Tuesday, November 29, 2011

How to configure rndc key with chrooted bind on linux?


■ Requirement : Configure rndc key with chrooted bind
■ OS Environment : Linux, RHEL 6.2, Centos
■ Implementation Steps :

1. Edit /etc/rndc.conf and add following lines :

options {
default-server 127.0.0.1;
default-key "rndckey";
};

server 127.0.0.1 {
key "rndckey";
};

key "rndckey" {
algorithm "hmac-md5";
secret "secret key will be placed here";
};

$ cd /var/named/chroot/etc/
$ dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 256 -n HOST rndc

5. Copy the key from private file and put it in /etc/rndc.conf at "secret" line.
6. Create a soft link :

$ln -s /var/named/chroot/etc/rndc.conf /etc/rndc.conf

8. Restart named and check status :

$service named restart

9. Verification : 

$rndc status

Output will look like :

version: 9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.2
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

Tuesday, November 15, 2011

How to rotate sudo log?

■ Requirement : Rotate sudo log messages
■ OS Environment : Linux, RHEL, Centos
■ Assumption : 

  •    sudo log file = /var/log/sudolog
  •    log retention = 90 days

■ Implementation Steps :

1. Edit /etc/sudoers and add following lines :

Defaults !syslog
Defaults logfile = /var/log/sudolog

2. Rotating this log file :

edit /etc/logrotate.d/sudolog and put following :

/var/log/sudolog {
rotate 90
size 5M
postrotate
/usr/bin/killall -HUP syslogd
endscript
}

4. Restart syslogd service :

$service syslogd restart