Setting up Logwatch, SSMTP and Iptables or Arch Linux (Raspberry Pi)

This post is a follow up for tuning the default Arch Linux installation on Raspberry Pi. Today’s plan is to install Logwatch and SSMTP to have some monitoring in place, as well as to configure some basic firewall rules.

General disclaimer applies, no liability will be accepted for any loss or damage, use at your own risk and do frequent backups!

Logwatch and Syslog-ng

Since logwatch is not yet ported to systemd (at the time I write this), the only option seems to be to have systemd to forward logs to syslog-ng. Let’s start with getting syslog-ng installed:

# pacman -S syslog-ng

We have to enable the service and reboot the system:

# systemctl enable syslog-ng
# reboot

Install and Configure SSMTP

We will use SSMTP to send email notifications from the Pi. Install:

# pacman -S ssmtp

Open the configuration file:

# vim /etc/ssmtp/ssmtp.conf

Change the following settings appropriately (make sure your details are correct):

[email protected]
FromLineOverride=yes #enables to use mail -r option

SSMTP configuration file contains our email login details, therefore it’s a good practice to restrict access for regular users:

# chmod 0600 /etc/ssmtp/ssmtp.conf

We should be able to send a test email now:

# echo test | mail -v -s "testing ssmtp setup" [email protected]

Install and Configure Logwatch

Install logwatch:

# pacman -S logwatch

The configuration file at /usr/share/logwatch/default.conf/logwatch.conf contains all the default settings and comments on what they do. It is recommended to leave the default conf alone and instead re-define a setting variable you want to change in /etc/logwatch/conf/logwatch.conf. Default settings are OK, we would just like to change some variables:

# cat > /etc/logwatch/conf/logwatch.conf << EOL
Detail = 5 
Output = mail
MailTo = [email protected]
MailFrom = [email protected]
Service = "-kernel"

All done here, logwatch is ready to keep an eye on ours logs.


Firewall is not needed if the Pi resides behind a trusted NAT, however, it is always a good practice to configure some basic iptables rules to be in place. Open the file:

# vim /etc/iptables/iptables.rules

Add the following rules:

-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d -j REJECT
-A INPUT -p tcp --dport 12 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

As you may remember, we have previously configured SSH server to listen on TCP port 12. Other TCP ports, 80 and 443, will be used later for Mediawiki.

Note for myself: “We use REJECT rather than DROP here, because RFC 1122 3.3.8 requires hosts return ICMP errors whenever possible, instead of dropping packets. In reality, it is best to REJECT packets from hosts who should know about your server’s existence, and DROP packets from hosts who should not even know your server exists, or those who appear “up to something”.

Import iptables rules:

# iptables-restore < /etc/iptables/iptables.rules

And don’t forget to enable and start the service:

# systemctl enable iptables.service
# systemctl start iptables.service

Reload iptables to pick up any changes you have made:

# systemctl reload iptables

Next thing on a list – set up LAMP.

One thought on “Setting up Logwatch, SSMTP and Iptables or Arch Linux (Raspberry Pi)

  1. Nice post, glad to see people are reading Arch Wiki. Also, +1 for SSMTP. It’s perfect if all you need to do is to forward some system emails without having to set up a mail server.

Comments are closed.