VMWare automatic TOOLS update / Install issues on Guest #linux-host

Update 04/07/2025 :
VMWare keeps having issues under debian after updates with VMWARE Tools.
You can download it here for each client os if needed:

https://packages.vmware.com/tools/esx/latest/
------------------------------------------------------------

There is a simple solution if you cannot install the needed VMWare tools for shared folders, shared clipboard and improved speed and compatibility from the latest VMWare Workstation Pro.
Make sure that you have the latest VMWARE PRO and VMWare OpenVM Tools installed...

$ sudo apt-get install open-vm-tools-desktop
$ vmware -v

 

Then you make sure that your virtual machines CD rom / sata and all is in working order. Remove Floppy drive if needed. Remove CD / DVD if needed and READD it.

Launch VM. Selon your operating system, you simply download the necessary ISO from here, !!! inside the VM !!!:

https://packages.vmware.com/tools/releases/latest/

In Windows, it is easy. Double Click the ISO downloaded, launch setup.exe and follow the install. I preferably would install the full package.

Here you go, installing the latest VMWare Tools when the Workstations pro fails. 

 

_dnhyper

 

 

 

 

 

Install VMWARE on Debian Bookworm

Since VMWare is free, it is a good thing to go ahead and start learning it for your labs. I have been using Oracle Virtualbox forever and while I always can work around compatibility issues, running into constant hickups is normal. Right now, there is an issue of windows server recognizing virtual disks to create storage pool, because VBOX is not creating different friendlynames and disk names for disks so if two or 10 disks have the same friendlyname and the same identification name, despite the different volume IDs and different uids, ms win server cannot recognize them as two separate disks for storage pools. Anyways. This is why VMWARE can be a good alternative, maybe more complicated and complex, but better:

Firsts of all you update and upgrade everything:

$ sudo apt update -y && sudo apt upgrade -y

Then you download the VMWARE from here for exempe:

• https://softwareupdate.vmware.com/cds/vmw-desktop/ws/17.6.1/24319023/ 

$ wget https://softwareupdate.vmware.com/cds/vmw-desktop/ws/17.6.1/24319023/linux/core/VMware-Workstation-17.6.1-24319023.x86_64.bundle.tar

Untar

$ tar -xvf VMware-Workstation-17.6.1-24319023.x86_64.bundle.tar

You make it executable:

$ chmod 766 VMware-Workstation-17.6.1-24319023.x86_64.bundle

Execute: 

$ /home/'Username'/Downloads/VMware-Workstation-17.6.1-24319023.x86_64.bundle

Build Modules

$ /usr/bin/vmware-modconfig --console --install-all
# It will look like this

 $ /usr/bin/vmware-modconfig --console --install-all
XDG_RUNTIME_DIR (/run/user/1000) is not owned by us (uid 0), but by uid 1000! (This could e.g. happen if you try to connect to a non-root PulseAudio as a root user, over the native protocol. Don't do that.)
XDG_RUNTIME_DIR (/run/user/1000) is not owned by us (uid 0), but by uid 1000! (This could e.g. happen if you try to connect to a non-root PulseAudio as a root user, over the native protocol. Don't do that.)
[AppLoader] Use shipped Linux kernel AIO access library.
An up-to-date "libaio" or "libaio1" package from your system is preferred.
[AppLoader] GLib does not have GSettings support.
Stopping VMware services:
   VMware Authentication Daemon                                        done
   Virtual machine monitor                                             done
make: Entering directory '/tmp/modconfig-bA4AXU/vmmon-only'
Using kernel build system.
/usr/bin/make -C /lib/modules/6.1.0-27-amd64/build/include/.. M=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory '/usr/src/linux-headers-6.1.0-27-amd64'
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/linux/driver.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/linux/driverLog.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/linux/hostif.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/apic.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/comport.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/cpuid.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/crosspage.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/memtrack.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/moduleloop.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/phystrack.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/sharedAreaVmmon.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/statVarsVmmon.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/task.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/common/vmx86.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/bootstrap/bootstrap.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/bootstrap/monLoader.o
/tmp/modconfig-bA4AXU/vmmon-only/common/phystrack.o: warning: objtool: PhysTrack_Free() falls through to next function PhysTrack_Add()
/tmp/modconfig-bA4AXU/vmmon-only/common/phystrack.o: warning: objtool: PhysTrack_Add() falls through to next function PhysTrack_Remove()
/tmp/modconfig-bA4AXU/vmmon-only/common/phystrack.o: warning: objtool: PhysTrack_Remove() falls through to next function PhysTrack_Test()
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/bootstrap/monLoaderVmmon.o
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/bootstrap/vmmblob.o
/tmp/modconfig-bA4AXU/vmmon-only/common/task.o: warning: objtool: .text: unexpected end of section
  LD [M]  /tmp/modconfig-bA4AXU/vmmon-only/vmmon.o
  MODPOST /tmp/modconfig-bA4AXU/vmmon-only/Module.symvers
  CC [M]  /tmp/modconfig-bA4AXU/vmmon-only/vmmon.mod.o
  LD [M]  /tmp/modconfig-bA4AXU/vmmon-only/vmmon.ko
  BTF [M] /tmp/modconfig-bA4AXU/vmmon-only/vmmon.ko
Skipping BTF generation for /tmp/modconfig-bA4AXU/vmmon-only/vmmon.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/linux-headers-6.1.0-27-amd64'
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory '/tmp/modconfig-bA4AXU/vmmon-only'
make[1]: 'postbuild' is up to date.
make[1]: Leaving directory '/tmp/modconfig-bA4AXU/vmmon-only'
cp -f vmmon.ko ./../vmmon.o
make: Leaving directory '/tmp/modconfig-bA4AXU/vmmon-only'
make: Entering directory '/tmp/modconfig-bA4AXU/vmnet-only'
Using kernel build system.
/usr/bin/make -C /lib/modules/6.1.0-27-amd64/build/include/.. M=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory '/usr/src/linux-headers-6.1.0-27-amd64'
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/driver.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/hub.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/userif.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/netif.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/bridge.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/procfs.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/smac_compat.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/smac.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/vnetEvent.o
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/vnetUserListener.o
/tmp/modconfig-bA4AXU/vmnet-only/userif.o: warning: objtool: VNetCsumCopyDatagram+0x57: call to csum_partial_copy_nocheck() with UACCESS enabled
  LD [M]  /tmp/modconfig-bA4AXU/vmnet-only/vmnet.o
  MODPOST /tmp/modconfig-bA4AXU/vmnet-only/Module.symvers
  CC [M]  /tmp/modconfig-bA4AXU/vmnet-only/vmnet.mod.o
  LD [M]  /tmp/modconfig-bA4AXU/vmnet-only/vmnet.ko
  BTF [M] /tmp/modconfig-bA4AXU/vmnet-only/vmnet.ko
Skipping BTF generation for /tmp/modconfig-bA4AXU/vmnet-only/vmnet.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/linux-headers-6.1.0-27-amd64'
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory '/tmp/modconfig-bA4AXU/vmnet-only'
make[1]: 'postbuild' is up to date.
make[1]: Leaving directory '/tmp/modconfig-bA4AXU/vmnet-only'
cp -f vmnet.ko ./../vmnet.o
make: Leaving directory '/tmp/modconfig-bA4AXU/vmnet-only'
Starting VMware services:
   Virtual machine monitor                                             done
   Virtual machine communication interface                             done
   VM communication interface socket family                            done
   Virtual ethernet                                                    done
   VMware Authentication Daemon                                        done
   Shared Memory Available                                             done

Run VMWARE from your main menu...

_dnhyper

Long Term Ubuntu 24.04 LTS review

Let's start with my rig. I have a very basic work set up with a Ryzen 5 5600G, an asrock AM-B650 AM4, 32gigs of G skill DDR4 and a Samsung EVO 970 Gen3 512.
I installed ubuntu 4 months ago as my base OS.

Because of the small base HDD, what is actually still very much enough for me, as I filled it up only till like 200gigs, I did not use installation security partitioning, so home, var, etc are all on the same base partition. 

I started having little glitches the moment I started using multiple work-spaces and hot corners. Sometimes this resulted in just image freezing for maybe 20 second, then logging me out, sometimes completely rebooting. My system is always up to date. My major activity on the PC is learning and testing. Virtual box, Boxes, software testing, and some basic video editing. I monitor my PCs temp, so I never actually really go over 60°C and most of the time it stays well under 50°C.  

Anyways, I happened to still succeed in crashing Ubuntu in multiple instances weekly when trying out something new. I think that the harmony between packages and package-managers are not that sound. There are can .deb or .appimage files that you download from the internet, you can use apt as a package manager, flatpak and snap as package manager systems. If you did not find still whatever you need you could still install yum, dnf and npm. The mix and match, forgotten updates or forgotten type of installs create a kind of a mess. The ease of use time to time makes you forget about future stability.
One advice. If you wanted to keep your ubuntu pristine, stick to APT, .deb downloads and compiling from source. Don't use snap and flatpak if you can avoid and add safe a and secure apt repositories so you can enlarge your updates for your downloads. 

Finally, I messed up something while playing around with drivers and installation of Openshot and OBS. This sounds very basic, but at the end the GDM3 failed so miserably that I could not stand up the system. Gnome Display Manager - GDM3 error.
After succeeding downloading the best packages and installing them for me for proper OBS and Openshot use, I did a reboot and boom. GDM3 failed.
I did the necessary to make the system stand up, but before the CLI was shutdown too, I made a quick boot USB-key for debian net-install from command line. Non of this is easy as my internet is a usb-tethered 4g+ one right now, so when ubuntu shuts down my connection, I have to rewrite my netplan yum file as the name of my driver changes every time.

I like challenges so I played around with my CLI for like 8hours. I one by one uninstalled all packages and removed all GNOME related stuff. Everything. I uninstalled all software. I mean all and everything. No libreoffice, thunderbird, like nothing. I uninstalled system software like open-ssh client and server, ufw, rkhunter, all. Then did a reboot, system health and memory check from cli.

$ sudo apt-get install --reinstall linux-image-$(uname -r)

$ sudo apt-get install --reinstall linux-headers-$(uname -r)

$ sudo update-grub

I tried installing lightdm first, but did not work, so reinstalled "gnome everything" with all AMD drivers for my VEGA. Nothing. GDM3 error. 

Then I repeated the process by trying to use KDE instead of gnome, but that made a mass too. Anyway, I had fun in trying out saving my system and learnt a lot. 

One thing to take away from this experience. Basically if the kernel is not compromised, nearly every time you can have a CLI. If you had a CLI, your data is not lost. Probably if I went deeper in error analysing and checking the logs for more info, it would have been possible to make my system stand up, but after 8hours of checking back and forth my phone, I had enough and just installed Debian as my next, future proof OS. Will see how long it will last. I have very little important data and I store most of that in txt files and back that up on my dropbox and proton cloud so I am not worried about testing out new linux distros as my main os. I am running the latest Fedora on my laptop too and as I do little fidgeting on it, it stays very stable and fast, but with ton of updates. Will see, but I am keen to try Manjaro as I heard a lot of good stuff about it too.

BASIC Linux Security Audit P03 - Limit virtual console root access

VIRTUAL CONSOLES (TTY - TeleTypeWriter)

When starting linux, we can access 7 virtual consoles by using the key combinations. That is done on the login screen, without and before logging in.

       $ Ctrl-Alt Fn (F1, F2, F3)
       

The config of these are in:  { Config --> /etc/pam.d/ }
    
    $ grep "^[^#;]" /etc/pam.d/login
        # in the auth(entication) section we can see 3 modules
            - pam_securetty.so
            - system-auth
            - postlogin
    

EMPTY THIS FILE:

    $ echo /etc/securetty

Possible root login -> /etc/securetty        
        # by emptying this file, we un-authorize root to connect directly to any virtual consoles
        # however, we can still connect with another user, then pass '$ su' to get to root
        # this is again just a little slowing down of attacks         

CHANGE Min Time between failed passwd attempts:

    $ nano /etc/pam.d/system-auth
        auth        required      pam_faildelay.so delay=2000000

                # time delay of unsuccessful logins
                # add a 0, so instead of 2 sec, it would be 20
                # this will slow down dictionary-attack-robots drastically

BASIC Linux Security Audit P02 - Kernel Modules / Memory Access

DEFAULT KERNEL OPTIONS

With this command we can check the boot loader options. It offers normally two kernel load types, one classic and one secure load and some of the options coming with it:

    $ grep linuz /boot/grub2/grub.cfg | head -1
    $ cat /etc/default/grub    
    Options:
        - rhgb  = graphical screen
        - quiet = hide most of the messages
        - LVM Partitionning
        - language and encoding

 

============================================================   

PROTECT THE MEMORY FROM SYSTEM PERIPHERAL ACCESS

• Memory Isolation: IOMMU ensures that peripheral devices cannot access arbitrary areas of system memory, which is crucial for maintaining data integrity and security.

• Protection Against DMA Attacks: Direct Memory Access (DMA) attacks exploit the ability of devices to read/write directly to memory. Without IOMMU, a malicious device could potentially read sensitive data or inject malicious code. IOMMU restricts this capability.

• Virtualization Security: In virtualized environments, IOMMU is critical for assigning devices to virtual machines securely, preventing them from accessing memory outside their allocated spaces.

    $ nano /etc/default/grub    

        -----------------------------------
        GRUB_TIMEOUT=5
        GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
        GRUB_DEFAULT=saved
        GRUB_DISABLE_SUBMENU=true
        GRUB_TERMINAL_OUTPUT="console"
        GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos_file-s/root rd.lvm.lv=centos_file-s/swap rhgb quiet"
        GRUB_DISABLE_RECOVERY="true"
        -----------------------------------
        # add this "iommu=force" (Input-Output Memory Management Unit):
        GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos_file-s/root rd.lvm.lv=centos_file-s/swap rhgb quiet iommu=force"  

 
================================================

SUPPLEMENTARY BLOCKAGE OF MODULE LOADING

Prevention of Malicious Modules: By disabling the loading of new kernel modules, you prevent attackers from injecting malicious modules into the kernel. These modules could be used to execute arbitrary code, escalate privileges, or conceal malicious activities (rootkits).

System Integrity: Ensuring that only the necessary and verified modules are loaded at boot time helps maintain the integrity of the operating system. Disabling module loading reduces the attack surface.

Compliance and Control: For systems that require strict compliance with security policies (e.g., PCI-DSS, HIPAA), having the ability to disable module loading helps enforce these policies and control the system environment more tightly.

    $ sysctl kernel.modules_disabled
        # this will show us the actual state of module access
        # kernel.modules_disabled = 0    -> it is zero, meaning accessible
    
    $ sysctl -w kernel.modules_disabled=1
        # this command will disable it for the current instance
        # it will be though put back to zero and active after reboot
        
    $ echo "kernel.modules_disabled = 1" >> /etc/sysctl.conf
    $ nano /etc/sysctl.conf
        add : kernel.modules_disabled = 1

NOTE: This may prevent certain updates of the kernel itself, kernel modules, hardware drivers and so. Temporarily these can be disabled, for updates and upgrades. As it affects only "new" modules", disabling it will not remove the loading of already installed and updated components. Yes, set it to zero, do your updates and upgrades. Reboot, set it back to 1, reboot. Off you go.

BASIC Linux Security Audit P01 - Grub Access

There are some very basic security ideas that can be easily implemented into linux-servers through the command line for initial security. These are so basic, that are mostly overlooked from new comers. Like the 7 accessible virtual consoles, just before we login, or even before, the grub boot-loader or the actual bios. You cannot lock these down actually, cause often a server for instance is remote, so after boot, you wouldn't be able to access it, unless someone physically bypasses the bios and grub passwd. Anyways, let's get started. 

============================================

SECURITY GOALS:

    - minimalism
    - least privileges possible
    - profound defense

1) Minimalism

    - Reduce attack surface
    - Reduce number of components (like unwanted installed software or services - remove them)
        ( this will also reduce unwanted updates and upgrades, reduce network congestion and compatibility issues)
    - Easy and effective supervision
    

2) Least Privileges

    - To make sure that there are no extra privileges and access for unwanted personal
    - To avoid toxic mishaps, unwanted actions and deleting, and to avoid others taking control
    

3) Profound Defense

    - Slow down the attackers
    - Intrusion Detection
        # Network Separation           
        # Obliged Manual Auth for all privileged actions
        # Tracking procedure - centralized and secured (to see who did when, what, why, how...)
        # Enclosure of exposed-processes
        # updated components (firmware and drivers time to time, but software, services, security features for sure)

==========================================

For this Article I used CentOS but you can also use Fedora Server or better, Rocky Linux Server, as CentOS is over and out. 

SECURITY of BOOTLOADER = Grub, KERNEL and DYNAMIC KERNEL MODULES

GRUB  - Grand Unified Bootloader
    (When our OS starts, we choose normal or secure boot mode, but using 'c' or 'tab' we can get into the grub terminal too and could do harmful actions if wanted. We must protect this Boot menu)

           
/boot/grub2/grub.cfg - principal bootloader file
etc/grub.d/ - updated dynamically from this space        
    # files in this directory should be accessible only for root !!!

    01-users   # contain info auth. what protects the shell access
    Use these commands to add new superuser for shell-use
        $ grub2-mkpasswd-pbkdf2    # passwd generator
                                   # copy the passwd to clipboard
        $ nano /etc/grub.d/01_users
            # add these lines to the file
            set superusers="admin"       
            password_pbkdf2 admin grub.pbkdf2.sha512.10000.5D.....

                The 01-users should look sg like this 
                        --------------------------------------
                        #!/bin/sh -e
                        cat << EOF
                        if [ -f \${prefix}/user.cfg ]; then
                          source \${prefix}/user.cfg
                          if [ -n "\${GRUB2_PASSWORD}" ]; then
                            set superusers="root admin"
                            export superusers
                            password_pbkdf2 root \${GRUB2_PASSWORD}
                            password_pbkdf2 admin grub.pbkdf2...
                          fi
                        fi
                        EOF
                        --------------------------------------
        $ grub2-mkconfig -o /boot/grub2/grub.cfg
        # to apply changes for next grub load

_dnhyper

DNS SETUP on UBUNTU 24.04

In Kali / Debian, old Ubuntu, we used to edit /etc/network(ing)/interfaces where we could simply change ip to static, add default gateway, change net-mask and so. Then in /etc/resolve.conf we just added two nameservers from openDNS. That was it. 

In Ubuntu, the IfUP/ifDOWN network manager got changed by the Netplan service and our precious stuff is all over the place. I recently worked a lot with non gui, ubuntu server, but just yesterday, I installed the latest 24.04 ubuntu as my main OS and it is again different. 

/etc/resolve.conf is maintained, but is a symlink, for apps that still use it. Same for stub-resolve.conf

So first of all, if we wanted to get our own DNS servers going, we kind of must disable DHCP as it provides DNS too. Static IP will be needed. However, as I started with a clean install of the Ubuntu, it just got set up all on it's own, no questions asked. I thought just like in ubuntu-server I can get my 00-netcfg.yaml modified and that is it. No !!!
We must create one, actually. 

nano /etc/netplan/01-netcfg.yaml
------------------------------------------------------------------

network:        
     version: 2                    # use of Netplan version 2
     renderer: networkd            # system service provided by systemd
     ethernets:                    # ethernet config
       enp0s3:                     # 'enp0s3' interface config
          addresses:               
            - 192.168.1.40/24      # IP address and subnet mask
          routes:                    
            - to: default          # gateway default   
            via: 192.168.1.254     #router ip
          nameservers:             # DNS
            addresses: [208.67.222.222,208.67.220.220]

------------------------------------------------------------------
save & exit

After applying this, still, my DNS was coming from DHCP. So I checked 50-cloud-init.yaml in the same folder. It had a "dhcp4: true" notation, that I turned false, but in the meantime we can read the beginning of the file, that a

nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg 

file should be created with this content:
------------------------------------------------------------------

network:
    ethernets:
        enp3s0:
            dhcp4: false
    version: 2

------------------------------------------------------------------
save&exit

netplan apply

Warning / Warning / Warning - about your config files being too open. So simply : '/etc/netplan/chmod 600 *'
so all files will be read and write for root, and no-one else.

NO DHCP / OpenDNS

All is nice and cute, but your router might still be set up to use 1.1.1.1 or 8.8.8.8 for name resolving. To assure more of your anonymity, you should change your router settings too, just in case other devices are on the same router as you and you are also connected to them in the meantime.

INSTALL CISCO PACKET TRACER on UBUNTU 24.04

Normally you'll have some issues while installing packet tracer and the Cisco or Ubuntu recommendations won't work. 

Download your packet tracer first, that is obligatory.

Then download this:

   https://packages.ubuntu.com/jammy-updates/amd64/libgl1-mesa-glx/download

If the website states error go here:
   https://packages.ubuntu.com/
   Search for this package: libgl1-mesa-glx

Use chown 777 on both files (anyways after you'll delete them)

Then simply install both packages with apt. Not with dpkg !!!

• sudo apt install /home/levi/Downloads/libgl1-mesa-glx_23.0.4-0ubuntu1~22.04.1_amd64.deb 
• sudo apt install /home/levi/Downloads/CiscoPacketTracer822_amd64_signed.deb

That is it. After this, no more issues should pop up. It will work just fine. 

 

LINUX LOGs - local / remote audit

LOG Files are crucial to auditing linux. Including not only error handling, but seeing who logged in when and what did he do, emails in and out, startup issues, server issues and more. 

Previously we found that log list in /etc/rsyslog.conf.

More Recently in /etc/rsyslog.d/50-default.conf 

grep "/var/log" /etc/rsyslog.d/50-default.conf

----------------------------

What can be great function to us, is to centralize logging of multiple servers to one single server. If you were running apache/mysql/GLPI under Debian and Snort/Nagios under 1 or 2 CentOS, you can have all of the logs under your Ubuntu Server:

First you edit simply your /etc/rsyslog.conf file on your central server.
You simply have to untag two lines under "provides UDP syslog reception". UDP as it is less gourmand in case of network resources than a TCP protocol, what can be crucial when running a lot of local servers. Then we restart the logging with :
    systemctl restart rsyslog

With an ss -lptun we can check open ports:

Port 514 ready for UDP reception, as marked in rsyslog

---------------------

Under a nude server, like what we need for nagios of glpi, rsyslog is not necessary installed. We must apt install rsyslog . This is what I did for my Debian server. Then edit again rsyslog.conf on this server.
Symply add a line of authpriv.* @192.168.1.40:514   -> to log our stuff to our goal server. @@ --> tcp logging @ --> udp logging.

systemctl restart rsyslog

----------------------------------

We can return to our goal server and run a tail and leave it open.
tail -f /var/log/auth.log
Then for instance initiate an SSH connection, one way or another from or to our client server. It will be logged:
ssh 192.168.1.33

We can now see all actions of authentication logged onto our server. This is how simple it is, but in further blogs, we will dive deeper into auditing our linux server.  

------------------------------------

Then in /var/log/auth.log we can find info on logins and ssh connections
(/var/log/secure in redhat/centos or probably other non-rsyslog systems)

• grep login /var/log/auth.log
• grep ssh /var/log/auth.log
• journalctl | grep login     # for even more dated history on login
  
• journalctl | grep ssh       # for even more dated history on ssh

-----------------------------------

SYSTEM / START INFO on NIC (Network interface cards)
    # dmesg = 'display message'
    dmesg | grep e1000         # for ethernet adapter detect par kernel           
    
    # Info on Detection of NIC
    kern.log
    grep e1000 /var/log/kern.log
    # Info on config of NIC
    syslog
    grep enp0s3 /var/log/syslog

 INFO on REBOOT connections
    # in file wtmp  --> it is a binary file
    # used by log file reboot in other OSs
    last   # to see this under Ubuntu / Debian

-------------------------------

W/HO is Connected Right Now and doing what
    who       # who is connected right now
    w         # work who is doing what

 

 _dnhyper