Category Archives: CentOS / Red-Hat

Proper end-to-end syslog logging with Apache httpd

Table of content Context Objectives Folder structures and relevant files Configurations /etc/httpd/conf.d/httpd_base_module.conf /etc/httpd/conf.d/zz-03-example.com.conf /opt/fcrouzat/syslog/httpd-log.sh /etc/rsyslog.d/zz-10-httpd.conf Remote logging: /etc/rsyslog.d/zz-09-remote-httpd.conf Caveats Conclusions Context For an unknown reason, Apache httpd only supports syslog since 2.4 and only for error logs. On top of that, default log format is very poor and (to me) doesn’t mean anything. Add these [...]

Cisco AAA using TACACS+ with syslog and PAM support for CentOS/RedHat

Table of content Context TACACS+ Server installation TACACS+ Server Configuration Running TACACS+ Context In order to provide centralized authentication to network devices, radius is commonly used and works very well. It is generic and be used as a “proxy” to any kind of authentication backend which is great. If you have a very strict security [...]

[Updated 2015-03-10] How to work with root shells in a PCI-DSS 10.2.2 compliant environment

Table of content Context and objectives PCI-DSS 10.2.2 How it limits your productivity Solutions PAM Bash PROMPT_COMMAND Concepts How it works Examples of output Context and objectives If you ever worked as a system administrator in a Linux PCI-DSS environment, you know it’s sometimes (often) difficult to administrate your servers from command-line because of PCI-DSS [...]