Ubuntu Reference Guide

part of the WillPowered Inc. network
© 2011 William Hall <5/> - This site uses HTML5

Security\Logwatch

To see how effective your firewall and denyhosts policies are, you can use Logwatch to process your error logs and email you their contents daily. Install logwatch as follows:

$ sudo apt-get install logwatch

You must then edit the configuration file like this:

$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf

Then change the MailTo line to your email address and make sure an appropriate name is specified on the MailFrom line. "Range = yesterday" and "Detail = Low" are sufficient to be able to see failed login attempts and firewall packets sent to closed ports but High detail will show you more understandable firewall logs so I recommend that.

The most important change is setting the output to be mail instead of stdout.

Finally we have to check the cron file to make sure that Logwatch will run.

$ sudo nano /etc/cron.daily/00logwatch

Make sure that the following line is present, with your email address obviously if you would like to double it up:

/usr/sbin/logwatch --mailto you@example.com

Logwatch might not have installed two critical html files, you will know because you will receive a blank logwatch email tomorrow and the root user will get mail telling it so. You can download the source code .tar.gz and take the html files out of there to stick into the correct directory on your server.

If Logwatch highlights the inability to open /etc/default/locale, run the following command:

$ sudo touch /etc/default/locale

If you want to monitor your bandwidth usage real time by other peoples IP address, you can use a program called iftop to do so from a terminal.

$ sudo apt-get install iftop $ sudo iftop

Press p whilst in iftop to show the protocol each client is using.

References