I don’t know if 260000+ rejected attempts to relay email through an email server within a week should be considered an attack or just a considerable amount of bad traffic, but for my small server with the limited bandwidth this was an incident that I wouldn’t like to face on a regular basis. This article [...]

Those who use a SELinux enabled distribution – more specifically those who have set the SELinux security layer to enforcing mode – will most probably know about the auditd daemon (part of the audit package in Fedora Core). By default, all SELinux messages are recorded to the syslog, but when auditd is running, then all [...]

As you may have noticed, I’ve changed my web site’s domain recently. Therefore, I had to redirect all requests to the new address. This has been done and it works as expected, but how about taking a closer look at the HTTP responses the web server returns to the client if an old URL is [...]

Today, I revised my logwatch configuration and I decided to use an external parser for the SELinux audits. Logwatch includes such a parser (/usr/share/logwatch/scripts/services/audit script), but i tend to prefer seaudit-report, part of the setools-gui package in Fedora. Don’t let the package name confuse you, seaudit-report is a CLI tool.

Logwatch is the preferred tool in order to get summaries of the various service logs in Fedora Core 5. It needs very little customization, which mainly summarizes in overriding some of the log file locations. The only issue I have encountered so far is that it cannot parse the Dovecot log entries correctly.

ModSecurity is an Apache module which adds an extra layer of security by analyzing client requests before they are processed by Apache and, furthermore, by analyzing server responses after a request has been processed. This article intends to be a ModSecurity overview and to provide the reader with the basic knowledge about the most important directives. For detailed information refer to the ModSecurity Documentation.

I’ve been checking the web server logs lately seeking for a way to track down the remote hosts that regularly submit, or try to submit, spam comments massively. Grep-ing the logs is no fun at all, so I wrote a small BASH script to do the dirty work for me. Well, this one was written [...]

AWstats is a free, popular log analyzer, released under the GPL. It can generate advanced graphical statistics from web, streaming, ftp or mail server log files. This document is not intended to be a review, but rather a quick installation and configuration guide for a specific web site, in order to have as accurate statistical data as possible for use in your traffic analysis reports.

It’s very useful, when testing things, to have syslog messages appear in real-time on the screen. This way there is no need to check /var/log/messages all the time.

There are some really useful commands that can give information about the system directly from the console. Some of them are: