CentOS Commands - TeaganLong/SEC-350-Tech-Journal GitHub Wiki
List of CentOS Commands
Logging in as Root
- sudo -i
Adding a new root user
- adduser "name"
- passwd "name"
- usermod -aG wheel "name"
Setting hostname
- hostnamectl set-hostname "name"
Setting Network Configs
- nmtui edit ens192 (Brings you to nmtui screen where you can edit your network settings)
Viewing Network Settings
- ifconfig or ifconfig/all
Checking status of services
- systemctl status "service"
- Example: systemctl status httpd
Checking Firewall Settings
- sudo firewall-cmd --list-all
- Adding services:
- sudo firewall-cmd --zone=public --permanent --add-service="service"
- sudo firewall-cmd --zone=public --permanent --list-services
- same commands for adding ports, just switch --add-service for --add-port
Restart Network
- systemctl restart network
Checking if rsyslog is listening to TCP/UDP
- sudo netstat -tupan | grep 514
Configuring rsyslog client
- vi /etc/rsyslog.d/sec350.conf
- Enter: user.notice @172.16.50.5 (Or the address of remote syslog server)
Testing rsyslog messaging
- Source machine:
- sudo systemctl restart rsyslog
- logger -t test "message"
- Destination machine
- sudo tail /var/log/messages
Creating Custom syslog configuration
- Create a file called /etc/rsyslog.d/03-sec350.conf
module(load="imudp") input(type="imudp" port="514" ruleset="RemoteDevice") template(name="DynFile" type="string" string="/var/log/remote-syslog/%HOSTNAME%/%$YEAR%.%$MONTH%.%$DAY%.%PROGRAMNAME%.log" ) ruleset(name="RemoteDevice"){ action(type="omfile" dynaFile="DynFile") }- Can also use wget http://10.0.17.3/sec350/03-sec350.conf
Sending authentication messages
- add authpriv.* @172.16.50.5 line to sec350.conf (in /etc/rsyslog.d)
Checking logs for specific hosts
- ls -l /var/log/remote-syslog/"hostname"/
- cat /var/log/remote-syslog/"hostname"/sshd.log
Install/Update tree package
- yum update
- yum install tree
Tree structure of remote-syslog directory
- tree /var/log/remote-syslog/
Copying over/Installing Splunk to log01
- wget -c http://10.0.17.3/sec350/splunk-8.0.5.rpm
- rpm -ivh splunk-8.0.5.rpm
Starting Splunk
- cd /opt/splunk/bin
- ./splunk start --accept-license
- ./splunk enable boot-start