[rsbac] creating secoff and logging to rsyslog, was: rsbac_init goes RSBAC_EINVALIDREQUEST with devicemapper

Palon Setin palons at danwin1210.me
Sun Dec 9 23:07:00 CET 2018



Jens Kasten:
> Hi
> 
> yes you setup the secoff user. Its just an user with uid and gid 400.
> Usally I named the user security and set the home director to /security
> on a single user machine.
> I have also the home directory on my destkop for this user in
> /home/admins/security.
> Its just a matter of taste.

It's not good that the security officer is called secoff, because it
sounds like security is off. Also security is two chars longer. But
anyway, I'd only change if secoff gets renamed in Rsbac main.

I want to try and see about logging next...
The command that I issued to get the below was:
# script typescript_rsbac
And it's about lots of duplicate lines in
/var/log/{messages,kern.log,syslog} by rsbac.

Script started on 2018-12-09 21:50:51+00:00
# ls -l /var/log/{messages,kern.log,syslog}
-rw-r----- 1 root root 5676679 2018-12-09 21:50 /var/log/kern.log
-rw-r----- 1 root adm  5387379 2018-12-09 21:50 /var/log/messages
-rw-r----- 1 root root 6064408 2018-12-09 21:50 /var/log/syslog
# wc -l /var/log/{messages,kern.log,syslog}
   16317 /var/log/messages
   18422 /var/log/kern.log
   22375 /var/log/syslog
   57114 total
# diff /var/log/{messages,kern.log} | wc -l
2200
# diff /var/log/{messages,syslog} | wc -l
6260
# cat /var/log/{messages,kern.log,syslog} > rbac_to_rsyslog_ALL.log
# wc -l rbac_to_rsyslog_ALL.log
57114 rbac_to_rsyslog_ALL.log
# cat /var/log/{messages,kern.log,syslog} |sort -u >
rbac_to_rsyslog_ALL_sort-u.log

# wc -l rbac_to_rsyslog_ALL_sort-u.log
22375 rbac_to_rsyslog_ALL_sort-u.log
# exit

Script done on 2018-12-09 21:52:04+00:00

This shows the issue that rsbac has with rsyslog. I have changed nothing
other that what I posted in this and the previous thread, so far.

This shows that I get on the order of 90% same log lines in messages and
kern.log, and it is different, but probably as bad with syslog (syslog
has different default logrotate settings; I have more or less the
default Debian family settings).

I'm only presenting the issue with this mail.

I need to look into rsyslog and its workings and get the idea how to
convert:
https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng
for my rsyslog.

Regards!

Palon Setin


More information about the rsbac mailing list