I do this infrequently enough that I decided I should really write this down. Below is the quick and dirty way to get the Splunk universal forwarder installed on a new Linux system. Thanks to byteschef for the information used to create this guide.
Download the latest splunk .RPM from their site and install it via RPM -i <filename> (if RedHat based) or dpki -i <filename> if debian based.
Run the following commands as root:
./splunk start --accept-license
./splunk enable boot-start
./splunk add forward-server <IP/hostname of splunk server>:9997 -auth admin:changeme
./splunk add monitor /var/log
./splunk edit user admin -password NEW_PASSWORD -auth admin:changeme
If there are any other directories you want monitored other than /var/log (application logs, for example) then issue:
./splunk add monitor <directory to monitor>
With data breaches as rampant as they are I’ve decided to get more serious about security and implement two factor authentication. Authy is a great way to add this to WordPress, and it’s free (or at least most of its features are.) This information comes from their blog.
- Install the Authy plugin from here
- Create an account at https://dashboard.authy.com
- Add an application for your blog to the Authy dashboard and copy the API key given to you
- Activate the Authy wordpress plugin, go into settings and paste in the API key
- Activate two factor authentication for your user by mousing over the top right corner and selcting “Edit my profile”, scroll down to the bottom, and click “Enable/Disable Authy”
When I did this I had forgotten that I had a different login plugin running – Login Lockdown. With both these enabled I could no longer log in! There was some sort of conflict between the two plugins. I had to disable both plugins by following this guide.
- Navigate to your wordpress directory and go to wp-content/plugins
- Rename the offending plugin directory to something like pluginname-disabled
- Log into WordPress and go to your plugins page, it will generate an error
- Now that you’re logged in, you can rename those folders back to their original name to either re-activate or delete those plugins.
Now you are much more secure. Even if someone has your password they will not be able to log in unless they also have your phone.