37.1 Preparing the Environment for Event Auditing Service

You must prepare your Linux environment before installing EAS. For example, you must update the kernel SHMMAX parameter to enable PostgreSQL and enable your firewall if you want to forward the syslog file.

  1. To ensure that the Linux system properly returns the hostname, complete the following steps:

    1. In a text editor, open the /etc/hosts file.

    2. In the /etc/hosts file, add the fully qualified domain name (FQDN) of your Linux system to the 127.0.0.1 entry.

      For example, if your Linux system’s FQDN is hostname.example.com, the /etc/hosts file should look similar to this: 

      # IP-Address  Full-Qualified-Hostname  Short-Hostname
127.0.0.1       hostname.example.com hostname 
# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback
fe00::0         ipv6-localnet
ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
10.10.10.10     hostname.example.com hostname

    3. To verify if the hostname is resolved, execute the hostname -f command.

      This command should return the FQDN of your Linux system.

  2. To enable the PostgreSQL database to run on the server, complete the following steps:

    1. In a text editor, open the /etc/sysctl.conf file.

    2. Change the minimum value for the kernel SHMMAX parameter to enable the database.

      For example, on a RHEL 6.x system, enter the following text at the end of the file:

      # for Sentinel Postgresql
kernel.shmmax=1073741824

      NOTE:Your system might require more memory that this minimum value. For more information, see “Managing Kernel Resources” in the PostgreSQL documentation.

    3. To set the parameter, execute the following commands:

      cd /proc/sys/kernel
echo new_val_to_set > shmmax

  3. To forward the syslog file for auditing, complete one of the following steps:

    • When installing EAS, enable the option to configure the firewall for syslog port forwarding.

    • Execute the following command:

      iptables -t nat -A PREROUTING -p udp --destination-port 514 -j REDIRECT --to-ports 1514

    NOTE:If you change the firewall or reboot the server, the entries in the iptables do not persist. To persist the entries in the iptables, consult with your Linux administrator.