Uncategorized

ssh → Desde DHCP → DNS → WEB → DB → ASAD → We work with profiles as a team TESTS

Change the switch IP to position in ADM VLAN   Ports configuration VLAN ID Name Ports sense tag (Untagged) Port amb tag (Tagged) 10 production eth2 eth1 20 Admins eth3, eth7 eth1 30 guests eth4 eth1 40 Backups eth5 eth1 Switch configuration

Allow established and related connections iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT Administration (VLAN 20) can access everything iptables -A FORWARD -s 192.168.20.0/28 -j ACCEPT Production (VLAN 10) can only access the Internet and servers as needed iptables -A FORWARD -s 192.168.10.0/27 -o enp0s3 -j ACCEPT Guests (VLAN 30) can only access the … Read more

Since we want to control everything that reaches the DMZ, we put: iptables -P FORWARD DROP This means that no VLAN can talk to the DMZ unless we specifically tell it to. Rules consistent with the policy 1. Administration can access the entire DMZ (for server management) iptables -A FORWARD -s 192.168.20.0/28 -d 192.168.10.0/27 -j … Read more

Why are we classifying logs? Organize in a clear and efficient manner the records (logs) received from all client machines, so that consultation, analysis and follow-up of incidents are fast and intuitive. Classification criteria It has been decided to classify the logs primarily by machine and, within each machine, separate them by service or application … Read more

Create an archive:nano /etc/logrotate.d/logs-remots nano /etc/logrotate.d/logs-remots /var/log/remote/dns/*.log/var/log/remote/dhcp/*.log/var/log/remote/db/*.log/var/log/remote/web/*.log { daily rotate 60 compress delaycompress I’m missing notifempty create 0640 syslog adm sharedscripts postrotate systemctl reload rsyslog > /dev/null 2>&1 || true endscript} CTRL + X i Save parameter meaning rotate 60 Keeps the last 60 files (60 days if daily). compress Compress with .gz after rotating. … Read more

What is log rotation? Define the retention period of the records (logs) generated by the systems and establish an automated mechanism to manage their rotation, compression and elimination, with the aim of guaranteeing efficient management of storage space and facilitating the consultation of recent events. Conservation time Records will be kept for a maximum period … Read more

Installing rsyslog First, make sure the rsyslog service is installed: sudo dnf install rsyslog -y Once installed, activate and start the service: sudo systemctl enable rsyslog sudo systemctl start rsyslog rsyslog server configuration Enable reception of remote logs Let’s edit the main rsyslog configuration file: sudo nano /etc/rsyslog.conf Make sure to uncomment or add the … Read more

First, make sure the rsyslog service is installed: sudo dnf install rsyslog -y Once installed, activate and start the service: sudo systemctl enable rsyslog sudo systemctl start rsyslog Let’s edit the main rsyslog configuration file: sudo nano /etc/rsyslog.conf And then we add these lines same configuration on all machines

This is the machine where logs arrive Then this is one of the machines that will ping. VIDEO