Developers Club geek daily blog

1 year, 5 months ago
I had a task: to configure compression of logs of the DNS Unbound server, with a possibility of convenient collecting of these backups in a collector. Also it was required to limit access rights that from a collector it was possible to come only into a directory where backups of logs are stored. Carried out the specified actions on CentOS 7 Minimal and CentOS 6.6 Minimal.

1) At first we create user group for which access only on SFTP will be limited:

groupadd sftpd

2) Further we govern ssh configuration:

vi /etc/ssh/sshd_config

It is required to comment out a line right at the end #Subsystem sftp /usr/libexec/openssh/sftp-server and to limit access for user group of sftpd only on SFTP and only in a house directory. For this purpose it is necessary to add the next lines at the end:

Subsystem sftp internal-sftp
Match group sftpd
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

We reboot ssh:

service sshd restart

3) We create the user of dnslog, we assign to it the house folder and the rights to this folder. The owner has to be root, nobody else should not have the rights to record in this folder, otherwise nothing will turn out:

adduser -d /home/dnslog -s /sbin/nologin dnslog -g sftpd
passwd dnslog

chown root /home/dnslog
chmod 750 /home/dnslog

4) We create the folder, in a house directory of our user for which logrotate will have rights to record.

mkdir /home/dnslog/logs
chown dnslog /home/dnslog/logs
chmod 775 /home/dnslog/logs

Access for a collector is organized, now it is possible to be connected on SFTP and to check that everything works. Further we will configure rotation of logs:

5) We create the file in which settings of rotation of our logs will be stated in folder/etc/logrotate.d/.

vi /etc/logrotate.d/unbound_logrotate

Settings are approximately such:

/var/log/unbound/unbound.log {    
    daily    
    rotate 48
    missingok
    notifempty
    compress
    olddir /home/dnslog/logs
    size 1024M
    postrotate
service rsyslog restart > /dev/null
unbound-control log_reopen #Переоткрываем файл логов, иначе лог не будет писаться после ротации
    endscript
}

Further I determined rotation time through kroner.

6) Added the next line to file/etc/crontab:

23 * * * * root run-parts /etc/cron.hourly

Also we reboot kroner:
service crond restart

Rotation will be performed each hour 23 minutes.

7) In folder/etc/cron.hourly/we create the file with any name where we write a script which will be executed at approach of time of rotation, with such contents:

/usr/sbin/logrotate /etc/logrotate.conf

That's all. Log will automatically develop in folder/home/dnslog/logs/

It is possible to check rotation settings command:

logrotate -d /etc/logrotate.conf


Also, It should be noted that in Unbound there are two methods of maintaining logs: means of Unbound and through syslog. Through syslog — the best method as not so slows down work of Unbound. In the specified example rotation of logs is described by means of Unbound. To configure logging through syslog, it is necessary to include parameter in the configurations of Unbound:
use-syslog: yes

And also to rewrite a little file/etc/logrotate.d/unbound_logrotate
/var/log/messages {
    daily    
    rotate 48
    missingok
    notifempty
    compress
    size 1024M
    olddir /home/dnslog/logs
    create
    postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
chown dnslog /home/dnslog/logs/messages*
chmod 775 /home/dnslog/logs/messages*
    endscript
}

This article is a translation of the original post at habrahabr.ru/post/274539/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus