red Hat Subject Matter ExpertsLaura Bailey Charlie Boyle Red Hat Enterprise Linux 7 Performance Tuning Guide Optimizing subsystem throughput in Red Hat Enterprise Linux 7 Laura Bailey Red Hat Customer Content Services Charlie Boyle Red Hat Customer Content Services Red Hat Subject Matter Experts Edited by Milan Navrátil Red Hat Customer Content Services [email protected] Legal Notice Copyright © 2016 Red Hat, Inc. and others. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Red Hat Openstack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide
    Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting Last Updated: 2021-05-13 Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting OpenStack Team [email protected] Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Rsyslog Doc Documentation Release 8.18.0.Master
    Rsyslog Doc Documentation Release 8.18.0.master foo bar March 09, 2016 Contents 1 Manual 3 2 Reference 275 3 Sponsors and Community 317 4 Related Links 319 i ii Rsyslog Doc Documentation, Release 8.18.0.master Rsyslog is a rocket-fast system for log processing. It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to • accept inputs from a wide variety of sources, • transform them, • and output the results to diverse destinations. Rsyslog has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQL, Post- greSQL, failover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part. Contents 1 Rsyslog Doc Documentation, Release 8.18.0.master 2 Contents CHAPTER 1 Manual 1.1 Configuration Rsyslogd is configured via the rsyslog.conf file, typically found in /etc. By default, rsyslogd reads the file /etc/rsyslog.conf. This can be changed by a command line option. Note that configurations can be built interactively via the online rsyslog configuration builder tool. 1.1.1 Basic Structure This section describes how rsyslog configuration basically works. Think of rsyslog as a big logging and event pro- cessing toolset. It can be considered a framework with some basic processing that is fixed in the way data flows, but is highly customizable in the details of this message flow.
    [Show full text]
  • Remote Logging with Rsyslog
    Remote Logging with Rsyslog Or, How I Learned to Start Worrying and Love the Panopticon Paul Nijjar Kitchener-Waterloo Linux User Group August 10, 2009 Goals Centralize Logging: Look in one place, using one set of tools. Archive Logs: Keep logs around for at least a year. Generate Alerts: Tell me when something goes wrong. Identify Trends: Tell me what “business as usual” looks like. The last two of these goals are still works in progress. Another goal: do this on the cheap, preferably with FLOSS. Rsyslog About Syslog Syslogd is a logging interface used by many Linux programs to write log files. It is responsible for: Many of the files in /var/log: messages, debug, syslog, etc. Messages sent to the system console. Messages forwarded to other systems. Emergency log messages printed on everybody’s screens About Rsyslog Rsyslog is a drop-in replacement for regular syslog. It adds a bunch of features: Better security controls More filtering options/syntax More reliable transport mechanisms Writing to databases Rsyslog is now the default syslogging daemon for Fedora and Debian. Configuring Rsyslog 1 Enable remote logging 2 Write templates for filenames and log formats 3 Filter messages from different hosts to different files 4 Rotate and archive files using logrotate 5 Debug the collection process Config Files In Debian, configuration is done in /etc/rsyslog.conf and /etc/rsyslog.d/*.conf Order matters, so I prepend configuration snippets with numbers: /etc/rsyslog.d/00-AllowedHosts.conf /etc/rsyslog.d/40-Windows-Servers.conf /etc/rsyslog.d/99-EverythingElse.conf In general rules need to begin in the first column (no spaces) and they should be on one line.
    [Show full text]
  • Understanding and Improving Security of the Android Operating System
    Syracuse University SURFACE Dissertations - ALL SURFACE December 2016 Understanding and Improving Security of the Android Operating System Edward Paul Ratazzi Syracuse University Follow this and additional works at: https://surface.syr.edu/etd Part of the Engineering Commons Recommended Citation Ratazzi, Edward Paul, "Understanding and Improving Security of the Android Operating System" (2016). Dissertations - ALL. 592. https://surface.syr.edu/etd/592 This Dissertation is brought to you for free and open access by the SURFACE at SURFACE. It has been accepted for inclusion in Dissertations - ALL by an authorized administrator of SURFACE. For more information, please contact [email protected]. ABSTRACT Successful realization of practical computer security improvements requires an understanding and insight into the system’s security architecture, combined with a consideration of end-users’ needs as well as the system’s design tenets. In the case of Android, a system with an open, modular architecture that emphasizes usability and performance, acquiring this knowledge and insight can be particularly challenging for several reasons. In spite of Android’s open source philosophy, the system is extremely large and complex, documentation and reference materials are scarce, and the code base is rapidly evolving with new features and fixes. To make matters worse, the vast majority of Android devices in use do not run the open source code, but rather proprietary versions that have been heavily customized by vendors for product dierentiation. Proposing security improvements or making customizations without suicient insight into the system typically leads to less-practical, less-eicient, or even vulnerable results. Point solutions to specific problems risk leaving other similar problems in the distributed security architecture unsolved.
    [Show full text]