services: syslog: Log auth.info to /var/log/secure in default configuration. This causes authentication failures such as those generated by SSH brute force attacks to appear in /var/log/secure, which is picked up by tools such as fail2ban. * gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for the /var/log/secure log. Series-to: 62802@debbugs.gnu.org
1 files changed, 3 insertions(+), 1 deletions(-) M gnu/services/base.scm
M gnu/services/base.scm => gnu/services/base.scm +3 -1
@@ 1521,7 1521,9 @@ Service Switch}, for an example." # The authpriv file has restricted access. # 'fsync' the file after each line (hence the lack of a leading dash). authpriv.* /var/log/secure # Also include unprivileged auth logs of info or higher level # to conveniently gather the authentication data at the same place. authpriv.*;auth.info /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog