Use syslog-ng on RHEL3 to report authentication activity to a Snare server

The default syslogd under RHEL3 does not report a date and timestamp when used to log user authentication activity to an external source (Snare, remote syslogd, etc). Syslog-ng can run side by side or as a replacement to RedHat’s syslogd facility. These instructions were written while I was working on a workstation that was reporting to a Snare micro-server on a Windows machine.

As root (or sudo), install the package: (Note: This is probably available from DAG)

rpm -ivh syslog-ng-1.6.9-1.el3.i386.rpm

Make it run on boot:
chkconfig syslog-ng on

Edit the file: /etc/syslog-ng/syslog-ng.conf

Change the destination d_auth line – replace the IP with the IP (or name) of the Snare micro-server (or other external logging source):
destination d_auth { udp(“192.168.1.10” port(514) localport(999)); };

Start the service:
service syslog-ng start

There is 1 additional parameter you might need to change if you don’t see syslog auth messages getting through.

/etc/syslog-ng/syslog-ng.conf:

Change:
filter f_filter3 { facility(authpriv); };

To read:

filter f_filter3 { facility(authpriv) or facility(auth); };

Save, exit, restart syslog-ng.

Picasa for Linux !

Google today released Picasa for Linux. Amazing stuff!

http://picasa.google.com/linux/index.html

Get your weather forecast – via Telnet!

This is sweet:

telnet rainmaker.wunderground.com

need I say more??

Active Directory authentication with SuSE Linux 9.3

Note: The following is probably incomplete but is a useful overview of the process.

Overview:

Install missing software packages (kerberos, winbind – see notes below)

Extract pre-configured config files to / from .tar.gz (on euler)

Add euler to /etc/hosts

Configure kerberos

Setup smb.conf (see notes below)

Get kerberos ticket

Join domain

insserv (updates /etc/init.d/rcX.d)

————————————————————–

Kerberos:

Yast, Network Services, Kerberos
Add missing packages when prompted
Domain, realm, and server should already be populated. If not, use:
domain=janus, realm=JANUS.LOCAL, server=euler
Finish

———–

Winbind:

Yast, Software, Install and Remove Software
search for: winbind
Select package, Accept
Finish

System, System Services (Runlevel)
Select expert, winbind, Enable. Make sure runlevels 3 – 5 are enabled
Disable firewall if enabled

Edit /etc/samba/smb.conf
Change netbios =

Join domain:

kinit
klist

net ads join -U

insserv

reboot

password-less ssh logins

Log in to a RHEL3 Linux box. In your home dir, if you have a .ssh dir, back it up to some other dir name. (ssh-original, or whatever you like):

mv .ssh ssh-original

Generate the rsa keypair, but don’t create a passphrase (press enter when prompted for one):

ssh-keygen -t rsa

Copy your public key to your authorized_keys:

cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys

In addition, generating a rsa version 1 keypair will allow you to access most all other hosts not running Open-SSH: (Protocols v1.2, v1.3, etc)

ssh-keygen -t rsa1

…and then, cat .ssh/identity.pub (append) to .ssh/authorized_keys:

cat ~/.ssh/identity.pub >> ~/.ssh/authorized_keys

Perms are important for this to work. Check that your .ssh dir is mode 755:

chmod 755 .ssh/

Also, we found that your home dir cannot be group or world writeable. Mine looks like this:

drwxr-xr-x 130 jloconne genusers 23K Sep 14 09:58 /accts/jloconne/

ssh into whatever you want. The first time you encounter a machine you’ll be prompted to save its key into you .ssh/authorized_hosts file. After that you’ll never be prompted again.

Subversion for RHEL3

As root, install subversion from dag: (see earlier post for enabling DAG repo for RHEL3)

apt-get install subversion

As user, generate config dir:
svn co

If your behind a proxy:

Edit ~/.subversion/servers
section [global] (toward end of file)

Uncomment and change the following line:
http-proxy-host = proxy

Check something out

Example:
svn co https://svn.sourceforge.net/svnroot/gaim/trunk gaim