Filter Ansible logs on CentOS 7
Posted in Operating Systems, Linux, Red Hat, Tips, CentOS on Tuesday, April 18, 2017 by cam
CentOS 7 and Redhat 7 seem to love shoving logs into /var/log/messages and if you run ansible in-house then it generates a lot of noise and if you run Splunk or ELK then getting your logs ‘just right’ is important to O.C.D type levels!
To send your ansible generated logs to /var/log/ansible.log perform the following:
Create the file /etc/rsyslog.d/ansible.conf
if ( $programname contains "ansible" ) then /var/log/ansible.log & stop
and if you are creating log files you will want to manage those log files too!
Create the file /etc/logrotate.d/ansible
/var/log/ansible.log {
notifempty
weekly
rotate 4
missingok
compress
}
And restart / reload rsyslog
service rsyslog restart
Using OpenSCAP to scan and harden your servers
Posted in Operating Systems, Linux, Security, Tools, Tips on Friday, January 20, 2017 by cam
Determine which profile you want to use: oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml replacing the –profile line as required.
Perform a scan:
oscap xccdf eval --report report.html --profile xccdf_org.ssgproject.content_profile_CS2 /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Apply a remediation:
oscap xccdf eval --remediate --report report.html --profile xccdf_org.ssgproject.content_profile_CS2 /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml