Fedora
Contingut
SELinux
Encrypt User home folder
# yum install keyutils ecryptfs-utils pam_mount
# authconfig --enableecryptfs --updateall # usermod -aG ecryptfs USER # ecryptfs-migrate-home -u USER # su - USER $ ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase (write this down for safe keeping) $ ecryptfs-insert-wrapped-passphrase-into-keyring ~/.ecryptfs/wrapped-passphrase
List manually installed packages
First install
yum install yum-utils
then
yumdb search command_line "*install*" | grep command_line | sort | uniq
or
yumdb search reason user
Centos Almalinux
dnf history userinstalled
List all installed:
dnf list installed
History:
dnf history list
Configure automatic security updates
sudo yum --security upgrade # Or, alternatively sudo yum --security upgrade-minimal
- Install yum-cron
sudo yum install yum-cron
- Configure yum-cron
sudo vim /etc/yum/yum-cron.conf
update_cmd = security apply_updates = yes email_from = root@subcube2... email_to = admin@dafy..
sudo systemctl status yum-cron sudo systemctl enable yum-cron # Or "restart" if already started sudo systemctl start yum-cron
https://serversforhackers.com/video/automatic-security-updates-centos
Alternative (for new CentOS/Fedora/Alma versions)
dnf install dnf-automatic vim /etc/dnf/automatic.conf apply_updates=yes upgrade_type=security email_from = ... systemctl enable --now dnf-automatic.timer
From <https://linuxiac.com/how-to-set-up-automatic-updates-on-rocky-linux-almalinux/>
https://fedoraproject.org/wiki/AutoUpdates
Ubuntu
Ubuntu#Configure_automatic_security_updates
Syslog
/var/log/cron - the cron log file /var/log/messages - the messages log file /var/log/secure - the secure log file /var/log/Xorg.0.log - the Xorg.0.log log file
and much more ....
On Fedora 20+, we use journalctl by default. Regular files such as /var/log/messages are no longer available by default. Of course, you can install rsyslog and journalctl will generate them for you if you want. journalctl itself has many many options. For example, you can filter the log based on different criteria. You can view the current or previous boot logs using the -b flag. Here are some examples from man journalctl (Please read the man page for more detailed information on the available options):
Without arguments, all collected logs are shown unfiltered:
journalctl
With one match specified, all entries with a field matching the expression are shown:
journalctl _SYSTEMD_UNIT=avahi-daemon.service
If two different fields are matched, only entries matching both expressions at the same time are shown:
journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097
If two matches refer to the same field, all entries matching either expression are shown:
journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service
If the separator "+" is used, two expressions may be combined in a logical OR. The following will show all messages from the Avahi service process with the PID 28097 plus all messages from the D-Bus service (from any of its processes):
journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service
Show all logs generated by the D-Bus executable:
journalctl /usr/bin/dbus-daemon
Show all logs of the kernel device node /dev/sda:
journalctl /dev/sda
Show all kernel logs from previous boot:
journalctl -k -b -1
There's also the new gnome-logs package in Fedora that's a frontend to journalctl but it looks like it's only available in F21+
Info: https://ask.fedoraproject.org/en/question/9299/sticky-how-do-i-view-logs-on-fedora/
Journald
The config is on /etc/systemd/journald.conf
If you also store the log to the log folder using rsyslog, maybe you want to limit the amount of journal to keep in journald:
SystemMaxUse=100M
Rsyslog
I think it's not installed by default. I creates the log files reading info from Journald and other places.
Config is in /etc/rsyslog.conf
