beautypg.com

5 securing consolidated logs, 1 log file protections, 2 ssh port forwarding – HP Linux Server Management Software User Manual

Page 78: 1 log file protections 3.5.2 ssh port forwarding, Ssh port

background image

2.

Edit the /etc/sysconfig/syslog-ng file and change the CLOG_CONFIGURED line to
the following:

CLOG_CONFIGURED=0

Remove all other CLOG lines except for the following:

CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log

3.

If ssh port forwarding had been configured, remove the following line from /etc/
services

:

clog_ssh /tcp # Consolidated logging with ssh port forwarding

3.4.4 Disabling a Serviceguard Cluster Log Forwarding Client

Perform the following steps to disable log forwarding. Complete these steps on each cluster
member:

1.

Stop syslog-ng:

# /etc/init.d/syslog-ng stop

This stops the syslog-ng daemon, stops ssh port forwarding if configured, and stops
package log forwarding if configured.

2.

Edit the /etc/sysconfig/syslog-ng file and change the CLOG_CONFIGURED line to
CLOG_CONFIGURED=0

. Remove all other CLOG lines except for the following:

CLOG_LAYOUTS_DIR=/var/opt/dsau/layouts
CLOG_ADDITIONAL_LOG_DIRS[0]=/var/log

3.

If ssh port forwarding had been configured, remove the following line from /etc/
services

:

clog_ssh /tcp # Consolidated logging with ssh port forwarding

3.5 Securing Consolidated Logs

On a standard Linux system, all users can view the system’s local /var/log/messages. Access
to consolidated logs is typically restricted. The log consolidation server system itself is usually
a restricted access system with strict security policies in place.

3.5.1 Log File Protections

One level of protection is the permissions on the consolidated log files themselves. This is
controlled using the syslog-ng.conf.server file. Each syslog-ng “file” destination can have
specific permissions specified. If the log directory for a consolidated file does not exist, syslog-ng
can be instructed to create it (create_dirs(yes)) and set the directory’s ownership and permissions
on the directory as well. For example,

destination d_file { file(“/clog/test/example.log” );
dir_owner(root);
dir_group(sys);
dir_perm(0600);
owner(root);
group(sys);
perm(0600);
};

3.5.2 ssh Port Forwarding

ssh

port forwarding sets up a tunnel for the log traffic between the syslog-ng log forwarding

client and the syslog-ng log consolidation server. This ssh-based tunnel is only available when
using the TCP transport, not UDP. Also, ssh port forwarding is not used when forwarding log

78

Consolidated Logging

See also other documents in the category HP Software: