7. Additional configuration¶
7.1 Active Directory integration via PAM¶
Run commands as root:
su -
Upgrade distro:
apt-get update && apt upgrade -y
Install packages:
apt-get install realmd packagekit sssd-tools sssd libnss-sss libpam-sss adcli oddjob oddjob-mkhomedir adcli samba-common ntpdate ntp unzip resolvconf git -y
Enable DNS service:
systemctl start resolvconf.service
systemctl enable resolvconf.service
systemctl status resolvconf.service
Configure DNS service:
nano /etc/resolvconf/resolv.conf.d/head
Add:
nameserver <ip dnsserver domeincontroller>
Reload DNS service:
systemctl restart resolvconf.service
Check if domain controller connection:
ping dom001.lan.local
Join controller:
realm join --user=administrator lan.local --verbose
Expected output:
* Successfully enrolled machine in realm
Edit sssd deamon:
nano /etc/sssd/sssd.conf
Edit configuration:
[sssd]
domains = LAN.LOCAL
config_file_version = 2
services = nss, pam, sudo
default_domain_suffix = lan.local
full_name_format = %1$s
[domain/lan.local]
ad_domain = lan.local
krb5_realm = LAN.LOCAL
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
#Disable nested serches (Speeds up searches)
#ignore_group_members = True
#Restict AD search:
#ldap_search_base = DC=lan,DC=local
#ldap_user_search_base OU=Power Users,OU=Accounts,DC=lan,DC=local
#ldap_group_search_base OU=Groups,DC=lan,DC=local
access_provider = simple
simple_allow_groups = <ad group 1>, <ad group 2>
manage-system = yes
automatic-id-mapping = yes
Reload sssd deamon:
service sssd restart
Configure PAM to auto create home folder:
nano /etc/pam.d/common-session
Add:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
Grant root rights (only ubuntu):
nano /etc/sudoers
Add:
%<add ad group here> ALL=(ALL:ALL) ALL
To add a additional group use the following command:
realm permit -g <groepnaam>@lan.local
Secure apache2 login:
nano /etc/apache2/sites-enabled/rsx-apache.conf
Change the following configuration:
#Change in all 3 location blocks:
Require valid-user
#Require user user1 user2 user3
#To:
#Require valid-user
Require user test01 <<-- username
Reload apache2 services:
service apache2 restart
7.2 Integrate Active Directory LDAP authentication for Apache 2¶
Activate LDAP module apache:
a2enmod ldap authnz_ldap
Configure /etc/apache2/apache2.conf as following:
<Directory /var/www/html>
AuthType Basic
AuthName "Remote Syslog Login"
Options Indexes FollowSymLinks
AllowOverride None
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL "ldap://<myadhost>:389/dc=DC01,dc=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=,OU=Accounts,DC=DC01,DC=local"
AuthLDAPBindPassword
AuthLDAPGroupAttribute member
require ldap-group cn=,ou=Groups,dc=DC01,dc=local
</Directory>
Reload apache2 services:
service apache2 restart
7.3 Basic authentication for Apache 2¶
Install apache2-utils:
apt-get install apache2-utils
Create .htpasswd file:
htpasswd -c /etc/apache2/.htpasswd <myuser>
Configure /etc/apache2/apache2.conf as following:
<Directory /var/www/html>
AuthType Basic
AuthName "Remote Syslog Login"
AuthBasicProvider file
AuthUserFile "/etc/apache2/.htpasswd"
Require user
Options Indexes FollowSymLinks
AllowOverride None
Require valid-user
Order allow,deny
Allow from all
</Directory>
Reload apache2 services:
service apache2 restart
7.4 Generate an email from an event (Only RSC)¶
Required core = RSC core
Install netsend:
sudo apt install sendmail
Edit:
/etc/mail/sendmail.cf
Search for => #”Smart” relay host (may be null)
Change after DS => DSsmtp.lan.corp
Restart the service:
sudo /etc/init.d/sendmail restart
Use the following script and save it to /opt/mailrs:
Create array:
#!/bin/bash
#Array of words:
declare -a data=(Trace module)
Check if error messages exist:
for word in "${data[@]}"; do
mesg=$(cat /var/log/remote_syslog/remote_syslog.log | grep "^$(date +'%b %d')" | grep $word)
if [ -z "$mesg" ]
then
echo "No variable!"
else
echo "Variable filled, setting variable to continue …"
mesgall=1
fi
done
Generate email:
if [ -z "$mesgall" ]
then
echo "Nothing to do, abort"
exit
else
echo "Subject: Syslog critical errors" > /opt/rs.txt
echo "" >> /opt/rs.txt
echo "Hello <user>," >> /opt/rs.txt
echo "" >> /opt/rs.txt
echo "The following message is generated by Remote Syslog." >> /opt/rs.txt
echo "" >> /opt/rs.txt
for word in "${data[@]}"; do
cat /var/log/remote_syslog/remote_syslog.log | grep "^$(date +'%b %d')" | grep $word >> /opt/rs.txt
done
echo "" >> /opt/rs.txt
echo "The messages above are generated by the <hostname>!" >> /opt/rs.txt
echo "" >> /opt/rs.txt
echo "Thank you for using Remote Syslog … ;-)" >> /opt/rs.txt
cat /opt/rs.txt
/usr/sbin/sendmail -v -F "T.Slenter" -f "info@mydomain.com" ticketsystem@domain.com < /opt/rs.txt
fi
Make file executable:
chmod +x /opt/mailrs
Install with cron: Command:
crontab -e
Edit:
0 * * * * /opt/mailrs
7.5 Generate an email from an event (Only RSE)¶
Required core = RSE core
Install netsend:
sudo apt install sendmail
Edit:
/etc/mail/sendmail.cf
Search for => #”Smart” relay host (may be null)
Change after DS => DSsmtp.lan.corp
Restart the service:
sudo /etc/init.d/sendmail restart
Use the following script and save it to /opt/mailrs:
Create array:
#!/bin/bash
#Array of words:
declare -a data=(module)
Check if error messages exist:
for word in "${data[@]}"; do
mesg=$(curl -s -XGET --header 'Content-Type: application/json' http://localhost:9200/rse*/_search -d '{ "query" : { "bool" : { "must": [ { "match": { "MESSAGE": "module" } }, { "range": { "@timestamp": { "gte": "now-1h/h" } } } ] } } , "size": 100 }' | /usr/bin/jq | grep $word)
if [ -z "$mesg" ]
then
echo "No variable!"
else
echo "Variable filled, setting variable to continue …"
mesgall=1
fi
done
Generate email:
if [ -z "$mesgall" ]
then
echo "Nothing to do, abort"
exit
else
echo "Subject: Syslog critical errors" > /opt/rs.txt
echo "" >> /opt/rs.txt
echo "Hello <user>," >> /opt/rs.txt
echo "" >> /opt/rs.txt
echo "The following message is generated by Remote Syslog." >> /opt/rs.txt
echo "" >> /opt/rs.txt
for word in "${data[@]}"; do
curl -s -XGET --header 'Content-Type: application/json' http://localhost:9200/rse*/_search -d '{ "query" : { "bool" : { "must": [ { "match": { "MESSAGE": "module" } }, { "range": { "@timestamp": { "gte": "now-1h/h" } } } ] } } , "size": 100 }' | /usr/bin/jq | grep $word >> /opt/rs.txt
done
echo "" >> /opt/rs.txt
echo "The messages above are generated by the <hostname>!" >> /opt/rs.txt
echo "" >> /opt/rs.txt
echo "Thank you for using Remote Syslog … ;-)" >> /opt/rs.txt
cat /opt/rs.txt
/usr/sbin/sendmail -v -F "T.Slenter" -f "info@mydomain.com" ticketsystem@domain.com < /opt/rs.txt
fi
Make file executable:
chmod +x /opt/mailrs
Install with cron, run command:
crontab -e
Edit:
0 * * * * /opt/mailrs
This will run the script every hour.
7.6 Generate an email from an event using python (Only RSE)¶
Required core = RSE core
Clone git:
git clone https://github.com/tslenter/RSMAILEVENT
Edit:
./RSMAILEVENT/message.py
Change the variable to match the environment.
Make file executable and copy to the opt directory:
chmod +x ./RSMAILEVENT/message.py
cp ./RSMAILEVENT/message.py /opt/message.py
Install with cron, run command:
crontab -e
Edit:
0 * * * * /opt/message.py
This will run the script every hour.