个采用syslog-ng结合stunnel 来建立安全Linux日志服务器的例子:
server端的配置
系统安装要求:先安装C编译器(如GCC)
再安装一个libol 包([url][/url])
最后装syslog-ng([url][/url] ... og-ng-1.6.5.tar.gz)
#tar xzvf libol-0.3.14.tar.gz
#cd libol-0.3.14
#./configure ;make;make install
#tar xzvf syslog-ng-1.6.5.tar.gz
#cd syslog-ng-1.6.5
#./configure --prefix=/usr/local/syslog-ng;make;make install
安装完后,请注意在/usr/local/syslog-ng目录下只有man和sbin两个目录,并未生成etc这个存放配置文件的目录.如果此时启动syslog-ng,系统会报错称未找到配置文件,因此,还要从上面解压缩后的目录复制一个示范配置文件到syslog-ng目录下.
#mkdir -p /usr/local/syslog-ng/etc/syslog-ng
#cd /home/mct/syslog-ng-1.6.5/doc
#cp syslog-ng.conf.sample /usr/local/syslog-ng/etc/syslog-ng/syslog-ng.conf
安装并配置stunnel
#/usr/sbin/groupadd -g 111 stunnel
#/usr/sbin/useradd -c stunnel -d /dev/null -m -g 111 -u 111 stunnel
#tar xzvf stunnel-4.05.tar.gz
#./configure --prefix=/usr/local/stunnel
#./configure --prefix=/usr/local/stunnel;make;make install
.....
...........
writing new private key to 'stunnel.pem'
--------------------------------------------
you are about to be asked to enter information that will be incorpated into your certificafe request.
what you are about to enter is that is called a Distingguished Name or a DN
there are quite afew fields but you can leave some blank
For some fields there will be a default value
If you enter '.' ,the field will be left blank
---------------------------------------------------------
下面是写自己的信息.这里我写我自己的
country Name(2 letter code)[PL]:CN
state or province Name(full name)[some-state]:Jack
locality Name(eg,city)[]:guangzhou
organization Name (eg,company)[stunnel Developers Ltd]:personal
organization Unit Name(eg,section)[]:none
common Name (FQDN of your server)[localhost]:logserver
注意,在make过程中,需要创建stunnel.pem的私钥.
完成后,修改stunnel配置文件,加入以下几行:
#cd /usr/local/stunnel/etc/stunnel/
#mv stunnel.conf-sample stunnel.conf
#vi stunnel.conf
..............
cert=/usr/local/stunnel/etc/stunnel/syslog-ng-serve.pem
cAfile=/usr/local/stunnel/etc/stunnel/syslog-ng-client.pem
pempid=/usr/local/stunnel/var/run/stunnel4/stunnel.pid
setuid=stunnel
setgid=stunnel
[514]
accept=192.168.0.207:5140
connect=127.0.0.1:514
为stunnel创建证书
#cd /ust/share/ssl/certs
#make syslog-ng-server.pem
#make syslog-ng-client.pem
#cp sys*.pem /usr/local/stunnel/etc/stunnel
为syslog-ng配置使用stunnel
修改syslog-ng.conf加入如下一行:
#vi usr/loca/syslog-ng/etc/syslog-ng/syslog-ng.conf
.....
source client{tcp("127.0.0.1")port(514)keep-alive(yes);};
最后,更改软件目录的所有权:
#cd /usr/loca;
#chown stunnel stunnel
并启动syslog-ng:
#/usr/local/stunnel/sbin/stunnel
#/usr/local/syslog-ng/sbin/syslog-ng start
client端设置
客户端的配置类似服务器端,只是做stunnel.conf的修改,要添加如下几行:
#vi stunnel.conf
.......
client=yes
cert=/usr/local/stunnel/etc/stunnel/syslog-ng-client.pem
cAfile=/usr/local/stunnel/etc/stunnel/syslog-ng-server.pem
pempid=/usr/local/stunnel/var/run/stunnel4/stunnel.pid
setuid=stunnel
setgid=stunnel
[514]
accept=127.0.0.1:5140
connect=192.168.0.207:514
同时,修改syslog-ng.conf加入如下两行:
destination logserver{tcp("127.0.0.1")port(514);};
log{source(src);destination(loghost);};
启动syslog-ng程序即可:
#/usr/local/stunnel/sbin/stunnel
#/usr/local/syslog -ng/shin/syslon-ng start
测试
在客户端输入如下代码:
#loger "I love you"
则可以在服务器端看到如下显示:
#more /var/log/syslog|grep I love you
阅读(1203) | 评论(0) | 转发(0) |