--- Begin Message ---
Subject: |
[PATCH 0/4] Add reload action to syslog service. |
Date: |
Wed, 12 Apr 2023 21:15:30 -0400 |
Hi,
This series was motivated by investigations as to why the fail2ban would not
trigger bans although my SSH port was under constant brute force attacks. It
turns out that it was because by default fail2ban consults /var/log/secure to
for the authentication logs, at least that's how our fail2ban package in Guix
behaves.
So this patch series does two things:
1. It adds a reload action, useful to test without rebooting the graphical
session.
2. It adds the missing auth.info log to /var/log/secure so that a fail2ban
sshd jail works out of the box on Guix System.
Thanks!
Maxim Cournoyer (4):
services: syslog: Move configuration to /etc/syslog.conf.
services: syslog: Add a reload action.
services/syslog: Strip leading white space indent in syslog.conf.
services: syslog: Log auth.info to /var/log/secure in default
configuration.
doc/guix.texi | 12 ++++
gnu/services/base.scm | 128 ++++++++++++++++++++++++++----------------
2 files changed, 92 insertions(+), 48 deletions(-)
base-commit: 0fe2c78cac19acfb46c3bc365075293e51e0e5aa
--
2.39.2
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#62802: [PATCH 0/4] Add reload action to syslog service. |
Date: |
Fri, 21 Apr 2023 09:36:52 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Hello,
Ludovic Courtès <ludo@gnu.org> writes:
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> This causes authentication failures such as those generated by SSH brute
>> force
>> attacks to appear in /var/log/secure, which is picked up by tools such as
>> fail2ban.
>
> Nice, go for it!
Great, the change is now installed. Thanks for the review!
--
Thanks,
Maxim
--- End Message ---