Security tip for OpenBSD (works with FreeBSD)

04-07-2002, 09:00 PM

You know all these log messages you get on the console? *It's possible to put them in a log file, in case your firewall does not have a monitor. *Here are the steps:

1. Edit /etc/newsyslog.conf:
Where all the log files are, append this line:

Code:

/var/log/console.log * * * * * * * * * *640 *5 * *250 ** * * Z

2. Edit /etc/syslog.conf:
change these 4 lines:

Code:

*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */dev/console
&lt;snip&gt;
*.err * * * * * * * * * * * * * * * * * * * * * * * * * /dev/console
*.notice;auth.debug * * * * * ** * * * * * * * * * * * /dev/console
*.alert * * * * * * * * * * * * * * * ** * * * * * * * */dev/console

to read:

Code:

*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */var/log/console.log
&lt;snip&gt;
*.err * * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log
*.notice;auth.debug * * * * * * * * * * * * * * * * * * /var/log/console.log
*.alert * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log

3. Create the /var/log/console.log and set the proper permissions
# touch /var/log/console.log
# chmod 640 /var/log/console.log

4. Restart syslog:
# kill -HUP <syslog PID>

This way, you can see logins, failed logins, ssh attempts, etc. in a log file which you can tail -f. *Very useful. *The more you know about what's going on, the better and this technique makes it easy to know a lot!

**kenshi** · 04-08-2002, 07:01 AM

Nice tip. If I ever set up a box strictly as a gateway or special server, that would be nice to know. I'll probably forget by then but that's my problem.

04-08-2002, 09:52 AM

Well, if your box is connected directly to the net and that you do not check /dev/console often, it's a good thing anyway. You just use root-tail to have the output on your root window.