[rsbac] creating secoff and logging to rsyslog, was: rsbac_init goes RSBAC_EINVALIDREQUEST with devicemapper
Palon Setin
palons at danwin1210.me
Mon Dec 10 14:12:00 CET 2018
Amon Ott:
> Am 09.12.18 um 23:07 schrieb Palon Setin:
>> It's not good that the security officer is called secoff, because it
>> sounds like security is off. Also security is two chars longer. But
>> anyway, I'd only change if secoff gets renamed in Rsbac main.
>
> We have been using security here for years - your fingers get used to
> that name quickly. :)
Great, but it isn't reflected in the documentation.
> So far, you seem to have done the right steps. Duplicated lines in
> kern.log and syslog are normal for all kernel messages - Debian puts all
> kernel messages into both files.
Yeah.
> In /etc/rsyslog.conf you can extend the -/var/log/syslog specification
> with ,kern.warn to hopefully get rid of all kernel messages below
> warning level.
The line in /etc/rsyslog.conf reads, as per the default:
*.*;auth,authpriv.none -/var/log/syslog
I modified it to read:
*.*;auth,authpriv.none -/var/log/syslog,kern.warn
But now, after "service rsyslog restart", I get a new log file instead:
# ls -l /var/log/syslog,kern.warn
-rw-r----- 1 root adm 583 2018-12-10 13:00 /var/log/syslog,kern.warn
So I probably didn't do what you suggested... Ah, I see, I probably need
to modify it to read:
*.*;auth,authpriv.none,kern.warn -/var/log/syslog
Yes, that will probably be it.
I was still thinking, syslog-ng and rsyslog are very different, there
does not seem a simple way to convert
https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng
to get all RSBAC logging into /secoff/log/<files> like there?
> In /etc/sysctl.conf I recommend kernel.printk = 3 4 1 3
> to keep consoles clean.
This was matter of uncommenting. Done.
>
> Amon.
Great to read from the boss :) ! Thanks!
Palon Setin
More information about the rsbac
mailing list