mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-25 18:12:57 +01:00
bb4bd97c12
- Enable it by default, running newsyslog with -CN which creates files that have the C flag specified in /etc/newsyslog.conf. - Remove the "newsyslog -CC" call from etc/rc.d/var and the check for newsyslog. - Add the C flag to entries in /etc/newsyslog.conf that are currently installed as part of the base system. There are two effects from this change: - Users who delete default syslog files to stop logging to them will need to set newsyslog_enable=NO in rc.conf or remove the C flag from those file in /etc/newsyslog.conf or they will come back on the next boot. - Diskless systems now create the same set of files that ordinary systems have by default instead of every file in newsyslog.conf.
40 lines
1.8 KiB
Plaintext
40 lines
1.8 KiB
Plaintext
# configuration file for newsyslog
|
|
# $FreeBSD$
|
|
#
|
|
# Entries which do not specify the '/pid_file' field will cause the
|
|
# syslogd process to be signalled when that log file is rotated. This
|
|
# action is only appropriate for log files which are written to by the
|
|
# syslogd process (ie, files listed in /etc/syslog.conf). If there
|
|
# is no process which needs to be signalled when a given log file is
|
|
# rotated, then the entry for that file should include the 'N' flag.
|
|
#
|
|
# The 'flags' field is one or more of the letters: BCGJNUWZ or a '-'.
|
|
#
|
|
# Note: some sites will want to select more restrictive protections than the
|
|
# defaults. In particular, it may be desirable to switch many of the 644
|
|
# entries to 640 or 600. For example, some sites will consider the
|
|
# contents of maillog, messages, and lpd-errs to be confidential. In the
|
|
# future, these defaults may change to more conservative ones.
|
|
#
|
|
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
|
|
/var/log/all.log 600 7 * @T00 J
|
|
/var/log/amd.log 644 7 100 * J
|
|
/var/log/auth.log 600 7 100 * JC
|
|
/var/log/console.log 600 5 100 * J
|
|
/var/log/cron 600 3 100 * JC
|
|
/var/log/daily.log 640 7 * @T00 JN
|
|
/var/log/debug.log 600 7 100 * JC
|
|
/var/log/kerberos.log 600 7 100 * J
|
|
/var/log/lpd-errs 644 7 100 * JC
|
|
/var/log/maillog 640 7 * @T00 JC
|
|
/var/log/messages 644 5 100 * JC
|
|
/var/log/monthly.log 640 12 * $M1D0 JN
|
|
/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid
|
|
/var/log/ppp.log root:network 640 3 100 * JC
|
|
/var/log/security 600 10 100 * JC
|
|
/var/log/sendmail.st 640 10 * 168 B
|
|
/var/log/slip.log root:network 640 3 100 * JC
|
|
/var/log/weekly.log 640 5 1 $W6D0 JN
|
|
/var/log/wtmp 644 3 * @01T05 B
|
|
/var/log/xferlog 600 7 100 * JC
|