GNU/Linux >> Linux Esercitazione >  >> Cent OS

Come configurare Rsyslog remoto per accettare TLS e non TLS in CentOS/RHEL

Questo post mostrerà come configurare un sistema CentOS/RHEL per accettare messaggi di registro remoti utilizzando solo TLS e non TLS. Supponiamo di avere i seguenti server.

  • Server Rsyslog con TLS e non TLS :syslog-server.geeklab.com
  • TLS client :syslog-tls.geeklab.com
  • Cliente non TLS :syslog-non-tls.geeklab.com

1. Utilizzare la seguente guida per configurare il TLS su rsyslog-server e client:

Come configurare il server rsyslog per accettare i registri tramite SSL/TLS

2. Verifica che il TLS funzioni correttamente prima di continuare.

3. Sul server Rsyslog, modificare /etc/rsyslog.conf con le seguenti opzioni:

TLS connection will use port 1514
Non TLS connection will use por 514

Fare riferimento al seguente documento sul modulo imptcp:http://www.rsyslog.com/doc/v8-stable/configuration/modules/imptcp.html

Fornisce la possibilità di ricevere messaggi syslog tramite un semplice syslog TCP. Questo è un plug-in di input specializzato su misura per prestazioni elevate su Linux. Probabilmente non funzionerà su nessun'altra piattaforma. Inoltre, non fornisce servizi TLS. La crittografia può essere fornita utilizzando stunnel.

Questo modulo non ha limiti al numero di ascoltatori e sessioni utilizzabili.

# vi /etc/rsyslog.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # reads kernel messages (the same are read from journald)

module(
load="imptcp"
Threads="2"
)

input(
type="imptcp"
port="514"
)

# Provides TCP syslog reception
$ModLoad imtcp

#Make gtls driver the default

$DefaultNetstreamDriver gtls

# certificate files

$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/collector-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/collector-key.pem

$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.geeklab.com
$ActionSendStreamDriverMode 1

$InputTCPServerRun 10514

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.

$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state

$template RemoteLogsTesting,"/var/log//%HOSTNAME%/syslog.log"
if $fromhost-ip != '127.0.0.1' then -?RemoteLogsTesting
& stop

#Set the maximum number of files that the rsyslog process can have open at any given time
$MaxOpenFiles 2048

#### RULES ####

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

Riavvia i servizi rsyslog per rendere effettive le modifiche:

# systemctl rsyslog restart

4. Sul client Rsyslog che utilizza TLS, modificare /etc/rsyslog.conf

# vi /etc/rsyslog.conf
#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/sender-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/sender-key.pem

$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state

#### RULES ####

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@10.157.193.9:10514

Riavvia i servizi rsyslog per rendere effettive le modifiche:

# systemctl rsyslog restart

5. Sul client Rsyslog NON TLS, modificare /etc/rsyslog.conf:

# vi /etc/rsyslog.conf
#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state

#### RULES ####

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.*@@10.157.193.9:514

Riavvia i servizi rsyslog per rendere effettive le modifiche:

# systemctl rsyslog restart

Test:

TLS cliente:

[root@syslog-tls ~]# logger geeklab TEST
[root@syslog-tls ~]# logger geeklab TEST

Cliente NON TLS:

[root@syslog-non-tls ~]# logger geeklab test
[root@syslog-non-tls ~]# logger geeklab test

Server Rsyslog:

[root@syslog-server ]# ls
syslog-non-tls syslogtest
[root@syslog-server ]#
root@syslog-server syslog-non-tls]# tail -2 syslog.log
Sep 21 18:07:19 syslog-non-tls root: geeklab test
Sep 21 18:07:20 syslog-non-tls root: geeklab test
[root@syslog-server syslog-tls]# cat syslog.log
Stop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Sep 21 18:22:02 syslog-tls root: geeklab TEST
Sep 21 18:22:03 syslog-tls root: geeklab TEST
Sep 21 18:22:03 syslog-tls root: geeklab TEST
[root@syslog-server ]# netstat -tulpan | grep -i 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2460/rsyslogd
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN 2460/rsyslogd
tcp 0 0 10.157.193.9:514 10.157.193.131:14178 ESTABLISHED 2460/rsyslogd Non tls server
tcp 0 0 10.157.193.9:10514 10.157.193.159:47027 ESTABLISHED 2460/rsyslogd tls server
tcp6 0 0 :::514 :::* LISTEN 2460/rsyslogd
tcp6 0 0 :::10514 :::* LISTEN 2460/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2460/rsyslogd
udp6 0 0 :::514 :::* 2460/rsyslogd
[root@syslog-server ]#


Cent OS

  1. Come configurare PureFTPd per accettare sessioni TLS su CentOS 6.2

  2. CentOS / RHEL 7 :Come installare e configurare telnet

  3. Come configurare server e client NTP in CentOS / RHEL 7

  4. Come installare e configurare Samba in CentOS/RHEL

  5. Come configurare IPtables per aprire le porte in CentOS/RHEL

Come installare e configurare Nagios Core su CentOS 8 / RHEL 8

Come installare e configurare il server VNC in CentOS 7 / RHEL 7

Come installare e configurare Jenkins su CentOS 8 / RHEL 8

Come configurare FirewallD in RHEL, CentOS e Fedora

Come installare e configurare MariaDB in CentOS / RHEL 7

Come installare e configurare il server VNC su CentOS/RHEL 8