mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-22 08:53:41 +01:00
519c4f1816
instead of 0644 to help protect users against a file locking local denial of service. MFC after: 1 day pending RE approval
28 lines
1.2 KiB
Plaintext
28 lines
1.2 KiB
Plaintext
# configuration file for newsyslog
|
|
# $FreeBSD$
|
|
#
|
|
# Note: some sites will want to select more restrictive protections than the
|
|
# defaults. In particular, it may be desirable to switch many of the 644
|
|
# entries to 640 or 600. For example, some sites will consider the
|
|
# contents of maillog, messages, and lpd-errs to be confidential. In the
|
|
# future, these defaults may change to more conservative ones.
|
|
#
|
|
# logfilename [owner:group] mode count size when [ZJB] [/pid_file] [sig_num]
|
|
/var/log/cron 600 3 100 * Z
|
|
/var/log/amd.log 644 7 100 * Z
|
|
/var/log/auth.log 600 7 100 * Z
|
|
/var/log/kerberos.log 600 7 100 * Z
|
|
/var/log/lpd-errs 644 7 100 * Z
|
|
/var/log/maillog 640 7 * @T00 Z
|
|
/var/log/sendmail.st 640 10 * 168 B
|
|
/var/log/messages 644 5 100 * Z
|
|
/var/log/all.log 600 7 * @T00 Z
|
|
/var/log/slip.log root:network 640 3 100 * Z
|
|
/var/log/ppp.log root:network 640 3 100 * Z
|
|
/var/log/security 600 10 100 * Z
|
|
/var/log/wtmp 644 3 * @01T05 B
|
|
/var/log/daily.log 640 7 * @T00 Z
|
|
/var/log/weekly.log 640 5 1 $W6D0 Z
|
|
/var/log/monthly.log 640 12 * $M1D0 Z
|
|
/var/log/console.log 600 5 100 * Z
|