Tuesday, March 11, 2008

Bugzilla installation

Reference
bugzilla.org
Download the latest Stable Release
# cd /usr/local/src
# wget http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-3.0.3.tar.gz
# tar xzf bugzilla-3.0.3.tar.gz
# cd bugzilla-3.0.3
First,run the checksetup.pl script to check for any dependant packages that need to be installed
# ./checksetup.pl --check-modules
NOTE: You must run any commands listed below as root.
***********************************************************************
* REQUIRED MODULES *
***********************************************************************
* Bugzilla requires you to install some Perl modules which are either *
* missing from your system, or the version on your system is too old. *
* *
* The latest versions of each module can be installed by running the *
* commands below. *
***********************************************************************
COMMANDS:
/usr/bin/perl -MCPAN -e 'install "Email::Send"'
/usr/bin/perl -MCPAN -e 'install "Template"'
/usr/bin/perl -MCPAN -e 'install "Email::MIME::Modifier"'
/usr/bin/perl -MCPAN -e 'install "Date::Format"'
So run one by one
# /usr/bin/perl -MCPAN -e 'install "Email::Send"'
Fine
# /usr/bin/perl -MCPAN -e 'install "Template"'
Fine
# /usr/bin/perl -MCPAN -e 'install "Email::MIME::Modifier"'
Fine
# /usr/bin/perl -MCPAN -e 'install "Date::Format"
Fine
Now configure Database and Apache settings
# cd /usr/local/src/bugzilla-3.0.3
# vi localconfig

$create_htaccess = 1;
$webservergroup = 'nobody';
$db_driver = 'mysql';
$db_host = 'localhost';
$db_name = 'bugs';
$db_user = 'bugs';
$db_pass = 'secret';
$db_port = 3306;
$db_sock = '/tmp/mysql.sock';
$db_check = 1;
$index_html = 0;
$cvsbin = '/usr/bin/cvs';
$interdiffbin = '/usr/bin/interdiff';
$diffpath = '/usr/bin';

Re-run checksetup.pl
# ./checksetup.pl
Now it will create the database and WebServer data like .htaccess files.
MySQL
Allow large attachments
# vi /etc/my.cnf
max_allowed_packet=1M
Allow small words in full-text indexes
ft_min_word_len=2
Add a user to MySQL
# mysql -u root -pmysql
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, INDEX, ALTER, CREATE, LOCK TABLES, CREATE TEMPORARY TABLES, DROP, REFERENCES ON bugs.* TO bugs@localhost IDENTIFIED BY 'secret';
Query OK, 0 rows affected (0.04 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
Configure Apache
First create a soft link to Bugzilla in your WebServer's DocumentRoot
# cd /var/www/html
# ln -s /usr/local/src/bugzilla-3.0.3 bugzilla
# vi /usr/local/apache/conf/httpd.conf

AddHandler cgi-script .cgi
Options +Indexes +ExecCGI
DirectoryIndex index.cgi
AllowOverride Limit

# /usr/local/apache/bin/apachectl restart
Now it should up at http://localhost/bugzilla

Tuesday, March 4, 2008

Log Server using Syslog-NG

Server - RHEL 5
Stop Syslog and turn it off through Run Levels

# service syslog stop
# chkconfig syslog off

Download syslog-ng
# cd /usr/local/src
# wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog-0.2.5.tar.gz

# tar xzf eventlog-0.2.5.tar.gz
# cd eventlog-0.2.5
# ./configure --prefix=/usr/local/eventlog
# make
# make install

# cd /usr/local/src
# wget http://www.balabit.com/downloads/files/libol/0.3/libol-0.3.18.tar.gz
# tar xzf libol-0.3.18.tar.gz
# cd libol-0.3.18
# ./configure --prefix=/usr/local/libol
# make
# make install

# cd /usr/local/src
# wget http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/syslog-ng-2.0.6.tar.gz
# tar xzf syslog-ng-2.0.6.tar.gz
# cd syslog-ng-2.0.6

# export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol/
# make
# make install

# cd /usr/local/syslog-ng
# mkdir etc
# cd etc
# vi syslog-ng.conf

### Refer http://www.campin.net/syslog-ng.conf
options {
keep_hostname(yes);
long_hostnames(off);
sync(1);
log_fifo_size(1024);
};

source src {
pipe("/proc/kmsg");
unix-stream("/dev/log");
internal();
udp();
tcp(port(5140) keep-alive(yes));
};

destination authlog { file("/var/log/syslog-ng/auth.log"); };
destination syslog { file("/var/log/syslog-ng/syslog"); };
destination cron { file("/var/log/syslog-ng/cron.log"); };
destination daemon { file("/var/log/syslog-ng/daemon.log"); };
destination kern { file("/var/log/syslog-ng/kern.log"); };
destination lpr { file("/var/log/syslog-ng/lpr.log"); };
destination user { file("/var/log/syslog-ng/user.log"); };
destination uucp { file("/var/log/syslog-ng/uucp.log"); };

destination mail { file("/var/log/syslog-ng/mail.log"); };
destination maillog { file("/var/log/syslog-ng/maillog"); };
destination mailinfo { file("/var/log/syslog-ng/mail.info"); };
destination mailwarn { file("/var/log/syslog-ng/mail.warn"); };
destination mailerr { file("/var/log/syslog-ng/mail.err"); };

destination debug { file("/var/log/syslog-ng/debug"); };
destination messages { file("/var/log/syslog-ng/messages"); };

destination console { usertty("root"); };

destination console_all { file("/dev/tty8"); };

filter f_attack_alert {
match("attackalert");
};

filter f_ssh_login_attempt {
program("sshd.*")
and match("(Failed|Accepted)")
and not match("Accepted (hostbased|publickey) for (root|zoneaxfr) from (10.4.3.1)");
};

filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv) and not facility(mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };

filter f_news { facility(news); };

filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info .. warn)
and not facility(auth, authpriv, cron, daemon, mail, news); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };

filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_daemon); destination(messages); };
log { source(src); filter(f_kern); destination(messages); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_user); destination(messages); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };

destination HOSTBASED {
file("/var/log/syslog-ng/HOSTBASED/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};

log {
source(src);
destination(HOSTBASED);
};


# mkdir /var/log/syslog-ng

Started syslog-ng daemon
# /usr/local/syslog-ng/sbin/syslog-ng

Client - RHEL 5

Stop Syslog and turn it off through Run Levels

# service syslog stop
# chkconfig syslog off

Download syslog-ng
# cd /usr/local/src
# wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog-0.2.5.tar.gz
# tar xzf eventlog-0.2.5.tar.gz
# cd eventlog-0.2.5
# ./configure --prefix=/usr/local/eventlog
# make
# make install

# cd /usr/local/src
# wget http://www.balabit.com/downloads/files/libol/0.3/libol-0.3.18.tar.gz
# tar xzf libol-0.3.18.tar.gz
# cd libol-0.3.18
# ./configure --prefix=/usr/local/libol
# make
# make install

# cd /usr/local/src
# wget http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/syslog-ng-2.0.6.tar.gz
# tar xzf syslog-ng-2.0.6.tar.gz
# cd syslog-ng-2.0.6

# export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol/
# make
# make install

# cd /usr/local/syslog-ng
# mkdir etc
# cd etc
# vi syslog-ng.conf

Reference - http://www.campin.net/syslog-ng.conf

options {
keep_hostname(yes);
long_hostnames(off);
sync(1);
log_fifo_size(1024);
};

source src {
pipe("/proc/kmsg");
unix-stream("/dev/log");
internal();
udp();
tcp(port(5140) keep-alive(yes));
};

destination loghost { tcp("192.168.0.111" port(5140)); };

filter f_attack_alert {
match("attackalert");
};

filter f_ssh_login_attempt {
program("sshd.*")
and match("(Failed|Accepted)")
and not match("Accepted (hostbased|publickey) for (root|zoneaxfr) from (10.4.3.1)");
};

filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv) and not facility(mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };

filter f_news { facility(news); };

filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info .. warn)
and not facility(auth, authpriv, cron, daemon, mail, news); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };

log { source(src); filter(f_authpriv); destination(loghost); };
log { source(src); filter(f_syslog); destination(loghost); };
log { source(src); filter(f_daemon); destination(loghost); };
log { source(src); filter(f_kern); destination(loghost); };
log { source(src); filter(f_lpr); destination(loghost); };
log { source(src); filter(f_mail); destination(loghost); };
log { source(src); filter(f_user); destination(loghost); };
log { source(src); filter(f_uucp); destination(loghost); };
log { source(src); filter(f_mail); destination(loghost); };
log { source(src); filter(f_mail); filter(f_info); destination(loghost); };

filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };

log { source(src); filter(f_authpriv); destination(loghost); };
log { source(src); filter(f_syslog); destination(loghost); };
log { source(src); filter(f_daemon); destination(loghost); };
log { source(src); filter(f_kern); destination(loghost); };
log { source(src); filter(f_lpr); destination(loghost); };
log { source(src); filter(f_mail); destination(loghost); };
log { source(src); filter(f_user); destination(loghost); };
log { source(src); filter(f_uucp); destination(loghost); };
log { source(src); filter(f_mail); destination(loghost); };
log { source(src); filter(f_mail); filter(f_info); destination(loghost); };
log { source(src); filter(f_mail); filter(f_warn); destination(loghost); };
log { source(src); filter(f_mail); filter(f_err); destination(loghost); };
log { source(src); filter(f_messages); destination(loghost); };
log { source(src); filter(f_emergency); destination(loghost); };

destination std {
file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};

log {
source(src);
destination(std);
};


# mkdir /var/log/syslog-ng

Started syslog-ng daemon
# /usr/local/syslog-ng/sbin/syslog-ng

Monday, March 3, 2008

Log Server using Syslog

Log Server Setup

Allow remote machines to Log

# vi /etc/sysconfig/syslog
Replaced
SYSLOGD_OPTIONS="-m 0"
with
SYSLOGD_OPTIONS="-rm 0"

Setup Log Rotation Policy
# vi /etc/logrotate.conf
daily
# keep 7 days worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

Customize Log types and log destination

# vi /etc/syslog.conf
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log

Restart Syslogd to take effect of the changes made

# /etc/init.d/syslog restart

Client Configurations

1.RHEL5

# vi /etc/syslog.conf
*.* @192.168.0.111

Restart Syslog
# /etc/init.d/syslog restart

Log files Replicated
All those logs handled by Syslog daemon
For example
messages
audit/audit.log
boot.log
cron.log
secure

2.OpenBSD
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot

In the Server 's /etc/syslog.conf added the following
auth.info /var/log/OpenBSD_authlog
daemon.info /var/log/OpenBSD_daemon

# /etc/init.d/syslog restart

Log files Replicated
authlog
messages
daemon

3.OpenSolaris
# vi /etc/syslog.conf
*.* @192.168.0.111
# reboot

LOG FILES /var/svc/log

Redirection of Apache logs to Syslog and thereby to Centralized Log Server

Customize ErrorLog and CustomLog of Apache
# vi /usr/local/apache/conf/httpd.conf
ErrorLog syslog
CustomLog "|/usr/bin/logger -p local1.info" common

Define local log files and Log Server
# vi /etc/syslog.conf
*.* @192.168.0.111
local7.* /var/log/apache_error_log
local1.info /var/log/apache_access_log
Restart services
# /etc/init.d/syslog restart
# /usr/local/apache/bin/apachectl restart

Reference : devshed.com
apache.org

Apache SSL Certificate Creation

# cd /usr/local/apache
# mkdir cert
# cd cert
1. Generate your own Certificate Authority (CA)
# openssl genrsa -out ca.key 4096
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
2.Generate a server key and request for signing (csr)
# openssl genrsa -out server.key 4096
# openssl req -new -key server.key -out server.csr
3.Sign the certificate signing request (csr) with the self-created certificate authority (CA) that you made earlier
# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

# vi /usr/local/apache/conf/httpd.conf
ServerName xxx.xxx.xxx.xxx:443
Listen xxx.xxx.xxx.xxx:443
LoadModule ssl_module modules/mod_ssl.so

SSLEngine on
SSLCertificateFile /usr/local/apache/cert/server.crt
SSLCertificateKeyFile /usr/local/apache/cert/server.key

# /usr/local/apache/bin/apachectl restart

To do the same with a Passphrase follow below

# cd /usr/local/apache
# mkdir cert
# cd cert
# openssl genrsa -des3 -out ca.key 4096
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# openssl genrsa -des3 -out server.key 4096
# openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Rest of the configuration remains same

Reference