From the course: Complete Guide to Open Source Security

Unlock the full course today

Join today to access over 24,500 courses taught by industry experts.

Enhancing your logs

Enhancing your logs

- [Instructor] We're in our web01 proxy. As our main interface to the public network, the proxy is a key point to monitor remote access to our systems. A good way to do this is by using the Linux iptables tool. It isn't installed by defaulting Kali Purple, so will install it. sudo su. And we'll get to root session and we'll do our work from the root folder, and we'll apt install iptables. We can add a rule to generate a log for each new connection attempted, whether it was successful or not. However, changes to iptables are ephemeral and need to be reloaded on a reboot, so we'll create a service to do that. In addition, we have Suricata running on the proxy and it can generate a lot of logs. So to avoid bulking out our storage, we'll clean them each time we reboot. We can do that by truncating them. Firstly, we'll create a small Python script, nano check.py, and we'll import the operating system library, os.system, and we'll truncate -s 0 /var/log/* and any errors we'll send to…

Contents