interesting logs

• /var/log/auth.log
• /var/log/ufw.log
• /var/log/apache2/*access.log
• /var/log/apache2/*error.log

tools

lnav - ncurses-based log file viewer

From man: The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as timestamps and log levels

apt install -y lnav

lnav /var/log/auth.log /var/log/ufw.log /var/log/apache2/*access.log

ezservermonitor

Install webapp:

wget https://www.ezservermonitor.com/esm-web/downloads/version/2.5 -O ezservermonitor.zip

Configure in conf/esm.config.json

install

apt-get install ssmtp
apt-get install mailutils

configure

edit /etc/ssmtp/ssmtp.conf:

root=
mailhub=mail.net-c.com:465
hostname=myhost.com
AuthUser=usermail@netc.fr
AuthPass=ENTER-SMTP-PASSWORD-HERE
FromLineOverride=YES
UseTLS=YES

Test

echo "Hello world email body" | mail -s "Test Subject" test@mail.fr

enable/disable

ufw logging on
ufw disable
ufw enable

log file

tail -f /var/log/ufw.log

Print FW rules

ufw status verbose
ufw status numbered

Common rules

Block all INcoming & outgoing trafic

ufw default deny incoming
ufw default deny outgoing

Allow common services

ufw allow out 53 comment 'DNS'
ufw allow out 465 comment 'SMTP'
ufw allow ntp

Allow all INcomming requests on all ports from an @IP range

ufw allow from 192.168.1.0/24

Allow all INcomming requests on all ports from an @IP

ufw allow from XXX.XXX.XXX.XXX

Allow INcomming requests on specific port from an @IP

ufw allow from XXX.XXX.XXX.XXX to any port 80
ufw allow from XXX.XXX.XXX.XXX to any port 3000

For apt and software installation

use that to allow apt, for instance apt install -y lnav:

ufw allow out 80/tcp comment 'allow OUT 80 temporary for apt' && ufw allow out 443/tcp comment 'allow OUT 443 temporary for apt'

remove:

ufw delete allow out 80/tcp && ufw delete allow out 443/tcp

OR:

ufw default allow outgoing

remove:

ufw default deny outgoing

 Reset all rules

ufw reset