[bug#62802] [PATCH 4/4] services: syslog: Log auth.info to /var/log/secu

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#62802] [PATCH 4/4] services: syslog: Log auth.info to /var/log/secu

From:	Maxim Cournoyer
Subject:	[bug#62802] [PATCH 4/4] services: syslog: Log auth.info to /var/log/secure in default configuration.
Date:	Wed, 12 Apr 2023 21:24:07 -0400

This causes authentication failures such as those generated by SSH brute force
attacks to appear in /var/log/secure, which is picked up by tools such as
fail2ban.

* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.

---

 gnu/services/base.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 0cde151e1a..282d36c8b1 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1515,7 +1515,9 @@ (define %default-syslog.conf
 
 # The authpriv file has restricted access.
 # 'fsync' the file after each line (hence the lack of a leading dash).
-authpriv.*                              /var/log/secure
+# Also include unprivileged auth logs of info or higher level
+# to conveniently gather the authentication data at the same place.
+authpriv.*;auth.info                    /var/log/secure
 
 # Log all the mail messages in one place.
 mail.*                                 -/var/log/maillog
-- 
2.39.2

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#62802] [PATCH 0/4] Add reload action to syslog service., Maxim Cournoyer, 2023/04/12
- [bug#62802] [PATCH 1/4] services: syslog: Move configuration to /etc/syslog.conf., Maxim Cournoyer, 2023/04/12
  - [bug#62802] [PATCH 2/4] services: syslog: Add a reload action., Maxim Cournoyer, 2023/04/12
  - [bug#62802] [PATCH 4/4] services: syslog: Log auth.info to /var/log/secure in default configuration., Maxim Cournoyer <=
    - [bug#62802] [PATCH 0/4] Add reload action to syslog service., Ludovic Courtès, 2023/04/20
    - bug#62802: [PATCH 0/4] Add reload action to syslog service., Maxim Cournoyer, 2023/04/21
  - [bug#62802] [PATCH 3/4] services/syslog: Strip leading white space indent in syslog.conf., Maxim Cournoyer, 2023/04/12
  - [bug#62802] [PATCH 0/4] Add reload action to syslog service., Ludovic Courtès, 2023/04/20
    - [bug#62802] [PATCH 0/4] Add reload action to syslog service., Maxim Cournoyer, 2023/04/21
    - [bug#62802] [PATCH 0/4] Add reload action to syslog service., Ludovic Courtès, 2023/04/21

Prev by Date: [bug#62802] [PATCH 2/4] services: syslog: Add a reload action.
Next by Date: [bug#62802] [PATCH 1/4] services: syslog: Move configuration to /etc/syslog.conf.
Previous by thread: [bug#62802] [PATCH 2/4] services: syslog: Add a reload action.
Next by thread: [bug#62802] [PATCH 0/4] Add reload action to syslog service.
Index(es):
- Date
- Thread