[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/04: services: syslog: Log auth.info to /var/log/secure in default con
|
From: |
guix-commits |
|
Subject: |
04/04: services: syslog: Log auth.info to /var/log/secure in default configuration. |
|
Date: |
Fri, 21 Apr 2023 09:36:04 -0400 (EDT) |
apteryx pushed a commit to branch master
in repository guix.
commit 2c1e17071d8cb16d5eb44962a5b6565451b8cc34
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Wed Apr 12 20:52:39 2023 -0400
services: syslog: Log auth.info to /var/log/secure in default configuration.
This causes authentication failures such as those generated by SSH brute
force
attacks to appear in /var/log/secure, which is picked up by tools such as
fail2ban.
* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.
Series-to: 62802@debbugs.gnu.org
---
gnu/services/base.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 669027f6d1..75d4e7b741 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1521,7 +1521,9 @@ Service Switch}, for an example."
# The authpriv file has restricted access.
# 'fsync' the file after each line (hence the lack of a leading dash).
-authpriv.* /var/log/secure
+# Also include unprivileged auth logs of info or higher level
+# to conveniently gather the authentication data at the same place.
+authpriv.*;auth.info /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog