Category Archives: PCI-DSS

Proper end-to-end syslog logging with Apache httpd

Table of content Context Objectives Folder structures and relevant files Configurations /etc/httpd/conf.d/httpd_base_module.conf /etc/httpd/conf.d/zz-03-example.com.conf /opt/fcrouzat/syslog/httpd-log.sh /etc/rsyslog.d/zz-10-httpd.conf Remote logging: /etc/rsyslog.d/zz-09-remote-httpd.conf Caveats Conclusions Context For an unknown reason, Apache httpd only supports syslog since 2.4 and only for error logs. On top of that, default log format is very poor and (to me) doesn’t mean anything. Add these [...]

Cisco AAA using TACACS+ with syslog and PAM support for CentOS/RedHat

Table of content Context TACACS+ Server installation TACACS+ Server Configuration Running TACACS+ Context In order to provide centralized authentication to network devices, radius is commonly used and works very well. It is generic and be used as a “proxy” to any kind of authentication backend which is great. If you have a very strict security [...]