[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#62802] [PATCH 4/4] services: syslog: Log auth.info to /var/log/secu
[bug#62802] [PATCH 4/4] services: syslog: Log auth.info to /var/log/secure in default configuration.
Wed, 12 Apr 2023 21:24:07 -0400
This causes authentication failures such as those generated by SSH brute force
attacks to appear in /var/log/secure, which is picked up by tools such as
* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.
gnu/services/base.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 0cde151e1a..282d36c8b1 100644
@@ -1515,7 +1515,9 @@ (define %default-syslog.conf
# The authpriv file has restricted access.
# 'fsync' the file after each line (hence the lack of a leading dash).
+# Also include unprivileged auth logs of info or higher level
+# to conveniently gather the authentication data at the same place.
# Log all the mail messages in one place.