Language:
switch to room list switch to menu My folders
Go to page: First ... 21 22 23 24 [25] 26 27 28 29 ... Last
[#] Thu Mar 19 2015 23:00:07 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

Not similar at all, but I do use this for viewing / checking combined logs from systems:

Epylog - https://fedorahosted.org/epylog/

It lets you boil down combined syslogs from multiple systems, and get rolled up reports on logins, and a free-for-all report of anything that was not parsed in an email.

It takes quite a bit of time to get what they call the "weeder" to build up to rid yourself of the background noise from the reports, and it does take ocasional changes to regexes on lines to account for some daemons changed log output for warnings, etc, but I find it worthwhile.  Once you have your "don't care" lines out of the report, you will be left with the ones to either investigate and act on or just add to the don't care if they turn out to be a more of just miss-placed info output.

You can set up your own roll up reports, but I have not played with that as of yet.



[#] Mon Mar 23 2015 08:15:36 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Not the splunk way - there are no "don't care" records, you throw everything in the big index and figure out how to query it later.

[#] Wed Apr 29 2015 11:15:28 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Been talking to some former coworkers (now at NYTimes, ghod help them) and one of the Splunk alternatives they are looking at is Sumologic:

https://support.sumologic.com/entries/21863767-How-do-I-group-messages-based-on-a-field-I-define

(^^ one of my litmus tests for a Splunk replacement)

http://www.forbes.com/sites/petercohan/2015/02/25/will-sumo-logic-pin-splunk/

[#] Wed Apr 29 2015 12:37:52 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Hrm.

https://www.sumologic.com

When you go to this site, you may be treated to the following popup:

This page ws unable to display a Google Maps element. The provided Google API key is invalid or this site is not authorized to use it. Error Code:
InvalidKeyOrUnauthorizedURLMapError

So, they hope to supplant Splunk, but...?

[#] Thu Apr 30 2015 21:36:19 EDT from Sig

[Reply] [ReplyQuoted] [Headers] [Print]

Can anyone recommend a good primer or even just checklist for enumerating services and getting a good start on locking down Red Hat-style Linux? Bonus points if it employs primarily commonly available command line tools. I'm much more familiar with Debian variants, but that's not likely to be the environment, and I'm not really a security guru.

[#] Fri May 01 2015 08:32:57 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Hrm... I don't expect you're looking for something like:

ls /etc/init.d

(by way of enumerating services)

[#] Fri May 01 2015 08:34:05 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Gah, I didn't even get that right...

ls /etc/rc.d/init.d

[#] Fri May 01 2015 08:36:24 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


This said, apparently, Red Hat prefers 'systemctl' commands.

To list services:

systemctl list-unit-files --type service

unless you're talking about an old Red Hat. Older Red Hat apparently did:

chkconfig --list

[#] Fri May 01 2015 08:36:57 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


(src:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/ System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html

)

[#] Fri May 01 2015 10:52:29 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


netstat -an | grep LISTEN. Find out what process owns those ports, whether they are truly necessary for your use case, and if not, shut them down.



next, think about local security. Can you enable selinux in strict mode without breaking anything critical?

Red Hat used to have a simple "enable the firewall" script that would install some basic packet filters. I don't remember the name of it anymore, might have been system-config-firewall

Use the "find" command to hunt down setuid/setgid binaries that might not be necessary.


This is basic stuff. I'm not a security guru anymore, if I ever was. Google "Red Hat hardening" or something.

[#] Fri May 01 2015 21:17:13 EDT from Sig

[Reply] [ReplyQuoted] [Headers] [Print]

Thank you. At the least, those give me more useful search terms.

[#] Sun May 03 2015 02:10:29 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

List listening sockets and proggies):

netstat -aonp

List the users of the port, and userid:

lsof -ni :portnumber
i.e.:
lsof -ni :25

Show the individual process info:

cat /proc/[pid]/cmdline
i.e.:
cat /proc/11104/cmdline

(and many other items under /proc/[pid] that interest you (cat is your friend).

Feel free to share anything you learn as well.



[#] Sun May 03 2015 07:52:32 EDT from dothebart

[Reply] [ReplyQuoted] [Headers] [Print]

the citadel faq has the most important ones:

http://citadel.org/doku.php?id=faq:start#troubleshootingyourhostos



[#] Fri May 08 2015 11:55:50 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


So I finally booted up the Pi that I got for Christmas. But I only had a 2 GB SDcard so I moved my root filesystem to a 250 GB external USB drive.
It was really easy. Everything behaved as I expected it to. All I had to do was rsync to the new filesystem, identify its UUID, call for its mount as rootfs in its own /etc/fstab and in the Pi's boot partition, and reboot.

I like it this way better. The SDcard is /boot and nothing else.

[#] Fri May 08 2015 11:56:56 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


(And yes, it was sooooo satisfying to be able to type "apt-get install citadel-client" on the Pi and get a precompiled Citadel client fed back to me, even though none of us on the project have ever explicitly built on this platform before!)

[#] Sat May 09 2015 14:21:26 EDT from dothebart

[Reply] [ReplyQuoted] [Headers] [Print]

 

Fri May 08 2015 11:56:56 EDT from IGnatius T Foobar @ Uncensored

(And yes, it was sooooo satisfying to be able to type "apt-get install citadel-client" on the Pi and get a precompiled Citadel client fed back to me, even though none of us on the project have ever explicitly built on this platform before!)

And that without java - compile once debug everywhere ;-)



[#] Sat May 09 2015 22:34:26 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

That's not really a fair comparison.  Sure, the Debian repository is available on every platform, but it's native, so it's compile everywhere debug everywhere.

Java's bad reputation has everything to do with the smear campaign orchestrated against it in the 1990's.  Since then it has become the lingua franca of business logic anyway.



[#] Tue May 12 2015 11:25:34 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Not really. The phrase "compile once, debug everywhere" had a lot of truth to it, borne out by bad experiences with AWT, which turned out to be not be such a panacea for cross-platform portability as was first hoped. It's *hard* to build a cross-platform window toolkit in a way that respects the native look-and-feel of all platforms.

"Compile once, debug everywhere" is *absolutely not true in the same sense* when applied to server-side java, which has proven highly portable.

[#] Thu May 14 2015 11:36:39 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

That much is very true. AWT was a pain in the neck to test everywhere. And although one could argue "AWT is *not* Java" -- and be correct about that -- AWT was a big part of the initial Java experience for a lot of people.
It was released at a time when there was such a thing as

" native look and feel "

As we all know ... there is no longer any such thing. Web based applications broke everyone's addiction to needing the exact same widget set on every application.
Nowadays, developers use whatever chrome they want. As a result, an application written in Java that uses SWT, say on Windows for example, looks no more "foreign" than Microsoft Office.


The result ... even on the desktop, Java applications now look the same everywhere, because they use the same widget set (and therefore the same pixel-by-pixel dimensions of every widget) on every platform. I like it.

[#] Thu May 14 2015 23:37:01 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

I liked the fact that the Blackdown Java on Linux allowed me to have a Linux workstation and do Java development for Windows back in the late 90's.  It was fun having Linux servers push out Jar files to remote web servers via JWS, allowing branch locations running Windows clients to update software in the middle of the work day.

For all the faults people find with Java / Java Web Start and all that, I was able to make some use of it and do some pretty cool testing / release cycles that I have been hard pressed to duplicate (outside of the LAMP stack world).



Go to page: First ... 21 22 23 24 [25] 26 27 28 29 ... Last