Security admin tips

A few important bits to look at as an Ubuntu server sysadmin

Some useful sysadmin commands

Display all current connections, listening services, and processes

Really useful Ubuntu sysadmin utility:

netstat -tulpn

If its not present, use this to install it: sudo apt install net-tools

To only see the runnign services, use:

service --status-all | grep "[ + ]"
Check for Rootkits

The “rkhunter” package is useful for doing a scan of your system for any known rootkits:

apt-get install rkhunter
rkhunter -C

Configuration file locations

Apache 2:

/etc/apache/apache2.conf

SSH Server

/etc/ssh/sshd_config

MySQL

/etc/mysql/mysql.cnf

Log files

View log files

Good for scrolling through log files:

less /path/to/log/file

Type ‘q’ to quit

Good for viewing the end of a log file and seeing new messages as they get added:

tail /path/to/log/file
Log file locations

Whole system logs and current activity logs:

/var/log/message

Authentication logs

/var/log/auth.log

Kernel logs

/var/log/kern.log

Cron logs

/var/log/cron.log

Mail server logs

/var/log/maillog

System boot log

/var/log/boot.log

MySQL database server log file

/var/log/mysqld.log

Authentication log

/var/log/secure

Login records file

/var/log/utmp or /var/log/wtmp

Apt package manager logs

/var/log/apt

USEFUL?
We benefit hugely from resources on the web so we decided we should try and give back some of our knowledge and resources to the community by opening up many of our company’s internal notes and libraries through mini sites like this. We hope you find the site helpful.
Please feel free to comment if you can add help to this page or point out issues and solutions you have found, but please note that we do not provide support on this site. If you need help with a problem please use one of the many online forums.

Comments

Your email address will not be published. Required fields are marked *