Afinando ubuntu server

Posted on by edumag
LogCheck

Una vez instalado logcheck vamos recibiendo avisos de algunas cosas importantes que debemos ajustar y en caso de ser imoprtantes ignorarlas.

Salida de logcheck

sudo -u logcheck logcheck -o -t

<br />
This email is sent by logcheck. If you no longer wish to receive<br />
such mail, you can either uninstall the logcheck package or modify<br />
its configuration file (/etc/logcheck/logcheck.conf).</p>
<p>Security Events for su<br />
=-=-=-=-=-=-=-=-=-=-=-<br />
Apr 18 10:22:50 [HOSTAME] su[22045]: pam_systemd(su:session): Cannot create session: Already running in a session</p>
<p>System Events<br />
=-=-=-=-=-=-=<br />
Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.897314633+02:00" level=warning msg="Your kernel does not support swap memory limit"<br />
Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.897868144+02:00" level=warning msg="Your kernel does not support cgroup rt period"<br />
Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.897888027+02:00" level=warning msg="Your kernel does not support cgroup rt runtime"<br />
Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.898400417+02:00" level=info msg="Loading containers: start."<br />
Apr 18 10:04:59 [HOSTAME] systemd-timesyncd[602]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).<br />
Apr 18 10:04:59 [HOSTAME] kernel: [   20.828934] IPv6: ADDRCONF(NETDEV_UP): docker0: link is not ready<br />
Apr 18 10:04:59 [HOSTAME] dockerd[922]: time="2020-04-18T10:04:59.894540591+02:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"<br />
Apr 18 10:04:59 [HOSTAME] systemd-networkd[706]: docker0: Link UP<br />
Apr 18 10:04:59 [HOSTAME] systemd-timesyncd[602]: Network configuration changed, trying to establish connection.<br />
Apr 18 10:04:59 [HOSTAME] systemd-timesyncd[602]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   20.565372] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   20.718541] Initializing XFRM netlink socket<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   20.728739] Netfilter messages via NETLINK v0.30.<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   20.735211] ctnetlink v0.93: registering with nfnetlink.<br />
Apr 18 10:05:00 [HOSTAME] systemd-udevd[2038]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.<br />
Apr 18 10:05:00 [HOSTAME] systemd-timesyncd[602]: Network configuration changed, trying to establish connection.<br />
Apr 18 10:05:00 [HOSTAME] networkd-dispatcher[910]: WARNING:Unknown index 4 seen, reloading interface list<br />
Apr 18 10:05:00 [HOSTAME] systemd-udevd[2166]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.200548] docker0: port 1(veth9baff38) entered blocking state<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.200550] docker0: port 1(veth9baff38) entered disabled state<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.200633] device veth9baff38 entered promiscuous mode<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.202629] IPv6: ADDRCONF(NETDEV_UP): veth9baff38: link is not ready<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.202633] docker0: port 1(veth9baff38) entered blocking state<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.202635] docker0: port 1(veth9baff38) entered forwarding state<br />
Apr 18 10:05:00 [HOSTAME] kernel: [   21.202669] docker0: port 1(veth9baff38) entered disabled state<br />
Apr 18 10:05:00 [HOSTAME] systemd-networkd[706]: veth9baff38: Link UP<br />
...<br />

Arreglar problemas

Your kernel does not support swap memory limit

sudo vim /etc/default/grub

Modificamos GRUB_CMDLINE_LINUX

<br />
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"<br />

sudo update-grub

sudo reboot

Server returned error NXDOMAIN, mitigating potential DNS violation

<br />
cd /etc<br />
sudo ln -sf ../run/systemd/resolve/resolv.conf /etc/resolv.conf<br />

https://www.linode.com/community/questions/17081/dns-stops-resolving-on-ubuntu-1804

Configuración de logcheck

Editamos el fichero /etc/logcheck/ignore.d.server/custom

Aunque se puede poner el nombre que se quiera.

<br />
*.from\ 251.red-79-157-159.dynamicip.rima-tde.net*<br />
*Synchronized\ to\ time\ server*<br />
*.\[UFW\ BLOCK\]*<br />
*filtering\ via\ arp/ip/ip6tables\ is\ no\ longer\ available*<br />
*Initializing\ XFRM\ netlink\ socket*<br />
*Netfilter\ messages\ via\ NETLINK*<br />
*ctnetlink\ v0.93:\ registering\ with\ nfnetlink.*<br />
*systemd-udevd*<br />
*networkd-dispatcher*<br />
*systemd-networkd*<br />
*IPv6:*<br />
*Link\ UP*<br />
*entered\ promiscuous\ mode*<br />
*entered\ blocking\ state*<br />
*can\ be\ used\ to\ set\ a\ preferred\ IP\ address*<br />
*Network\ configuration\ changed*<br />
*docker0*<br />
*eth0*<br />
*snapd*<br />
*containerd*<br />
*ovpn-server.*peer\ info*<br />
*ovpn-server.*VERIFY\ OK*<br />
*ovpn-server.*Initial\ packet*<br />
*ovpn-server.*Connection\ Initiated*<br />
*ovpn-server.*Control\ Channel*<br />

.from\ 251.red-79-157-159.dynamicip.rima-tde.net

Evitamos que nos avise ya que se trata de nuestros clientes de nextcloud intentando conectar cuando esta el ordenador de casa apagado.

.Synchronized\ to\ time\ server.ntp.ubuntu.com*

Servidor actualizando la hora del sistema.

.[UFW\ BLOCK]

Ips bloqueadas, son demasiadas.

Herramienta en línea para generar las reglas

https://nyman.re/logcheck-helper

Leave a Reply

Your email address will not be published. Required fields are marked *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.

LesOlivex