Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more

["Zeffie" <cobalt-proj@xxxxxxxx>]

> >the logrotaion on the Raq4 is messed up for high traffic sites....
> >logrotate splits the logs and rotates the accessfile and then the sites
file
> >so if a site makes a large "web.log" file during the it gets rotated
too....
> >and webalizer has nothing to work with
>
> As far as I can see, this webalizer/logrotation problem affects the RaQ2
> and RaQ3 as well.

yes.   the stats are all just a little bit diffrent between the Raq2 and
Raq3/4.  The Raq2 has splitlogs broken out of the the logrotate file for
apache.
The Raq3 and Raq4 work the same.

> >if you
> >mv /etc/logrotate.d/apache /etc/logrotate.d/zapache
> >
> >then the sites rotate, the logs split, apache rotates and webalizer has
> >data....
> >
> >you need to do this in onboot too and the catch is that stats are not
> >gennerated for a day....
> >this should be done on new boxes... on old boxes you need to have a
"alizer"
> >and "webalizer" for a day or two to save all stats
> >
> >(I explained this better last time but I'm rushing)


> I think a step-by-step guide would be useful for many users.  I'm not
quite

I will try to do something but I'm not a big webalizer fan......
Myself I only use webalizer for serverwide stats and stats for the gui...
Thats about it....  I like http://awstats.sourceforge.net but it can be a
major pain in the butt to install......


> sure what you're mean about the "alizer" and "webalizer".

I created a file called alizer in /etc/cron.daily/  This file runs the
webalizer versions.... depending on what system your talking about....
mainly it's just a file that runs before anything else in that dir...  (it
starts with a) and it makes sure thes stats run... thats all... oh and it's
a tem use file... after the first run or so it's just spinning it's
wheels...

in some cases cp /etc/cron.daily/webalizer /etc/cron.daily/alizer


> > > No/bad config? Portsentry comes with default configurations set that
> > > most users won't need to change, unless they want to go to 'anal'
> > > mode, or switch things to send to ipchains. For the average user,
> > > there is no config necessary.
> >
> >no they need to turn on routing, or ipchains, or whatever.   and they
need
> >to remove port 143
> >at a minimun
>
> Why do you need to remove port 143?  This is IMAP isn't it?  If you are
> running in advanced TCP mode, do you need to turn it off?

well you don't have to remove it but if your startup is messed up you could
possibly lock out everyone that gets there mail with imap....  huh....
sounds like fun....  anyways....   when all is good it makes a little error
message at startup and I hate error messages and people always ask about.
So I remove it....  Don't need it anyhow....

Zeffie
http://www.zeffie.com/