Linux Automation: Difference between revisions

From Coolscript
Jump to navigation Jump to search
Line 55: Line 55:
*OR see https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/RunSplunkassystemdservice
*OR see https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/RunSplunkassystemdservice


==Include Auditd into splunk=
==Include Auditd into splunk==
*Install auditd
*Install auditd
  ~# apt-get install auditd audispd-plugins
  ~# apt-get install auditd audispd-plugins
*Include into the Splunk Forwarder in '''/opt/splunkforwarder/etc/system/local/inputs.conf'''  
*Include into the Splunk Forwarder in '''/opt/splunkforwarder/etc/system/local/inputs.conf'''  
[monitor://$SPLUNK_HOME//var/log/audit/audit.log]
[monitor://$SPLUNK_HOME//var/log/audit/audit.log]
index = _internal
index = _internal

Revision as of 21:02, 14 December 2020

Setup a proxy server for apt

echo 'Acquire::http::Proxy "http://myserver.com.com:port";' > /etc/apt/apt.conf

Update using apt

  • Possible commands
apt-get -y upgrade 

apt-get -y  upgrade; logger "APT has been applied"

unattended-upgrade --dry-run -d

Create crontab automatically

~# echo 'MAILTO=""' > mycron
~# echo "00 05 * * * apt-get update && apt-get -y upgrade | logger 
~# sudo crontab mycron
~# rm mycron

Users and Groups

Configure sudo to gain root privileges for users

  • /etc/sudoers (use visudo -f)
root    ALL=(ALL:ALL) ALL
  • Add user joe to sudo
usermod -a -G sudo joe
  • Add a system user (no shell)
useradd -M systemuser
  • Prevent login
usermod -L systemuser

Clear History at logout

echo "history -c" | sudo tee /etc/bash.bash_logout

Unattended Splunk Forwarder Install

See this: https://docs.splunk.com/Documentation/Splunk/7.1.0/Security/Secureyouradminaccount

  • Get Binary
wget -q https://coolscript.org/download/splunk/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb -O /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb


  • Install
dpkg -i /tmp/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-amd64.deb
  • Get the seed config
wget -q https://coolscript.org/download/splunk/user-seed.conf -O /opt/splunkforwarder/etc/system/local/user-seed.conf
  • Start unattended the very first time
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt
  • OR
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --gen-and-print-passwd
  • Autostart at boot
/opt/splunkforwarder/bin/splunk enable boot-start

Include Auditd into splunk

  • Install auditd
~# apt-get install auditd audispd-plugins
  • Include into the Splunk Forwarder in /opt/splunkforwarder/etc/system/local/inputs.conf
[monitor://$SPLUNK_HOME//var/log/audit/audit.log]
index = _internal
Retrieved from "https://coolscript.org/index.php?title=Linux_Automation&oldid=224"