Setup Remote Logging on an Ubuntu rsyslog Server for DD-WRT to Use

Wednesday, June 9th, 2021

Setup Remote Logging on an Ubuntu rsyslog Server for DD-WRT to Use

Enable remote logging on an Ubuntu server by configuring rsyslog to allow remote connections from port 514 (adjust as needed):

sudo nano /etc/rsyslog.conf

Uncomment the imudp and imtcp load module statements like so (adjusting as needed):

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

Create a logging template and apply it only to remote hosts that start with "c-" (comcast connection remote host prefix [followed by the IP address of the device which can change])

# Comcast remote logging
$template remote-incoming-logs, "/var/log/remote_logs/%HOSTNAME%/%PROGRAMNAME%.$
if $fromhost startswith "c-" then -?remote-incoming-logs

Save and quit.

Restart the rsyslog daemon:

sudo service rsyslog restart

Remote logs will be stored in /var/log/remote_logs

Configure logrotate to process and rotate these logs automatically (so you don't lose them and have a history on them):

sudo nano /etc/logrotate.d/ddwrt

Paste these contents into the file:

/var/log/remote_logs/*.log /var/log/remote_logs/*/*.log {
    daily
    missingok
    compress
    delaycompress
    su syslog adm
}

Save and quit.

Everything has been configured, and remote logging should work from your DD-WRT router once you set the remote URL to your server's IPAddress:port combo and apply the changed settings.

Disable BIND9 Recursive DNS Queries to Prevent UDP DDOS Flood Attacks

Sunday, January 12th, 2014

Turn Off BIND9 Recursion

By default, BIND9 is configured to allow recursive DNS queries.  This allows others to use your DNS server to query other domains on your server's behalf.  Unfortunately, recursive DNS queries can be used to amplify a UDP flood DDOS attack.  As such, for a shared web hosting environment, it is best to disable recursive DNS queries.  You can disable BIND9 recursion easily by running the following script:

cd ~/Downloads
wget -N "http://dinofly.com/files/linux/disable_bind9_recursion.tar.gz"
tar -zxvf disable_bind9_recursion.tar.gz
sudo bash disable_bind9_recursion.sh

It should work on all versions of Linux but has been tested and works perfectly on Ubuntu.  You may need to change the path used for the BIND config file.