HardenedBSD/etc/newsyslog.conf
Brooks Davis bb4bd97c12 - Update etc/rc.d/newsyslog to FreeBSD standards and install it.
- Enable it by default, running newsyslog with -CN which creates files
   that have the C flag specified in /etc/newsyslog.conf.
 - Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
   newsyslog.
 - Add the C flag to entries in /etc/newsyslog.conf that are currently
   installed as part of the base system.

There are two effects from this change:
 - Users who delete default syslog files to stop logging to them
   will need to set newsyslog_enable=NO in rc.conf or remove the C
   flag from those file in /etc/newsyslog.conf or they will come back
   on the next boot.
 - Diskless systems now create the same set of files that ordinary
   systems have by default instead of every file in newsyslog.conf.
2005-03-02 00:40:55 +00:00

40 lines
1.8 KiB
Plaintext

# configuration file for newsyslog
# $FreeBSD$
#
# Entries which do not specify the '/pid_file' field will cause the
# syslogd process to be signalled when that log file is rotated. This
# action is only appropriate for log files which are written to by the
# syslogd process (ie, files listed in /etc/syslog.conf). If there
# is no process which needs to be signalled when a given log file is
# rotated, then the entry for that file should include the 'N' flag.
#
# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'.
#
# Note: some sites will want to select more restrictive protections than the
# defaults. In particular, it may be desirable to switch many of the 644
# entries to 640 or 600. For example, some sites will consider the
# contents of maillog, messages, and lpd-errs to be confidential. In the
# future, these defaults may change to more conservative ones.
#
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/all.log 600 7 * @T00 J
/var/log/amd.log 644 7 100 * J
/var/log/auth.log 600 7 100 * JC
/var/log/console.log 600 5 100 * J
/var/log/cron 600 3 100 * JC
/var/log/daily.log 640 7 * @T00 JN
/var/log/debug.log 600 7 100 * JC
/var/log/kerberos.log 600 7 100 * J
/var/log/lpd-errs 644 7 100 * JC
/var/log/maillog 640 7 * @T00 JC
/var/log/messages 644 5 100 * JC
/var/log/monthly.log 640 12 * $M1D0 JN
/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid
/var/log/ppp.log root:network 640 3 100 * JC
/var/log/security 600 10 100 * JC
/var/log/sendmail.st 640 10 * 168 B
/var/log/slip.log root:network 640 3 100 * JC
/var/log/weekly.log 640 5 1 $W6D0 JN
/var/log/wtmp 644 3 * @01T05 B
/var/log/xferlog 600 7 100 * JC