How to set a secure log server

Source: Internet
Author: User
Keywords Server security we nbsp;
Tags change clean up computer connect etc file find get

More and more hacker appear in the Internet, more and more experts appear in the case. How do you make sure that you can save a full log? A little bit of conceptual hacker know that the first thing to do when you get into the system is to clean up the log, and the easiest and most straightforward way to find the intrusion is to look at the system records file. Now let's talk about how to set up a secure log server.

Think about how you can change your log if intruders can't connect to your log server? Now let's learn how to set up a log server without IP.

Now, let's explain how to do three things with snort:

Stealth Sniffer

Stealth NIDS Porbe

Stealth Logger

All this is used on a server without IP. NIDs is the abbreviation of receptacle intrusion dectection server, i.e. intrusion detection server.

Why stealth?

Running any service on the Internet is dangerous. Whether it is HTTP or FTP, or Telnet, in short, there will be opportunities for hack intrusion. The uniqueness of stealth logger allows us to receive data without sending any information. This way the external computer (the hack computer) cannot change the information received by Loger Server at all. That is to say, to ensure the integrity of our information, as well as the original. In order to secure the log server, it is best not to connect the log server to the network. In other words, when you need to check something on the logger server, you need to go to the computer and turn on the screen. Instead of remote login in. However, if you must connect to the Internet, then use two interfaces. That is to say two network card, and notice, first, IP forwarding must close. The second is that the interface used to do stealth logger is a network card without IP, this card must not be with another IP network card under the same network.

Set:

First of course is to make sure that your NIC is installed correctly, and can be kernel caught. Then write the module required by the NIC to the/etc/modules.conf file.

Now let's set up a network interface with no IP.

Edit File/etc/sysconfig/network-scripts/ifcfg-eth0

Vim/etc/sysconfig/network-scripts/ifcfg-eth0

Device=eth0

Userctl=no

Onboot=yes

bootproto=

broadcast=

network=

netmask=

Ipaddr=

After archiving, use Ifconfig to active our eth0 interface.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.