SEC 350 Lab 2.2: Syslog - zacharylongo/Tech-Journals GitHub Wiki
To change the password in VyOS, log in to the system using the current username and password. Then enter the following command in the CLI:
set system login user USERNAME password PASSWORD
Replace "USERNAME" with the appropriate username and "PASSWORD" with the desired password. After entering the command, commit the changes with the following command:
commit and save
To set up SSH key-based authentication from mgmt01 to at least web01 or log01, follow these steps:
- Generate a new SSH key pair on mgmt01 using the following command:
- Copy the public key to web01 or log01 by running the following command on mgmt01:
- Replace "USERNAME" with the appropriate username on web01 or log01.
- Test the key-based authentication by running the following command on mgmt01:
ssh-keygen -t rsa
ssh-copy-id USERNAME@web01
ssh USERNAME@web01
In Linux systems, the "authpriv" facility is used to log messages related to authentication and security-related events. To log these messages, edit the Rsyslog configuration file (usually located at /etc/rsyslog.conf) and add the following line:
authpriv.* /var/log/secure
This will log all messages with the "authpriv" facility to the "/var/log/secure" file. Restart the Rsyslog service for the changes to take effect.
Rsyslog allows for flexible configuration through the use of drop-in files. To create a drop-in file, create a new file in the "/etc/rsyslog.d" directory with the ".conf" extension. In the new file, add the desired configuration changes, such as forwarding events to a remote syslog server or filtering events based on severity level. The changes in the drop-in file will be automatically applied by Rsyslog without the need to modify the main configuration file.
To configure the web01 client to forward authentication events to a remote syslog server, add the following lines to a drop-in file in "/etc/rsyslog.d" on the web01 client:
$template RemoteLogs,"%fromhost% %syslogtag%%msg%" authpriv.* @REMOTE_SYSLOG_SERVER