|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
Disable connection logging for a specfic service (/var/log/secure)
Post 302477249 by TehOne on Friday 3rd of December 2010 07:50:27 PM
12-03-2010
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
hi,
what is the difference between logging into unix through f-secure ssh client and telnet
is there any more security check is involved
can any one explain
thanks in advance (1 Reply)
Discussion started by: trichyselva
1 Replies
2. SCO
Dear All,
Kindly guide how to Disable the SNMP Service on sco unix release 5.0
Regards (2 Replies)
Discussion started by: sak900354
2 Replies
3. Red Hat
Hello all,
I recently deleted some lines from the messages and secure files, in /var/log and now they are not keeping a log anymore. The last update shows the date of when I deleted the lines.
I had to delete some failed login attempts to stop denyhosts from blocking the ips (probably not the... (3 Replies)
Discussion started by: z1dane
3 Replies
4. Shell Programming and Scripting
What is difference in the below Two commands?
1) tlsftp -v -d -i -a -z verify=0 opts=17 $SERVERNAME << !
2) tlsftp -i -v -n ${ SERVERNAME } << !
Presently I am using the second command for get the files from Mainframe system to Unix system. But it is not secure.
Now i want to... (0 Replies)
Discussion started by: gbellamk
0 Replies
5. Linux
Hello,
is there a way to disable connection logging for a specific service? Or eventually to disable /var/log/secure in general?
Closed. Double post (0 Replies)
Discussion started by: TehOne
0 Replies
6. Cybersecurity
Hello everyone. I'm a newbie and this is my first post, and I'm hoping to get some help understanding what happened on my server. I did as much research as I could, but now I turn to the forums for help :)
I've set up a VPS server and I "thought" I had good enough security on it, but all of a... (2 Replies)
Discussion started by: antondev
2 Replies
7. Solaris
hello all,
i have a question if i have two servers each one run an application i want to make a tunnel channel between the two servers the two application each one has a specific port .
for example server A has port 2001 and server B has port 2002
server A talk to server A using any... (1 Reply)
Discussion started by: maxim42
1 Replies
8. Red Hat
Hi,
We all know as we can connect remote system through ssh without entering username and password by copy the public key to remote host using ssh-copy-id. But my query is to i want to restrict the user as do not implement this feature.Whenever he is trying to login, he has to enter his/her... (1 Reply)
Discussion started by: mastansaheb
1 Replies
9. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
LEARN ABOUT CENTOS
systemd-journald.service
SYSTEMD-JOURNALD.SERVICE(8) systemd-journald.service SYSTEMD-JOURNALD.SERVICE(8) NAME
systemd-journald.service, systemd-journald.socket, systemd-journald - Journal service SYNOPSIS
systemd-journald.service systemd-journald.socket /usr/lib/systemd/systemd-journald DESCRIPTION
systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from the kernel, from user processes via the libc syslog(3) call, from STDOUT/STDERR of system services or via its native API. It will implicitly collect numerous meta data fields for each log messages in a secure and unfakeable way. See systemd.journal-fields(7) for more information about the collected meta data. Log data collected by the journal is primarily text-based but can also include binary data where necessary. All objects stored in the journal can be up to 2^64-1 bytes in size. By default, the journal stores log data in /run/log/journal/. Since /run/ is volatile, log data is lost at reboot. To make the data persistent, it is sufficient to create /var/log/journal/ where systemd-journald will then store the data. systemd-journald will forward all received log messages to the AF_UNIXSOCK_DGRAM socket /run/systemd/journal/syslog, if it exists, which may be used by Unix syslog daemons to process the data further. See journald.conf(5) for information about the configuration of this service. SIGNALS
SIGUSR1 Request that journal data from /run/ is flushed to /var/ in order to make it persistent (if this is enabled). This must be used after /var/ is mounted, as otherwise log data from /run is never flushed to /var regardless of the configuration. SIGUSR2 Request immediate rotation of the journal files. KERNEL COMMAND LINE
A few configuration parameters from journald.conf may be overridden on the kernel command line: systemd.journald.forward_to_syslog=, systemd.journald.forward_to_kmsg=, systemd.journald.forward_to_console= Enables/disables forwarding of collected log messages to syslog, the kernel log buffer or the system console. See journald.conf(5) for information about these settings. ACCESS CONTROL
Journal files are, by default, owned and readable by the "systemd-journal" system group but are not writable. Adding a user to this group thus enables her/him to read the journal files. By default, each logged in user will get her/his own set of journal files in /var/log/journal/. These files will not be owned by the user, however, in order to avoid that the user can write to them directly. Instead, file system ACLs are used to ensure the user gets read access only. Additional users and groups may be granted access to journal files via file system access control lists (ACL). Distributions and administrators may choose to grant read access to all members of the "wheel" and "adm" system groups with a command such as the following: # setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ Note that this command will update the ACLs both for existing journal files and for future journal files created in the /var/log/journal/ directory. FILES
/etc/systemd/journald.conf Configure systemd-journald behaviour. See journald.conf(5). /run/log/journal/machine-id/*.journal, /run/log/journal/machine-id/*.journal~, /var/log/journal/machine-id/*.journal, /var/log/journal/machine-id/*.journal~ systemd-journald writes entries to files in /run/log/journal/machine-id/ or /var/log/journal/machine-id/ with the ".journal" suffix. If the daemon is stopped uncleanly, or if the files are found to be corrupted, they are renamed using the ".journal~" suffix, and systemd-journald starts writing to a new file. /run is used when /var/log/journal is not available, or when Storage=volatile is set in the journald.conf(5) configuration file. SEE ALSO
systemd(1), journalctl(1), journald.conf(5), systemd.journal-fields(7), sd-journal(3), setfacl(1), pydoc systemd.journal. systemd 208 SYSTEMD-JOURNALD.SERVICE(8)