Skip to main content

Documentation Portal

Other config
Kernel logs

Virtual consoles are directly connected to the kernel's console output system. When you're logged into tty1-tty6, you're using a console device that the kernel treats as its primary output channel, causing kernel logs to be printed in your console.

To show the current settings: cat /proc/sys/kernel/printk

The kernel assigns every message a priority level (0-7). Kernel log levels: 0 = EMERG; 1 = ALERT; 2 = CRIT; 3 = ERR (error conditions); 4 = WARNING; 5 = NOTICE; 6 = INFO; 7 = DEBUG

To update the settings to only print errors (prio level 3) or higher: sysctl -w kernel.printk="3 4 1 7"

SSH root access

During the installation you can choose to enable SSH root access. If during installation this access was not enabled it can be enabled as follows:

  • Open the SSH config: vi /etc/ssh/sshd_config.

  • Make sure "PermitRootLogin" is not commented out and set to "yes".

  • Make sure "PasswordAuthentication" is not commented out and set to "yes".

  • After making changes to this config file restart the ssh daemon: systemctl restart sshd.

Tip

Connect to your VM via SSH (e.g. Putty) to be able to copy-paste commands.

Additional firewall rules

The TrendMiner appliance server controls the packet filtering rules of the Linux kernel using iptables. By default, only icmp, ssh (tcp/22), http(s) (tcp/80, tcp/443) and port 8080 are allowed.

In case you are running a deployment on singlenode you have the ability to install additional firewall rules, for agents allowing to monitor the Server or a inventory for instance

To provide flexibility in managing firewall rules, TrendMiner created a default file located at /etc/nftables/custom.nft. 

This will allow you to add your own custom firewall rules without modifying the core configuration files.

All ports not known to TrendMiner are blocked by default no incoming traffic is allowed unless explicitly permitted by a rule.

To install the a new rule, follow this procedure below:

  1. Open the custom rules file: To add a rule, first open the /etc/nftables/custom.nft file in your preferred text editor. You may need root privileges to edit this file:

# vi /etc/nftables/custom.nft 

 

2. Add your custom rules: Add your rules directly in this file. For example, if you want to allow incoming traffic on port 9000, you can add the following rule:

tcp dport 9000 ct state new accept

 

3. Save and exit: After adding your rules, save the file and exit the text editor.

4. Restart nftables rules: For the changes to take effect, reload the nftables rules with the following command:

# systemctl restart nftables.service

 

Best Practices:

  • Minimal exposure: Only open the ports that are absolutely necessary. This minimizes the attack surface and helps maintain a secure environment.

  • Regular review: Periodically review the ports you have opened to ensure they are still required, and close any that are no longer in use.

  • Avoid conflicting rules: Ensure that the rules you add do not conflict with existing default rules..

In this section: