HOWTO Logwatch - security
Postat: 08 jun 2015, 17:40
Hello - Logwatch is a program that watch your system and creates logs.
You can pick different levels of your logs of your system - low, medium and high security.
And you can pick what to monitor with your logging - http, sudo and more ...
This is a great way monitor you system - where you can pick to get yeasterdays logs or todays logs sent to your email.
First i just want to tell you how difficult it was to get all this working.
I try to get a working email system to work with my Ubuntu so Logwatch can send me emails using my Ubuntu system.
And i end up trying to configurating Postfix - i follow many guides online and none working.
This made me very angry.
But thanks to this great forum [ubuntu org] i describe my issue and got help to solve my problem.
A user suggest me to install SSMTP instead of Postfix and it did work direct after the first install and configuration.
After that i was going to install Logwatch - but then i notice that the guides say different things how to install Logwatch.
This was at first confusing - but at the end i solve the wrong information to a working solution to install and configurating Logwatch.
1) So now i will show you how to install and configurating the mail software SSMTP so you can get emails from Logwatch.
2) After getting SSMTP working i will show you how to install and configurating LOGWATCH.
3) During this installation process you need a gmail.com account to get this guide to work.
Installing and configurationg SSMTP to send emails from your Ubuntu system
First you run the following code to get updated system:
After that you install ssmtp
Now you will open a text file using a editor with the name nano.
After editing a file you click on "ctrl" and "o" to save the changes and click "enter" then close nano with "ctrl" and "x"
This is the all commands you need to open, save and close using nano.
Type the following in the command line:
Then you will get a file and it should look like this:
You have to add the missing parts and add your email.
When you are done you can test to send email to your gmail account.
But at first it will not work because gmail will complain about you being spamming the email account and also issue how the deamon can know your password to your gmail account.
Then gmail will ask if you want to change secutiry settings and you should answaer yes or activate the funktion allowing emails from your Ubuntu system.
When this is done you can test send email again - then it should work just fine.
This is how you send email using the command line with ssmtp:
Afer typing this into the command line you click on Enter and type your message.
For example:
After that you need to end this session with Ctrl D.
Now you can check your email and you will see your message Hello world.
Here is the ssmtp guide i follow http://www.havetheknowhow.com/Configure ... ssmtp.html
Now when you get this working you can move on to next part - installing and configurating Logwatch.
Installing and configurationg LOGWATCH to send security logs to your email account:
First we install Logwatch
We have to create a directory that Logwatch dosent do by default.
Write the following code to create /var/cache/logwatch
Now we should not add and configurationg the logwatch.conf file using this path /usr/share/logwatch
We should copy logwatch.conf to /etc/logwatch/conf/ and that is the file we will configurate.
So now we copy the file using following code
Now you open up the logwatch.conf file using following path
First you change the output to mail and mailto with your email account.
Then you can add your email again at this line
Now you can set the reports to yesterday or today - i pick Today
At last you can pick if you want low security issues or medium or high - i pick medium
Now you can test Logwatch to send security report to your mail.
Just write logwatch in the command line and check your email account.
I follow different guides to understand how to install and configurate Logwatch correct.
I post them in the order you should read and refering to the guides to understand what is correct settings with Logwatch.
First guide to use is https://help.ubuntu.com/community/Logwatch
Secound guide to use is https://wiki.amahi.org/index.php/Monito ... via_E-mail
And last guide to get more details https://www.digitalocean.com/community/ ... r-on-a-vps
You can pick different levels of your logs of your system - low, medium and high security.
And you can pick what to monitor with your logging - http, sudo and more ...
This is a great way monitor you system - where you can pick to get yeasterdays logs or todays logs sent to your email.
First i just want to tell you how difficult it was to get all this working.
I try to get a working email system to work with my Ubuntu so Logwatch can send me emails using my Ubuntu system.
And i end up trying to configurating Postfix - i follow many guides online and none working.
This made me very angry.
But thanks to this great forum [ubuntu org] i describe my issue and got help to solve my problem.
A user suggest me to install SSMTP instead of Postfix and it did work direct after the first install and configuration.
After that i was going to install Logwatch - but then i notice that the guides say different things how to install Logwatch.
This was at first confusing - but at the end i solve the wrong information to a working solution to install and configurating Logwatch.
1) So now i will show you how to install and configurating the mail software SSMTP so you can get emails from Logwatch.
2) After getting SSMTP working i will show you how to install and configurating LOGWATCH.
3) During this installation process you need a gmail.com account to get this guide to work.
Installing and configurationg SSMTP to send emails from your Ubuntu system
First you run the following code to get updated system:
Kod: Markera allt
sudo apt-get update
Kod: Markera allt
sudo apt-get install ssmtp
After editing a file you click on "ctrl" and "o" to save the changes and click "enter" then close nano with "ctrl" and "x"
This is the all commands you need to open, save and close using nano.
Type the following in the command line:
Kod: Markera allt
sudo nano /etc/ssmtp/ssmtp.conf
You have to add the missing parts and add your email.
Kod: Markera allt
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=MyEmailAddress@gmail.com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
#mailhub=mail
mailhub=smtp.gmail.com:587
AuthUser=MyEmailAddress@gmail.com
AuthPass=MyPassword
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
#rewriteDomain=
rewriteDomain=gmail.com
# The full hostname
#hostname=MyMediaServer.home
hostname=MyEmailAddress@gmail.com
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES - See more at: http://www.havetheknowhow.com/Configure-the-server/Install-ssmtp.html#sthash.vpOeOryu.dpuf
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=MyEmailAddress@gmail.com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
#mailhub=mail
mailhub=smtp.gmail.com:587
AuthUser=MyEmailAddress@gmail.com
AuthPass=MyPassword
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
#rewriteDomain=
rewriteDomain=gmail.com
# The full hostname
#hostname=MyMediaServer.home
hostname=MyEmailAddress@gmail.com
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
But at first it will not work because gmail will complain about you being spamming the email account and also issue how the deamon can know your password to your gmail account.
Then gmail will ask if you want to change secutiry settings and you should answaer yes or activate the funktion allowing emails from your Ubuntu system.
When this is done you can test send email again - then it should work just fine.
This is how you send email using the command line with ssmtp:
Kod: Markera allt
ssmtp recipient_YourEmail@gmail.com
For example:
Kod: Markera allt
Hello world
Now you can check your email and you will see your message Hello world.
Here is the ssmtp guide i follow http://www.havetheknowhow.com/Configure ... ssmtp.html
Now when you get this working you can move on to next part - installing and configurating Logwatch.
Installing and configurationg LOGWATCH to send security logs to your email account:
First we install Logwatch
Kod: Markera allt
sudo apt-get install logwatch
Write the following code to create /var/cache/logwatch
Kod: Markera allt
sudo mkdir /var/cache/logwatch
We should copy logwatch.conf to /etc/logwatch/conf/ and that is the file we will configurate.
So now we copy the file using following code
Kod: Markera allt
sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
Kod: Markera allt
sudo nano /etc/logwatch/conf/logwatch.conf
Kod: Markera allt
Output = mail
MailTo = YourEmail@gmail.comKod: Markera allt
MailFrom = Logwatch
Kod: Markera allt
Range = Today
Kod: Markera allt
Detail = Medium
Just write logwatch in the command line and check your email account.
Kod: Markera allt
sudo logwatch
I post them in the order you should read and refering to the guides to understand what is correct settings with Logwatch.
First guide to use is https://help.ubuntu.com/community/Logwatch
Secound guide to use is https://wiki.amahi.org/index.php/Monito ... via_E-mail
And last guide to get more details https://www.digitalocean.com/community/ ... r-on-a-vps