mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
53 lines
1.8 KiB
Markdown
53 lines
1.8 KiB
Markdown
---
|
|
name: implementing-syslog-centralization-with-rsyslog
|
|
description: >-
|
|
Configure rsyslog for centralized log collection with TLS encryption, custom templates,
|
|
and log rotation. Generates server and client configuration files with GnuTLS stream
|
|
drivers, x509 certificate authentication, per-host log segregation, and reliable
|
|
queue settings for high-availability syslog infrastructure.
|
|
domain: cybersecurity
|
|
subdomain: security-operations
|
|
tags: [implementing, syslog, centralization, with]
|
|
version: "1.0"
|
|
author: mahipal
|
|
license: Apache-2.0
|
|
---
|
|
|
|
|
|
# Implementing Syslog Centralization with Rsyslog
|
|
|
|
## Instructions
|
|
|
|
1. Install dependencies: `pip install jinja2 paramiko`
|
|
2. Generate TLS certificates for rsyslog server and clients using OpenSSL.
|
|
3. Run the agent to generate rsyslog server and client configurations:
|
|
- Server: TLS listener on port 6514, per-host directory output, JSON-format templates
|
|
- Client: TLS forwarding with disk-assisted queues for reliability
|
|
4. Deploy configurations to servers via SSH (paramiko).
|
|
5. Validate TLS connectivity and log delivery.
|
|
|
|
```bash
|
|
python scripts/agent.py --server-ip 10.0.0.1 --clients 10.0.0.10,10.0.0.11 --ca-cert ca.pem --output syslog_report.json
|
|
```
|
|
|
|
## Examples
|
|
|
|
### Server Configuration (TLS)
|
|
```
|
|
module(load="imtcp" StreamDriver.Name="gtls" StreamDriver.Mode="1"
|
|
StreamDriver.Authmode="x509/name")
|
|
input(type="imtcp" port="6514")
|
|
template(name="PerHostLog" type="string" string="/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log")
|
|
*.* ?PerHostLog
|
|
```
|
|
|
|
### Client Configuration (Reliable Forwarding)
|
|
```
|
|
action(type="omfwd" target="10.0.0.1" port="6514" protocol="tcp"
|
|
StreamDriver="gtls" StreamDriverMode="1"
|
|
StreamDriverAuthMode="x509/name"
|
|
queue.type="LinkedList" queue.filename="fwdRule1"
|
|
queue.maxdiskspace="1g" queue.saveonshutdown="on"
|
|
action.resumeRetryCount="-1")
|
|
```
|