nightmorph 10/04/02 07:34:39 Modified: security-handbook.xml shb-logging.xml Log: get the security handbook more up-to-date with working syslog-ng configs
Revision Changes Path 1.4 xml/htdocs/doc/en/security/security-handbook.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/security-handbook.xml?rev=1.4&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/security-handbook.xml?rev=1.4&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/security-handbook.xml?r1=1.3&r2=1.4 Index: security-handbook.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handbook.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- security-handbook.xml 29 Nov 2006 15:21:33 -0000 1.3 +++ security-handbook.xml 2 Apr 2010 07:34:39 -0000 1.4 @@ -1,8 +1,8 @@ <?xml version='1.0' encoding='UTF-8'?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handbook.xml,v 1.3 2006/11/29 15:21:33 nightmorph Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handbook.xml,v 1.4 2010/04/02 07:34:39 nightmorph Exp $ --> <!DOCTYPE book SYSTEM "/dtd/book.dtd"> -<book link="/doc/en/security/security-handbook.xml"> +<book> <title>Gentoo Security Handbook</title> <author title="Author"> @@ -38,6 +38,9 @@ <author title="Editor"> <mail link="[email protected]">Dan Margolis</mail> </author> +<author title="Editor"> + <mail link="nightmorph"/> +</author> <abstract> This is a step-by-step guide for hardening Gentoo Linux. @@ -45,8 +48,8 @@ <license/> -<version>1.0</version> -<date>2005-05-31</date> +<version>1.1</version> +<date>2010-04-02</date> <!-- <section> @@ -54,18 +57,17 @@ <body> <p> -In version 0.6 (Backup) +(Backup) </p> <ul> <li>Arpwatch</li> -<li>Full system backup using Systemimager</li> <li>Partial backup using tar</li> <li>Backing up postgres</li> </ul> <p> -In version 0.8 (Penetration testing) +(Penetration testing) </p> <ul> <li>Remote audits</li> @@ -75,7 +77,7 @@ </ul> <p> -In version 1.0 (After a compromise) +(After a compromise) </p> <ul> <li>How to report an incident</li> @@ -86,17 +88,11 @@ <li>Restoring system</li> </ul> -<note> -Please note that each version concentrates on one subject at a time. This is for -quality assurance purposes. -</note> - </body> </section> --> <part> - <title>System Security</title> <abstract> Harden different parts of your system to make it more secure. @@ -213,6 +209,6 @@ </abstract> <include href="shb-uptodate.xml"/> </chapter> - </part> + </book> 1.6 xml/htdocs/doc/en/security/shb-logging.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-logging.xml?rev=1.6&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-logging.xml?rev=1.6&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-logging.xml?r1=1.5&r2=1.6 Index: shb-logging.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- shb-logging.xml 7 Mar 2007 01:51:52 -0000 1.5 +++ shb-logging.xml 2 Apr 2010 07:34:39 -0000 1.6 @@ -1,5 +1,5 @@ <?xml version='1.0' encoding='UTF-8'?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,v 1.5 2007/03/07 01:51:52 nightmorph Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,v 1.6 2010/04/02 07:34:39 nightmorph Exp $ --> <!DOCTYPE sections SYSTEM "/dtd/book.dtd"> <!-- The content of this document is licensed under the CC-BY-SA license --> @@ -7,8 +7,8 @@ <sections> -<version>1.2</version> -<date>2005-11-25</date> +<version>1.3</version> +<date>2010-04-02</date> <section> <title>Introduction</title> @@ -208,13 +208,24 @@ </p> <pre caption="/etc/syslog-ng/syslog-ng.conf"> -options { chain_hostnames(off); sync(0); }; +options { + chain_hostnames(no); + + <comment># The default action of syslog-ng is to log a STATS line + # to the file every 10 minutes. That's pretty ugly after a while. + # Change it to every 12 hours so you get a nice daily update of + # how many messages syslog-ng missed (0).</comment> + stats_freq(43200); +}; + +source src { + unix-stream("/dev/log" max-connections(256)); + internal(); +}; -#source where to read log -source src { unix-stream("/dev/log"); internal(); }; source kernsrc { file("/proc/kmsg"); }; -#define destinations +<comment># define destinations</comment> destination authlog { file("/var/log/auth.log"); }; destination syslog { file("/var/log/syslog"); }; destination cron { file("/var/log/cron.log"); }; @@ -235,10 +246,16 @@ destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; destination console { usertty("root"); }; + +<comment># By default messages are logged to tty12...</comment> destination console_all { file("/dev/tty12"); }; -destination xconsole { pipe("/dev/xconsole"); }; -#create filters +<comment># ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below.</comment> +#destination console_all { file("/dev/console"); }; + +<comment># create filters</comment> filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(authpriv, mail); }; filter f_cron { facility(cron); }; @@ -257,10 +274,10 @@ filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; -filter f_failed { match("failed"); }; -filter f_denied { match("denied"); }; +filter f_failed { message("failed"); }; +filter f_denied { message("denied"); }; -#connect filter and destination +<comment># connect filter and destination</comment> log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_cron); destination(cron); }; @@ -277,7 +294,7 @@ log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; -#default log +<comment># default log</comment> log { source(src); destination(console_all); }; </pre>
