====== 24.04 Logwatch Install ======

Logwatch is a handy utility that can parse the system logs and send you details of system errors or issues with the server. Lets stick this on and set it up to mail the logs to an email address daily. 

  sudo apt install logwatch

As part of the installation, logwatch will install the postfix mailer which we need to configure on install. We will choose the option '''satellite system'''  

Set the System mail name = your solaris.scottworld.net

For the mail outgoing mail to relay correctly we need to set a '''relayhost''' 
When prompted for the relay host, enter: 

  [ssl0.ovh.net]:465

Next we need to change a few parameters

  sudo nano /etc/postfix/main.cf

Modify the parameters below

<code>
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6



# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = solaris.scottworld.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = solaris.scottworld.net, $myhostname, solaris, localhost.localdomain, localhost
relayhost = [ssl0.ovh.net]:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all

# Added to authentice SMTP with OVH
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Added to re-map senders
sender_canonical_maps = regexp:/etc/postfix/sender_rewrite
</code>

Create a file

  nano /etc/postfix/sasl_passwd

add the host and the account details.
 
  ssl0.ovh.net           root@scottworld.net:password
 
Execute the command (to refresh the password table)

  postmap /etc/postfix/sasl_passwd

===== Alias the sender account if needed by your ISP =====


If you dont have authorisation on your SMTP relay to send mail for the standard sender account (in this case root@scottworld.net) you can alias it.

Now create /etc/postfix/sender_rewrite

  sudo nano /etc/postfix/sender_rewrite

And add the following to allow the replay host to not be rejected as we don't own the address root@scottworld.net (this will alias the outgoing address)

  /.*/      root@scottworld.net

Then run the following to enable the re-write.

  postmap /etc/postfix/sender_rewrite

Restart postfix

  systemctl restart postfix.service

==== Testing ====


You can now test logwatch and the email functionality is working with the following command. 

  logwatch --detail Med --mailto mark@scottworld.net

Monitor email errors with

  tail -f /var/log/mail.log

=== Emailing Tweaks ===


We may want to catch mail errors, so we need to set up a root mailing account and a few mail utilities. We should be good citizens and set this up as it will collect bounced emails. 

  sudo apt-get install mailutils

Install the mutt mail reader 

  sudo apt-get install mutt

Check 'roots' mailbox 

  sudo touch /var/mail/root
  sudo chown root:root /var/mail/root
  mutt -f /var/mail/root

You can test this by sending a mail to root@servername and reading it with mutt.


== Configure Logwatch Daily Reports ==


Create a file 

  /etc/logwatch/conf/logwatch.conf

Add the following

<code>
MailTo = mark@scottworld.net
MailFrom = root@scottworld.net
Detail = Med
Format = text
Range = since 24 hours ago for those hours
Service = All
Service = -audit
</code>

Now we can make some changes to the level of logging for each service

  /etc/logwatch/conf/override.conf

Add this line to tone down the logging

  services/fail2ban: Detail = 0

Add a script for SMARTD error reporting

  /etc/logwatch/conf/services/smartd.conf

Set the following to change the log file and reporting

  LogFile =
  LogFile = syslog

Update the named script to fix issues with gname minimization 

  wget -O /etc/logwatch/scripts/services/named 
  https://sourceforge.net/p/logwatch/git/ci/master/tree/scripts/services/named?format=raw
  sed -i 's/DoLookup/#DoLookup/' /etc/logwatch/scripts/services/named
  sed -i -e '/minimization/s/failure/.*/' /etc/logwatch/scripts/services/named


Update the named script to fix issues with fail2ban loggind 

  wget -O /etc/logwatch/scripts/services/fail2ban 
  https://sourceforge.net/p/logwatch/git/ci/78a2b812cd1ca2b3fb6e8b22d6cf3b4766c75513/tree/scripts/services/fail2ban?format=raw 

Add a script for NAMED error reporting

  /etc/logwatch/conf/services/named.conf

Set the following to change the log file and reporting

  LogFile =
  LogFile = syslog

Add a script for OPENVPN error reporting

  /etc/logwatch/conf/services/openvpn.conf

Set the following to change the log file and reporting

  LogFile =
  LogFile = syslog