Tag Archives: Audit

High traffic on the email server

I don’t know if 260000+ rejected attempts to relay email through an email server within a week should be considered an attack or just a considerable amount of bad traffic, but for my small server with the limited bandwidth this was an incident that I wouldn’t like to face on a regular basis. This article…

Continue reading

SELinux audit reports script

No Comments

Those who use a SELinux enabled distribution – more specifically those who have set the SELinux security layer to enforcing mode – will most probably know about the auditd daemon (part of the audit package in Fedora Core). By default, all SELinux messages are recorded to the syslog, but when auditd is running, then all…

Continue reading

How to integrate seaudit-report in logwatch

No Comments

Today, I revised my logwatch configuration and I decided to use an external parser for the SELinux audits. Logwatch includes such a parser (/usr/share/logwatch/scripts/services/audit script), but i tend to prefer seaudit-report, part of the setools-gui package in Fedora. Don’t let the package name confuse you, seaudit-report is a CLI tool.

Logwatch and Dovecot 1.x series in FC5

No Comments

Logwatch is the preferred tool in order to get summaries of the various service logs in Fedora Core 5. It needs very little customization, which mainly summarizes in overriding some of the log file locations. The only issue I have encountered so far is that it cannot parse the Dovecot log entries correctly.

ModSecurity Overview

ModSecurity is an Apache module which adds an extra layer of security by analyzing client requests before they are processed by Apache and, furthermore, by analyzing server responses after a request has been processed. This article intends to be a ModSecurity overview and to provide the reader with the basic knowledge about the most important…

Continue reading

Track ’em Down!

I’ve been checking the web server logs lately seeking for a way to track down the remote hosts that regularly submit, or try to submit, spam comments massively. Grep-ing the logs is no fun at all, so I wrote a small BASH script to do the dirty work for me. Well, this one was written…

Continue reading

A quick AWstats guide

This guide will help you install and configure AWStats, schedule the parsing of the Apache access log files and use the statistical data to generate web traffic reports. All steps are explained in great detail.