News
Seven days of Black Friday madness — great deal from Serverspace!
Serverspace Black Friday
RF
June 22, 2023
Updated July 25, 2023

How to setup an anti-DDoS system on Debian: Part 3

Debian Networks Security

Previous episode

In the previous episode of the series instruction, we consider making manually a normal data profile with Wireshark for our software. That should protect our system from illegitimate data and create a secure environment. Manual data collection for a big company may be a long and boring task, however, quite flexible and comfortable for small and medium businesses. In that instruction, we will consider automation in making network data profiles that can help in different complicated and ambiguous situations. Let’s have a look!



Software

The first question appears: “What kind of software needs to use in this situation”? There are various types of programs, but we chose the logwatch and acct. They help to build automatic reporting and make profile systems which transform routine for easy movement.

Install and exploit

At the beginning write this command to update the index of the package :

sudo apt update –y && sudo apt upgrade –y
Update OS
Screenshot №1 — Update OS

Wait a little bit of time to upgrade all packages this is a significant part of any installation. Right after this action write to CLI commands below, that install the needed software to our system:

sudo apt install acct
Acct installation
Screenshot №2 — Acct installation

After this install system log–watching:

sudo apt install logwatch
logwatch installation
Screenshot №3 — Logwatch installation

After installation look at the configuration file:

cd ~/usr/share/logwatch/default.conf && nano logwatch.conf
Config logwatch
Screenshot №4 — Config logwatch

In this file, you can specify which logs should be analyzed, what level of detail of reports is needed, etc. If you want to gather log information about authentification then you need uncommented line:

LogFile = /var/log/auth.log
Logfile
Screenshot №5 — Logfile

After compilating this setting if you have configured the SMTP server you can write in the config file data:

MailTo = an1ik@ya.ru
Mail sender
Screenshot №6 — Mail sender

Then save the file with a combination of keys Ctrl+O, Ctrl+X and boot logwatch:

sudo logwatch

And have a look at the results:

info
Screenshot №7 — Info

Now we go to use acct. After installing acct, you can enable its operation using the command:

sudo service acct start
service-start
Screenshot №8 — Service start

After this utility starts logging user information to /var/log/account/pacct. To view resource usage statistics for a specific user, you can use the sa command. For example, to view statistics for the user root, you need to run the following command:

ac –p /var/log/account/pacct root
Result
Screenshot №9 — Result

Conclusion

In that instruction, we installed monitoring and gathering system data utilities, which can automize collect and systemize information about logs from all systems and actions of users. It’s an additional digit print which we can use for our security system. In the next episode, we can touch on the creation of synthetic traffic and user profiles in the IPS/IDS system for protection. Don’t tune the channel!

Now you can check previous episodes instructions of that series:

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.