CentOS7 Linux alap konfiguráció

Ahol sok virtuális gépet használunk, célszerű egy jól felkonfigurált template gépet telepíteni, amit másolva csak a specifikus beállításokat kell elvégezni.

CentOS7 esetén az alábbi alap Linux konfigurációt szoktam elvégezni:

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Alapcsomagok

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>yum install epel-release

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>yum install mc less openssh-server nano telnet net-tools wget curl nload subversion  screen

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Kernel konfigurácó

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/sysctl.d/kerneltuning.conf

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>vm.swappiness = 10

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>net.core.somaxconn = 2048

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>net.ipv4.tcp_max_syn_backlog = 512

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>net.ipv4.ip_forward = 1

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>net.ipv4.tcp_tw_reuse = 1

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>net.ipv4.tcp_tw_recycle = 1

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>net.ipv4.tcp_fin_timeout = 30

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Tmp mount

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/fstab

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>tmpfs   /tmp tmpfs     defaults,nodev,noexec,nosuid,noatime     0 0

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Helyi hálózat

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl disable NetworkManager

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/sysconfig/network-scripts/ifcfg-eth1

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>DEVICE=eth1

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>BOOTPROTO=none

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>ONBOOT=yes

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>TYPE=Ethernet

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Ipaddr=192.168.10.251

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Prefix=24

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>DEFROUTE=yes

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>IPV4_FAILURE_FATAL=no

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>IPV6INIT=no

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>NAME=\"System eth1\"

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>ZONE=dmz

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Gateway=192.168.10.254


<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/sysconfig/network-scripts/ifcfg-eth2

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>DEVICE=eth2

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>BOOTPROTO=none

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>ONBOOT=yes

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>TYPE=Ethernet

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Ipaddr=192.168.11.251

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Prefix=24

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>DEFROUTE=yes

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>IPV4_FAILURE_FATAL=no

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>IPV6INIT=no

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>NAME=\"System eth2\"

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>ZONE=internal

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Hostname

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/sysconfig/network

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Hostname

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/hosts

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>fqdn

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Mail

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/postfix/main.cf

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>myhostname

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>relayhost = mailrelay.local

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/aliases

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>root: admin@organization

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>newaliases

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>NTP

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>yum install ntp ntpdate

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl enable ntpd

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl disable chronyd

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl restart ntpd

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Selinux

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/sysconfig/selinux

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>SELINUX=permissive

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Yum-cron

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>yum install yum-cron

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/yum/yum-cron.conf

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>update_cmd = security

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>apply_updates = yes

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl enable yum-cron

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Fail2ban

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'> yum install fail2ban

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl enable fail2ban

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>/etc/fail2ban/jail.d/01-ssh.conf

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>[default]

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'># Ban hosts for one hour:

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>bantime = 3600

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'># Override /etc/fail2ban/jail.d/00-firewalld.conf:

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>banaction = iptables-multiport

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>[sshd]

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>enabled = true

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl restart fail2ban

<h4 dir='\"ltr\"' justify;\"="" style='\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:'>Firewall

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl enable firewalld

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>firewall-cmd --zone=public --change-interface=eth0

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>firewall-cmd --zone=dmz --change-interface=eth1

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>firewall-cmd --zone=internal --change-interface=eth2

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>firewall-cmd --reload

<h4 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-right:'>Monitoring

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>Zabbix agent

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>rpm -Uvh http://repo.zabbix.com/zabbix/2.4/rhel/7/x86_64/zabbix-release-2.4-1.el7.noarch.rpm

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>yum install zabbix-agent zabbix-sender

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'>systemctl enable zabbix-agent

<h4 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-right:'>Syslog-ng

<h4 dir='\"\"ltr\"\"' justify;\\"='\"\"' style='\"\"line-height:1.38;margin-top:14pt;margin-bottom:4pt;text-align:\"'><p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'><span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">yum install syslog-ng

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'><span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">systemctl enable syslog-ng

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'><span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">/etc/syslog-ng/syslog-ng.conf

<p 8pt;margin-right:="" 8pt;text-align:="" dir='\"ltr\"' justify;\"="" style='\"line-height:1.2;margin-top:8pt;margin-bottom:8pt;margin-left:'><span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">...

<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">destination logserver { tcp(\"logcenter.local\" port(514) ); };<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">
<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">log { source(s_sys); destination(logserver); };<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">
<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">
<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">filter f_iptables   { facility(kern) and message(\"IN=\") and message(\"OUT=\"); };<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">
<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">destination firewall { file(\"/var/log/firewall\" suppress(30)); };<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">
<span 11pt;="" 155);="" 155,="" arial;="" background-color:="" baseline;="" color:="" font-family:="" font-variant-east-asian:="" font-variant-numeric:="" normal;="" pre-wrap;\"="" rgb(160,="" style='\"font-size:' transparent;="" vertical-align:="" white-space:="">log { source(s_sys); filter(f_iptables); destination(firewall); };