optimize logging disable
This commit is contained in:
parent
00f33c1f01
commit
eab778a3bc
34
moose.sh
34
moose.sh
@ -144,24 +144,30 @@ if [[ -n $hostname_var ]]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ "$disable_logging" = true ]; then
|
if [ "$disable_logging" = true ]; then
|
||||||
systemctl disable --now rsyslog
|
# Files to modify and make read-only and immutable
|
||||||
systemctl disable --now systemd-journald
|
log_files=("/var/log/wtmp" "/var/log/btmp" "/var/run/utmp" "/var/log/lastlog")
|
||||||
systemctl disable --now systemd-journald.socket
|
|
||||||
systemctl disable --now systemd-journald-dev-log.socket
|
|
||||||
systemctl disable --now auditd
|
|
||||||
|
|
||||||
# Make logs read-only
|
# Disable logging services
|
||||||
chmod 444 /var/log/wtmp
|
for service in rsyslog systemd-journald systemd-journald.socket systemd-journald-dev-log.socket auditd logrotate logrotate.timer; do
|
||||||
chmod 444 /var/log/btmp
|
if systemctl is-active --quiet "$service"; then
|
||||||
chmod 444 /var/run/utmp
|
systemctl disable --now "$service"
|
||||||
chmod 444 /var/log/lastlog
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
systemctl disable --now logrotate
|
# Modify rsyslog configuration
|
||||||
systemctl disable --now logrotate.timer
|
if [ -f /etc/rsyslog.conf ]; then
|
||||||
|
sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf
|
||||||
|
fi
|
||||||
|
|
||||||
sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf
|
# Make log files read-only and immutable
|
||||||
|
for log in "${log_files[@]}"; do
|
||||||
|
if [ -f "$log" ]; then
|
||||||
|
> "$log"
|
||||||
|
chmod 444 "$log"
|
||||||
|
chattr +i "$log"
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$change_ssh_port" = true ]; then
|
if [ "$change_ssh_port" = true ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user