Last active
February 17, 2025 18:57
-
-
Save felipou/78c2f366218159576b31207c3009dc3b to your computer and use it in GitHub Desktop.
setup_traffic_logging.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ############################################################################### | |
| # WARNING: Review this script carefully before running! | |
| # | |
| # - This script was created and tested on **Ubuntu Server 24.04 (Noble)**. | |
| # It should work on other systems using UFW, rsyslog, and AppArmor, | |
| # but may require minor modifications. | |
| # | |
| # - **Purpose**: This script configures UFW to log all traffic for later analysis | |
| # by changing the log file location and ensuring proper permissions. | |
| # | |
| # - **Be cautious with firewall rules!** | |
| # - Ensure you need all the listed ports open. | |
| # - **Double-check the SSH port (default is 22).** If your SSH port is different, | |
| # update the script accordingly to avoid getting locked out. | |
| # | |
| # - **Logging ALL traffic can generate large log files!** | |
| # - The log file (`/data/log/ufw.log`) may grow quickly, depending on traffic. | |
| # - Consider setting up **log rotation** (`logrotate`) to manage disk usage. | |
| # | |
| # - Created with the help of ChatGPT, for formatting and comments mostly. | |
| # | |
| ############################################################################### | |
| # Allow SSH traffic (port 22). Modify if using a different SSH port. | |
| ufw allow 22/tcp | |
| # Allow other ports you may need here | |
| # ufw allow 80/tcp | |
| # ufw allow 443/tcp | |
| # ufw allow 8080/tcp | |
| # Enable full logging for UFW (logs all incoming and outgoing connections) | |
| ufw logging full | |
| # Modify UFW logging path in rsyslog configuration | |
| sed -i 's|/var/log/ufw.log|/data/log/ufw.log|' /etc/rsyslog.d/20-ufw.conf | |
| # Uncomment the "& stop" line to prevent duplicate logging. | |
| # This ensures that after rsyslog handles UFW logs, they are not processed | |
| # by other logging rules that could send them elsewhere. | |
| sed -i 's|^#\(& stop\)|\1|' /etc/rsyslog.d/20-ufw.conf | |
| # Restart rsyslog to apply the changes | |
| systemctl restart rsyslog | |
| # Allow AppArmor to write to the new UFW log location | |
| echo "/data/log/ufw.log w," >> /etc/apparmor.d/local/usr.sbin.rsyslogd | |
| systemctl restart apparmor.service | |
| # Ensure the new log directory exists and has the correct permissions | |
| mkdir -p /data/log | |
| touch /data/log/ufw.log | |
| chown syslog:syslog /data/log/ufw.log | |
| chmod g+w /data/log/ufw.log | |
| # Enable UFW with the configured rules | |
| ufw enable | |
| ############################################################################### | |
| # OPTIONAL: Set up log rotation for UFW logs to prevent excessive disk usage. | |
| # Example logrotate config (/etc/logrotate.d/ufw-custom): | |
| # | |
| # /data/log/ufw.log { | |
| # daily | |
| # rotate 7 | |
| # compress | |
| # missingok | |
| # notifempty | |
| # create 640 syslog adm | |
| # } | |
| # | |
| # Adjust the rotation policy based on available disk space and logging needs. | |
| ############################################################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment