services: syslog: Log auth.info to /var/log/secure in default configuration.

This causes authentication failures such as those generated by SSH brute force attacks to appear in /var/log/secure, which is picked up by tools such as fail2ban. * gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for the /var/log/secure log. Series-to: 62802@debbugs.gnu.org
2023-04-12 20:52:39 -04:00 · 2023-04-12 20:52:39 -04:00 · 2c1e17071d
commit 2c1e17071d
parent 9f890e39e4
1 changed files with 3 additions and 1 deletions
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@ -1521,7 +1521,9 @@ Service Switch}, for an example."

 # The authpriv file has restricted access.
 # 'fsync' the file after each line (hence the lack of a leading dash).
-authpriv.*                              /var/log/secure
+# Also include unprivileged auth logs of info or higher level
+# to conveniently gather the authentication data at the same place.
+authpriv.*;auth.info                    /var/log/secure

 # Log all the mail messages in one place.
 mail.*                                 -/var/log/maillog