Una vez instalado logcheck vamos recibiendo avisos de algunas cosas importantes que debemos ajustar y en caso de ser imoprtantes ignorarlas.
Salida de logcheck
sudo -u logcheck logcheck -o -t
<br /> This email is sent by logcheck. If you no longer wish to receive<br /> such mail, you can either uninstall the logcheck package or modify<br /> its configuration file (/etc/logcheck/logcheck.conf).</p> <p>Security Events for su<br /> =-=-=-=-=-=-=-=-=-=-=-<br /> Apr 18 10:22:50 [HOSTAME] su[22045]: pam_systemd(su:session): Cannot create session: Already running in a session</p> <p>System Events<br /> =-=-=-=-=-=-=<br /> Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.897314633+02:00" level=warning msg="Your kernel does not support swap memory limit"<br /> Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.897868144+02:00" level=warning msg="Your kernel does not support cgroup rt period"<br /> Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.897888027+02:00" level=warning msg="Your kernel does not support cgroup rt runtime"<br /> Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.898400417+02:00" level=info msg="Loading containers: start."<br /> Apr 18 10:04:59 [HOSTAME] systemd-timesyncd[602]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).<br /> Apr 18 10:04:59 [HOSTAME] kernel: [ 20.828934] IPv6: ADDRCONF(NETDEV_UP): docker0: link is not ready<br /> Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.894540591+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"<br /> Apr 18 10:04:59 [HOSTAME] systemd-networkd[706]: docker0: Link UP<br /> Apr 18 10:04:59 [HOSTAME] systemd-timesyncd[602]: Network configuration changed, trying to establish connection.<br /> Apr 18 10:04:59 [HOSTAME] systemd-timesyncd[602]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 20.565372] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 20.718541] Initializing XFRM netlink socket<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 20.728739] Netfilter messages via NETLINK v0.30.<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 20.735211] ctnetlink v0.93: registering with nfnetlink.<br /> Apr 18 10:05:00 [HOSTAME] systemd-udevd[2038]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.<br /> Apr 18 10:05:00 [HOSTAME] systemd-timesyncd[602]: Network configuration changed, trying to establish connection.<br /> Apr 18 10:05:00 [HOSTAME] networkd-dispatcher[910]: WARNING:Unknown index 4 seen, reloading interface list<br /> Apr 18 10:05:00 [HOSTAME] systemd-udevd[2166]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.200548] docker0: port 1(veth9baff38) entered blocking state<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.200550] docker0: port 1(veth9baff38) entered disabled state<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.200633] device veth9baff38 entered promiscuous mode<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.202629] IPv6: ADDRCONF(NETDEV_UP): veth9baff38: link is not ready<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.202633] docker0: port 1(veth9baff38) entered blocking state<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.202635] docker0: port 1(veth9baff38) entered forwarding state<br /> Apr 18 10:05:00 [HOSTAME] kernel: [ 21.202669] docker0: port 1(veth9baff38) entered disabled state<br /> Apr 18 10:05:00 [HOSTAME] systemd-networkd[706]: veth9baff38: Link UP<br /> ...<br />
Arreglar problemas
Your kernel does not support swap memory limit
sudo vim /etc/default/grub
Modificamos GRUB_CMDLINE_LINUX
<br /> GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"<br />
sudo update-grub
sudo reboot
Server returned error NXDOMAIN, mitigating potential DNS violation
<br /> cd /etc<br /> sudo ln -sf ../run/systemd/resolve/resolv.conf /etc/resolv.conf<br />
https://www.linode.com/community/questions/17081/dns-stops-resolving-on-ubuntu-1804
Configuración de logcheck
Editamos el fichero /etc/logcheck/ignore.d.server/custom
Aunque se puede poner el nombre que se quiera.
<br /> *.from\ 251.red-79-157-159.dynamicip.rima-tde.net*<br /> *Synchronized\ to\ time\ server*<br /> *.\[UFW\ BLOCK\]*<br /> *filtering\ via\ arp/ip/ip6tables\ is\ no\ longer\ available*<br /> *Initializing\ XFRM\ netlink\ socket*<br /> *Netfilter\ messages\ via\ NETLINK*<br /> *ctnetlink\ v0.93:\ registering\ with\ nfnetlink.*<br /> *systemd-udevd*<br /> *networkd-dispatcher*<br /> *systemd-networkd*<br /> *IPv6:*<br /> *Link\ UP*<br /> *entered\ promiscuous\ mode*<br /> *entered\ blocking\ state*<br /> *can\ be\ used\ to\ set\ a\ preferred\ IP\ address*<br /> *Network\ configuration\ changed*<br /> *docker0*<br /> *eth0*<br /> *snapd*<br /> *containerd*<br /> *ovpn-server.*peer\ info*<br /> *ovpn-server.*VERIFY\ OK*<br /> *ovpn-server.*Initial\ packet*<br /> *ovpn-server.*Connection\ Initiated*<br /> *ovpn-server.*Control\ Channel*<br />
.from\ 251.red-79-157-159.dynamicip.rima-tde.net
Evitamos que nos avise ya que se trata de nuestros clientes de nextcloud intentando conectar cuando esta el ordenador de casa apagado.
.Synchronized\ to\ time\ server.ntp.ubuntu.com*
Servidor actualizando la hora del sistema.
.[UFW\ BLOCK]
Ips bloqueadas, son demasiadas.