6/19/2014

[OpenSSL] How to generate CSR and SSL Key



User must be root.
 
Generate Key
  # openssl genrsa -des3 -out server.key 2048
Generate CSR
  # openssl req -new -key server.key -out server.csr
Check CSR
  # openssl req -noout -text -in server.csr
Write password in the key
  # openssl rsa -in server.key -out servera.key

6/04/2014

How to disable dhclient log and rsyncd.log in /var/log/messages on EC2

On Amazon EC2 instances, DHCP client logs are filled with /var/log/messages because EC2 uses DHCP service for getting their IP addresses and by default DHCP client activities are logged in /var/log/messages. I can't track other system activities than DHCP client log, then I disabled the dhcp client logs.


How to disable DHCP Client log

I tested this solution but the result is that no more system activities are logged in /var/log/messages.
So don't use this solution.

1,  Edit /etc/rsyslog.conf
2,  add ';dhclient.none' in the following line and save it.

Before
*.info;mail.none;authpriv.none;cron.none          /var/log/messages

After
*.info;mail.none;authpriv.none;cron.none;dhclient.none          /var/log/messages

3, restart rsyslog
# service rsyslog restart

Notes: I asked the AWS tech support about this, then they also don't know the solution. Their  workaround is to grep /var/log/messages to remove dhclient lines and redirect another text file.
#grep -v dhclient /var/log/messages > /var/log/messages-nodhclient.log

The syslog facility of dhclient is hard coded in the source to "LOG_DAEMON". You can change the setting with "LOG_DAEMON" not to log in /var/log/messages but you'll miss any other "LOG_DAEMON" activities in /var/log/messages. So it's hard to remove only dhclient logs in the /var/log/messages.


How to move rsync logs to xinetd.log

1, Edit /etc/xinetd.conf like following and save it.
Before

       log_type        = SYSLOG daemon info


After

#       log_type        = SYSLOG daemon info
        log_type        = FILE /var/log/xinetd.log


2, Reload xinetd service
#service xinetd reload

3, Add log rotation for xinetd.log
Create log rotate setting for xinetd.log like following
# vi /etc/logrotate.d/xinetd
#=====

/var/log/xinetd.log {
    rotate 10
    daily
    compress
    delaycompress
    missingok
    postrotate
        /bin/kill -HUP `cat /var/run/xinetd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

#=====

4, force log rotate by the following command
#logrotate -f /etc/logrotate.conf