License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: Basesystem for Gentoo Linux

First of all you have to install a Gentoo basesystem on your computer. There are some great howtos on the Gentoo homepage (http://www.gentoo.org). Please use them.

The following is a list of config files I changed/created in the installation process. You can use this as an addition to the Gentoo Handbook.

If you install from a stage3 you should change the make.conf to fit your system needs after the installation and rebuild the world with the new settings:

emerge -e world

Required hardware

For this topic you need the following hardware: Linux compatiple computer

Required software

The required software has to be installed with the following command(s):
emerge sys-process/vixie-cron
emerge app-admin/rsyslog
emerge sys-process/at
emerge app-admin/logrotate
emerge net-misc/whois
emerge net-analyzer/nmap
emerge net-misc/netkit-telnetd
emerge app-editors/vim
emerge media-video/mplayer
emerge sys-apps/rename
emerge media-sound/id3v2
emerge dev-perl/MP3-Tag
emerge media-libs/exiftool
emerge media-sound/vorbis-tools

Changes in /boot/grub/grub.cfg

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /boot/grub/grub.cfg

Changed on 08.09.08
Issued by olli
Beginning line 1

The Grub-Bootloader configuration

set timeout=30
set default=0

menuentry '4.4.39' {
        set root='(hd0,msdos1)'
        echo    'Loading kernel...'
        linux    /4.4.39 root=/dev/sda2 lockd.udpport=32768 lockd.tcpport=32768 consoleblank=0
}

menuentry '4.4.26' {
        set root='(hd0,msdos1)'
        echo    'Loading kernel...'
        linux    /4.4.26 root=/dev/sda2 lockd.udpport=32768 lockd.tcpport=32768 consoleblank=0
}


Changes in /etc/conf.d/consolefont

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/conf.d/consolefont

Changed on 06.09.08
Issued by olli
Beginning line 8

consolefont secifies the default font that you'd like Linux to use on the console


Before change
#consolefont="default8x16"
After change
consolefont="lat9w-16"

Changes in /etc/conf.d/hostname

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/conf.d/hostname

Changed on 06.09.08
Issued by olli
Beginning line 2

The hostname of your machine


Before change
hostname="localhost"
After change
hostname="silent-gabosh.example.com"

Changes in /etc/conf.d/keymaps

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/conf.d/keymaps

Changed on 06.09.08
Issued by olli
Beginning line 3

This setting is to specify the default console keymap


Before change
keymap="us"
After change
keymap="de-latin1"

Changes in /etc/conf.d/net

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/conf.d/net

Changed on 06.09.08
Issued by olli
Beginning line 6

Network-Interface settings

#config_eth1="XXX.XXX.XXX.XXX/24"
#routes_eth1="default via XXX.XXX.XXX.XXX"

config_tap0="XXX.XXX.XXX.XXX/16"
mac_tap0="XX:XX:XX:XX:XX:XX"
rc_net_tap0_provide="!net"

config_eth0="my.lan.ip.addr/16"
dns_servers_eth0="127.0.0.1"
dns_search_eth0="example.com dmz"
dns_domain_eth0="example.com"

Changes in /etc/conf.d/net

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/conf.d/net

Changed on 13.10.15
Issued by olli
Beginning line 28

Optional Internet Connection via PPPOE (rp-pppoe)

config_eth1=null
config_ppp0="ppp"
link_ppp0="eth1"
plugins_ppp0="pppoe"
username_ppp0='provideruser'
password_ppp0='providerpass'
pppd_ppp0="
noauth
defaultroute
holdoff 3
child-timeout 60
lcp-echo-interval 15
lcp-echo-failure 3
noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp"
rc_net_ppp0_need="net.eth1"

Changes in /etc/cron.daily/clearat.sh

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /etc/cron.daily/clearat.sh

Changed on 17.08.09
Issued by olli
Beginning line 1

Delete at spools older then two weeks

find /var/spool/at/atspool -ctime +14 -exec rm {} \;

Changes in /etc/fstab

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/fstab

Changed on 06.09.08
Issued by olli
Beginning line 17

List of local filesystems and mount options which are required for system boot or other mount operations.


Before change
/dev/BOOT		/boot		ext2		noauto,noatime	1 2
/dev/ROOT		/		ext3		noatime		0 1
/dev/SWAP		none		swap		sw		0 0
/dev/cdrom		/mnt/cdrom	auto		noauto,ro	0 0
After change
/dev/sda1	/boot			ext4	noatime,noexec,acl,nosuid,discard,nofail	0 0
/dev/sda2	/			ext4	noatime,acl,discard,nofail		0 0
/dev/sda9	/var			ext4	noatime,acl,discard,nofail	        0 0
/dev/sda5	/var/log		ext4	noatime,acl,noexec,nosuid,discard,nofail	0 0
/dev/sda6       /data                   ext4    noatime,acl,nosuid,discard,nofail       0 0
/dev/sda7       none                    swap    sw,discard,nofail                     0 0
/dev/sda8	/var/www		ext4	noatime,acl,nosuid,discard,nofail      0 0
/dev/sdb2       /gtc			ext4    noatime,acl,nosuid,nofail      0 0
proc		/proc			proc	defaults,nofail		0 0

Changes in /etc/hosts

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/hosts

Changed on 06.09.08
Issued by olli
Beginning line 39

This entry is for the LAN IP of the Server. If the DNS fails the server can resolf at least himself.

my.lan.ip.addr silent-gabosh.example.com silent-gabosh gabosh example.com
XXX.XXX.XXX.XXX silent-inet-gabosh.example.com silent-inet-gabosh inet-gabosh
# Some other Hostnames (VPNs/INETLAN)
XXX.XXX.XXX.XXX   router fritz fb box fritzbox 
XXX.XXX.XXX.XXX silent-vpn-gabosh.example.com silent-vpn-gabosh vpn-gabosh
my.ip.as.vpn-client silent-vpn-client-gabosh.example.com silent-vpn-client-gabosh vpn-client-gabosh
#XXX.XXX.XXX.XXXhera.medianet hera

Changes in /etc/logrotate.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/logrotate.conf

Changed on 13.01.15
Issued by olli
Beginning line 7

Logrotate daily


Before change
weekly
After change
daily

Changes in /etc/logrotate.d/gabosh

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/logrotate.d/gabosh

Changed on 19.09.14
Issued by olli
Beginning line 1

Logrotations

/opt/rsyncd.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
	postrotate
	        /usr/local/sbin/rsyncwatch > /dev/null 2>&1 || true
	endscript
}

/var/log/dyndns.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
}

/opt/horde/horde.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
	postrotate
	        /usr/local/sbin/hordewatch > /dev/null 2>&1 || true
	endscript
}
/opt/horde/hordeaddr2gps.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
}
/opt/horde-test/horde.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
	postrotate
	        /usr/local/sbin/hordetestwatch > /dev/null 2>&1 || true
	endscript
}
/var/log/openvpn/vpn.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
}

/var/log/openvpn/vpnfw.log {
        compress
        rotate 7
	daily
        notifempty
        missingok
        copytruncate
	postrotate
	        /root/scripts/vpnfire.sh || true
	endscript
}

/var/log/bind.log
/var/log/dhcpd.log
/var/log/nfs.log
/var/log/ntp.log
/var/log/maillog.log
/var/log/firewall.log
/var/log/dmesgcron
/var/log/watchdog.log
/var/log/pulseaudio.log
/var/log/hostapd.log
/var/log/nscd.log
/var/log/arpwatch.log
/var/log/x.log
/var/log/xinetd.log
/var/log/sa-update.log
/var/log/pppd.log
{
        rotate 7
        daily
        missingok
        notifempty
        copytruncate
	compress
        postrotate
                kill -HUP $(cat /run/rsyslogd.pid) >/dev/null 2>&1 || true
        endscript
}
/var/log/apache2/*log {
	rotate 7
	daily
	missingok
	notifempty
	copytruncate
	compress
	postrotate
		/etc/init.d/apache2 restart > /dev/null 2>&1 || true
	endscript
}

/var/log/auth.log
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.log
/var/log/news.log
/var/log/user.log
/var/log/debug.log
/var/log/messages
{
        rotate 7
        daily
        missingok
        notifempty
        compress
        sharedscripts
        postrotate
                test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
        endscript
}



Changes in /etc/make.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/make.conf

Changed on 05.09.2008
Issued by olli
Beginning line 1

In this file all software and hardware specific optimazions are set.

# Optimazions für the processor and the system architecture
CHOST="i686-pc-linux-gnu"
#CHOST="x86_64-pc-linux-gnu"
CFLAGS="-march=atom -O2 -pipe -fomit-frame-pointer -pipe"
CXXFLAGS="${CFLAGS}"
# Optimazions for the software
USE="-smartcard oss pjproject -ipv6 gnutls ssl dhcp pulseaudio png cairo samba client smbclient pdo dbus hpijs xmlreader xmlwriter curl mod_pubsub mod_muc system-wide ruby_targets_ruby21 conntrack udisks -extras -themes minizip gudev apng introspection gtk javascript webinterface fdk fontconfig libass clamav -syslog -dvd -dvdnav -truetype X nscd python -tls-heartbeat sockets bcmath server -svg  messages inotify vpx vorbis intl mp3 gssapi mdev sieve ldap-bind scanner openldap kerberos tidy xmlrpc spl real ogg -opengl -osdmenu -xscreensaver -xv cdparanoia jack lzo mad win32codecs cjk sdb-ldap overlays dlz -snmp -dso git subversion nls alsa vhosts xattr acl dynamicplugin -3dnow -3dnowext hash ldap logrotate nfs capi -pic spamassassin iconv json mhash usb cli pcre xml zlib sasl apache2 chroot ctype cups extensions fax ffmpeg ftp gd gdbm imagemagick imap jpeg -network netpbm perl session slang -tcpd tordns tiff truetype unicode unzip vim-syntax xml zip xvid x264 x265 aac faac policykit svg nsplugin"
GRUB_PLATFORMS="efi-32 efi-64"
LANG="de_DE"
LANGUAGE="41"
LINGUAS="de"
L10N="de"
ACCEPT_LICENSE="-* @FREE isc-dhcp arj adobe-ps lha freedist unRAR PHP-2.02 MSttfEULA hylafax free-noncomm DES MPEG-4 zoo SAMSUNG-ELECTRONICS-software as-is FraunhoferFDK Oracle-BCLA-JavaSE"
PORTAGE_TMPDIR="/opt/portagetmp"
CPU_FLAGS_X86="mmx sse"
SANE_BACKENDS=""
CURL_SSL="gnutls"
FFTOOLS=""
CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3"
VOICEMAIL_STORAGE="file"
VIDEO_CARDS="dummy fbdev" 
#VIDEO_CARDS="dummy fbdev glint intel mach64 mga nouveau nv r128 radeon savage tdfx trident v4l vesa via vmware -apm -ast -chips -cirrus -epson -fglrx (-freedreno) -geode -i128 -i740 -modesetting -neomagic -nvidia"

Changes in /etc/profile.d/root.sh

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /etc/profile.d/root.sh

Changed on 30.11.10
Issued by olli
Beginning line 1

Some (personal) special settings for the root shell.

EDITOR="/usr/bin/vim"
if [ "$EUID" = "0" ] || [ "$USER" = "root" ] 
then
 PATH=$PATH:/root/scripts
 HISTSIZE=10000
 HISTFILESIZE=10000
fi

Changes in /etc/rc.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/rc.conf

Changed on 05.03.17
Issued by olli
Beginning line 251

Network is up if one Interface starts

rc_depend_strict="NO"

Changes in /etc/rsyslog.d/00-gabosh.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/rsyslog.d/00-gabosh.conf

Changed on 19.09.14
Issued by olli
Beginning line 1

Logfile definitions

# Additional Socket from chroot
input(type="imuxsock" HostName="webspace" Socket="/srv/www/dev/log" CreatePath="on")
input(type="imuxsock" HostName="vpn" Socket="/srv/dev/log")
# Cron
if $programname == 'cron' and $syslogseverity <= '6' then /var/log/cron.log
if $programname == 'cron' then stop
if $programname == 'run-crons' and $syslogseverity <= '6' then /var/log/cron.log
if $programname == 'run-crons' then stop
if $programname == 'crontab' and $syslogseverity <= '6' then /var/log/cron.log
if $programname == 'crontab' then stop
# rsync
if $programname == 'rsyncd' and $syslogseverity <= '6' then /opt/rsyncd.log
if $programname == 'rsyncd' then stop
# DNS
if $programname == 'named' and $msg contains 'client 127.0.0.1' then stop
if $programname == 'named' and $syslogseverity <= '6' then /var/log/bind.log
if $programname == 'named' then stop
# DHCP
if $programname == 'dhcpd' and $syslogseverity <= '6' then /var/log/dhcpd.log
if $programname == 'dhcpd' then stop
# NFS
if $programname == 'rpc.mountd' and $syslogseverity <= '6' then /var/log/nfs.log
if $programname == 'rpc.mountd' then stop
if $programname == 'rpc.idmapd' and $syslogseverity <= '6' then /var/log/nfs.log
if $programname == 'rpc.idmapd' then stop
if $programname == 'rpc.statd' and $syslogseverity <= '6' then /var/log/nfs.log
if $programname == 'rpc.statd' then stop
if $programname == 'rpcbind' and $syslogseverity <= '6' then /var/log/nfs.log
if $programname == 'rpcbind' then stop
# NTP
if $programname == 'ntpd' and $syslogseverity <= '6' then /var/log/ntp.log
if $programname == 'ntpd' then stop
if $programname == 'ntpdate' and $syslogseverity <= '6' then /var/log/ntp.log
if $programname == 'ntpdate' then stop
# Mail
if $msg contains 'auxpropfunc error invalid parameter supplied' then stop
if $msg contains '_sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb' then stop
if $msg contains 'seen_db: user ' then stop
if $msg contains 'SQUAT ' then stop
if $msg contains 'indexing mailbox ' then stop
if $msg contains 'fetching user_deny.db' then stop
if $programname == 'lmtpunix' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'lmtpunix' then stop
if $programname == 'imap' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'imap' then stop
if $programname == 'imaps' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'imaps' then stop
if $programname == 'master' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'master' then stop
if $programname == 'ctl_cyrusdb' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'ctl_cyrusdb' then stop
if $programname == 'pop3' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'pop3' then stop
if $programname == 'pop3s' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'pop3s' then stop
if $programname == 'squatter' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'squatter' then stop
if $programname == 'tls_prune' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'tls_prune' then stop
if $programname == 'cyr_expire' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'cyr_expire' then stop
if $programname == 'sieve' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'sieve' then stop
if $programname == 'deliver' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'deliver' then stop
if $programname == 'ipurge' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'ipurge' then stop
if $programname == 'saslauthd' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'saslauthd' then stop
if $programname == 'amavis' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'amavis' then stop
if $programname == 'clamd' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'clamd' then stop
if $programname == 'freshclam' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'freshclam' then stop
if $programname == 'fetchmail' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'fetchmail' then stop
if $programname == 'spamd' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'spamd' then stop
if $programname contains 'postfix' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname contains 'postfix' then stop
if $programname == 'reconstruct' and $syslogseverity <= '6' then /var/log/maillog.log
if $programname == 'reconstruct' then stop
# firewall
if $programname == 'kernel' and $msg contains 'DROP: ' then /var/log/firewall.log
if $programname == 'kernel' and $msg contains 'DROP: ' then stop
# filter messages
if $programname == 'internal-sftp' and $msg contains 'sent status ' then stop
if $programname == 'internal-sftp' and $msg contains 'lstat name ' then stop
if $programname == 'internal-sftp' and $msg contains '/.xbmc/' then stop
if $programname == 'internal-sftp' then /opt/sftpaccess.log
if $programname == 'internal-sftp' then stop
# Horde-Addr2GPS
if $programname == 'hordeaddr2gps.pl' then /opt/horde/hordeaddr2gps.log
if $programname == 'hordeaddr2gps.pl' then stop
# PulseAudio
if $programname == 'pulseaudio' then /var/log/pulseaudio.log
if $programname == 'pulseaudio' then stop
# hostapd
if $programname == 'hostapd' then /var/log/hostapd.log
if $programname == 'hostapd' then stop
# nscd
if $programname == 'nscd' then /var/log/nscd.log
if $programname == 'nscd' then stop
# arpwatch
if $programname == 'arpwatch' then /var/log/arpwatch.log
if $programname == 'arpwatch' then stop
# X
if $programname == 'mate-session' then /var/log/x.log
if $programname == 'mate-session' then stop
if $programname == 'Tor' then /var/log/x.log
if $programname == 'Tor' then stop
# xinetd
if $programname == 'xinetd' then /var/log/xinetd.log
if $programname == 'xinetd' then stop
# in.tftp
if $programname == 'in.tftpd' then /var/log/in.tftpd.log
if $programname == 'in.tftpd' then stop
# pppd
if $programname == 'pppd' then /var/log/pppd.log
if $programname == 'pppd' then stop
#

Changes in /etc/ssh/sshd_config

File permissions:
Owner: root
Group: root
Permissions: -rw-------

Click here for a download of the complete file: /etc/ssh/sshd_config

Changed on 07.06.10
Issued by olli
Beginning line 169

List of users who are allowed to login and allow only save chipers over ssh

PermitRootLogin no
PubkeyAuthentication no
X11Forwarding no
AllowTcpForwarding no
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
IgnoreRhosts yes

AllowUsers root olli

Match User root Address 127.0.0.1,172.23.*,172.24.*,172.25.*,212.6.102.3
 PermitRootLogin yes

Match User root Address XXX.XXX.XXX.XXX
 PermitRootLogin yes
 PubkeyAuthentication yes

Match User olli Address 127.0.0.1,172.23.*,172.25.*,85.16.65.139
 PubkeyAuthentication yes


Changes in /etc/sysctl.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/sysctl.conf

Changed on 06.09.08
Issued by olli
Beginning line 53

This reboots the computer 60 seconds after a kernel panic.


Before change
#kernel.panic = 3
After change
kernel.panic = 60

Changes in /gtc/test/etc/profile.d/gtc.sh

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/profile.d/gtc.sh

Changed on 30.11.10
Issued by olli
Beginning line 1

Some (personal) special settings for the root shell.

EDITOR="/usr/bin/vim"
PATH=$PATH:/etc/thinclient/scripts
HISTSIZE=10000
HISTFILESIZE=10000

Changes in /usr/local/sbin/msgwatch

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /usr/local/sbin/msgwatch

Changed on 02.03.11
Issued by olli
Beginning line 2

This is an optional script which sends en eMail if a ssh-User logs in or out.

#!/usr/bin/perl -w

# Load modules
use strict;
use File::Tail;
use Proc::Daemon;
use File::Basename;

# Stop running daemon if exists
my $me=basename("$0");
if (-f "/var/run/$me") {
 open(PID, "</var/run/$me");
 my $pid=<PID>;
 close(PID);
 chomp($pid);
 if (-d "/proc/$pid") {
  print "Killing old daemon with PID: $pid\n";
  kill 9, $pid;
 }
}

# Daemonize
Proc::Daemon::Init();

# Write PID file
open(PID, ">/var/run/$me");
print PID $$;
close(PID);

# The address where notification mails should go to
my $mailto='mail@example.com';
# Targetlogfile
my $logfile="/var/log/messages";

my $file=File::Tail->new(name => $logfile, maxinterval => 1, adjustafter => 1, reset_tail => 0);
while (defined(my $line=$file->read)) {

### SSHD ###
 if ($line =~ / sshd.+ Accepted .+ for .+ from .+ port /) {
  $line=~s/  +/ /g;
  chomp($line);
  sleep 5;
  my $who=`who ; w`;
  my @line=split(/ /,$line);
  `echo "Hi,

$line[8] is logging in with $line[6] ($line[12]) from $line[10]:

# who ; w
$who
$line

Your $0 [$$]
" | mail -s "SSHWATCH: $line[8] is logging in from $line[10]" $mailto`;
 }
 if ($line =~ / sshd.+ session closed for user /) {
  $line=~s/  +/ /g;
  chomp($line);
  sleep 5;
  my $who=`who ; w`;
  my @line=split(/ /,$line);
  `echo "Hi,

$line[10] is closing the session:

# who ; w
$who
$line

Your $0 [$$]
" | mail -s "SSHWATCH: $line[10] is closing the session" $mailto`;
 }
}

Changes in /usr/local/sbin/rsyncwatch

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /usr/local/sbin/rsyncwatch

Changed on 02.03.11
Issued by olli
Beginning line 2

This is an optional script which sends en eMail if there is a rsync connection.

#!/usr/bin/perl -w

# Load modules
use strict;
use File::Tail;
use Proc::Daemon;
use File::Basename;

# Stop running daemon if exists
my $me=basename("$0");
if (-f "/var/run/$me") {
 open(PID, "</var/run/$me");
 my $pid=<PID>;
 close(PID);
 chomp($pid);
 if (-d "/proc/$pid") {
  print "Killing old daemon with PID: $pid\n";
  kill 9, $pid;
 }
}

# Daemonize
Proc::Daemon::Init();

# Write PID file
open(PID, ">/var/run/$me");
print PID $$;
close(PID);

# The address where notification mails should go to
my $mailto='mail@example.com';
# Targetlogfile
my $logfile="/srv/rsyncd.log";

my $file=File::Tail->new(name => $logfile, maxinterval => 1, adjustafter => 1, reset_tail => 0);
while (defined(my $line=$file->read)) {

### RSYNCD ###
 if ($line =~ / rsyncd.+ connect from /) {
  $line=~s/  +/ /g;
  chomp($line);
  my @line=split(/ /,$line);
  `echo "Hi,

rsync connection from $line[7] $line[8];

Your $0 [$$]
" | mail -s "RSYNCDWATCH: rsync connection from $line[7] $line[8]" $mailto`;
 }
}

Setting up services

For starting the new service after system reboot you should add it to a runlevel with the following command(s):

rc-update add sshd default
rc-update add atd default
rc-update add rsyslog default
rc-update add vixie-cron default

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here