Message ID | 20230413012408.2759-4-maxim.cournoyer@gmail.com |
---|---|
State | New |
Headers | show |
Series | Add reload action to syslog service. | expand |
Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: > This causes authentication failures such as those generated by SSH brute force > attacks to appear in /var/log/secure, which is picked up by tools such as > fail2ban. Nice, go for it! Ludo’.
Hello, Ludovic Courtès <ludo@gnu.org> writes: > Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: > >> This causes authentication failures such as those generated by SSH brute force >> attacks to appear in /var/log/secure, which is picked up by tools such as >> fail2ban. > > Nice, go for it! Great, the change is now installed. Thanks for the review!
diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 0cde151e1a..282d36c8b1 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1515,7 +1515,9 @@ (define %default-syslog.conf # The authpriv file has restricted access. # 'fsync' the file after each line (hence the lack of a leading dash). -authpriv.* /var/log/secure +# Also include unprivileged auth logs of info or higher level +# to conveniently gather the authentication data at the same place. +authpriv.*;auth.info /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog