diff --git a/moose.sh b/moose.sh index e812183..1e73de7 100644 --- a/moose.sh +++ b/moose.sh @@ -144,24 +144,30 @@ if [[ -n $hostname_var ]]; then fi fi - if [ "$disable_logging" = true ]; then - systemctl disable --now rsyslog - systemctl disable --now systemd-journald - systemctl disable --now systemd-journald.socket - systemctl disable --now systemd-journald-dev-log.socket - systemctl disable --now auditd + # Files to modify and make read-only and immutable + log_files=("/var/log/wtmp" "/var/log/btmp" "/var/run/utmp" "/var/log/lastlog") - # Make logs read-only - chmod 444 /var/log/wtmp - chmod 444 /var/log/btmp - chmod 444 /var/run/utmp - chmod 444 /var/log/lastlog + # Disable logging services + for service in rsyslog systemd-journald systemd-journald.socket systemd-journald-dev-log.socket auditd logrotate logrotate.timer; do + if systemctl is-active --quiet "$service"; then + systemctl disable --now "$service" + fi + done - systemctl disable --now logrotate - systemctl disable --now logrotate.timer + # Modify rsyslog configuration + if [ -f /etc/rsyslog.conf ]; then + sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf + fi - sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf + # Make log files read-only and immutable + for log in "${log_files[@]}"; do + if [ -f "$log" ]; then + > "$log" + chmod 444 "$log" + chattr +i "$log" + fi + done fi if [ "$change_ssh_port" = true ]; then