I've been happily running Logwatch on several servers with the default 'yesterday' date range for several years. However I needed to run it for a client with a larger date range to check out a problem. But the options available for logwatch are only 'today', 'yesterday' and 'all'. Or so it told me. And even worse, the 'yesterday' option takes the date from the previous day, and pulls out all the info on that date. So if you run your logwatch report at 4pm, you're missing out on 16 hours worth of data! But it turns out logwatch is smarter than that …
Security
Notes on Encrypted /home directory, post install.
I decided to encrypt the /home directory on a notebook, post install, as I was going to take it out of the house. There's nothing too important on it, but I probably should look after my ssh keys at least! The laptop is a low end Dell, running Mint (based on Ubuntu). It has a slightly odd configuration in that I have the /home partition mounted separately.
OK, so the first thing I did was to copy the big files onto a separate, non-encrypted partition. I did this for two reasons. Firstly the encryption process creates a copy of your home directory which you can roll back to. This means in your /home partition you need enough room for two copies of your home dir. I didn't. Secondly, the encryption process obviously encrypts each file as it goes. I thought by moving out the large files (Music and Videos directories basically), that this would speed up the encryption process.
UFW script for Logwatch
I enabled UFW on an Ubuntu server recently and started getting all manner of stuff in my logwatch reports. It activated a section called 'iptables' and started logging every line in syslog with [UFW BLOCK] in it. It was marginally interesting, but not really worth the space devoted to it, so I decided to write a little script to parse the UFW log and summarise the top Blocked Hosts and top Blocked Ports. Therefore I could easily see if there was a change in pattern.
Munin, nginx, mysql on Ubuntu 11.04: Great tool. Poorly explained.
Well I just jumped through the hoops again installing a new tool, and as it took me quite a while, I thought I'd help the Internet at Large through it. Or at least make a few notes, as most of my own searches for information on this drew blanks. I even went to the lengths of translating a few obscure German posts in case they could help.
Anyway, munin, once you get it going, is actually quite cool. It provides you with a graphical look at your server performance, and you can customise which data you collect quite simply. I'm installing it on an Ubuntu server 11.04, with nginx and mysql. I'm expecting a big traffic spike in the near future, so I want to see how the machine is handling it, and which bits, if any, are struggling.
Cleaning a virus off a Samba Share.
One of the problems of running a Samba share on Linux is that occasionally one of the Windows machines accessing it will get a virus, and infect all the files on the share. You can use one of the AV tools to do this of course, (Clam AV, AVG and Kaspersky all have them these days) but they're pretty slow generally.
I noticed at one client that the virus was putting exe files into directories, with the same name as the containing directory eg.it would create the file /share/Software/Software.exe.
So the first thing to do is to see who is creating them. Here we go …