optimize logging disable
This commit is contained in:
parent
00f33c1f01
commit
eab778a3bc
34
moose.sh
34
moose.sh
|
@ -144,24 +144,30 @@ if [[ -n $hostname_var ]]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ "$disable_logging" = true ]; then
|
||||
systemctl disable --now rsyslog
|
||||
systemctl disable --now systemd-journald
|
||||
systemctl disable --now systemd-journald.socket
|
||||
systemctl disable --now systemd-journald-dev-log.socket
|
||||
systemctl disable --now auditd
|
||||
# Files to modify and make read-only and immutable
|
||||
log_files=("/var/log/wtmp" "/var/log/btmp" "/var/run/utmp" "/var/log/lastlog")
|
||||
|
||||
# Make logs read-only
|
||||
chmod 444 /var/log/wtmp
|
||||
chmod 444 /var/log/btmp
|
||||
chmod 444 /var/run/utmp
|
||||
chmod 444 /var/log/lastlog
|
||||
# Disable logging services
|
||||
for service in rsyslog systemd-journald systemd-journald.socket systemd-journald-dev-log.socket auditd logrotate logrotate.timer; do
|
||||
if systemctl is-active --quiet "$service"; then
|
||||
systemctl disable --now "$service"
|
||||
fi
|
||||
done
|
||||
|
||||
systemctl disable --now logrotate
|
||||
systemctl disable --now logrotate.timer
|
||||
# Modify rsyslog configuration
|
||||
if [ -f /etc/rsyslog.conf ]; then
|
||||
sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf
|
||||
fi
|
||||
|
||||
sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf
|
||||
# Make log files read-only and immutable
|
||||
for log in "${log_files[@]}"; do
|
||||
if [ -f "$log" ]; then
|
||||
> "$log"
|
||||
chmod 444 "$log"
|
||||
chattr +i "$log"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "$change_ssh_port" = true ]; then
|
||||
|
|
Loading…
Reference in New Issue