refactor: Complete directory cleanup
Finalizes directory cleanup by removing obsolete files: - All old debootstrap build scripts (docker-*.sh, final-simple-build.sh) - All old documentation from root (BUILD-*.md, DOCKER-*.md) - Obsolete Dockerfiles (Dockerfile, Dockerfile.build) - Obsolete chroot-overlay/ directory (now using preseed.cfg) - Old build.sh (replaced by scripts/build-iso.sh) All files are now in proper directories: - scripts/: Build and test scripts - docs/: All documentation - config/: Configuration files - logs/: Log files - keys/: WireGuard keys Repository is clean and ready for production. 💘 Generated with Crush Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
@@ -1,119 +0,0 @@
|
||||
# CIS Benchmark - Centralized Logging Configuration
|
||||
# Implements CIS Debian Benchmark Section 4.2
|
||||
|
||||
# ============================================================================
|
||||
# Global Directives
|
||||
# ============================================================================
|
||||
|
||||
# Use RFC 5424 format
|
||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||
|
||||
# Set file permissions
|
||||
$FileOwner root
|
||||
$FileGroup adm
|
||||
$FileCreateMode 0640
|
||||
$DirCreateMode 0755
|
||||
$Umask 0022
|
||||
|
||||
# Rate limiting to prevent log flooding
|
||||
$SystemLogRateLimitInterval 5
|
||||
$SystemLogRateLimitBurst 500
|
||||
|
||||
# ============================================================================
|
||||
# Modules
|
||||
# ============================================================================
|
||||
|
||||
# Load kernel module
|
||||
$ModLoad imklog
|
||||
|
||||
# Load Mark module for periodic timestamps
|
||||
$ModLoad immark
|
||||
|
||||
# Load UDP module for remote logging (disabled for security)
|
||||
# $ModLoad imudp
|
||||
|
||||
# Load TCP module for remote logging (disabled for security)
|
||||
# $ModLoad imtcp
|
||||
|
||||
# ============================================================================
|
||||
# Log Destinations (Local Only - Remote Logging Disabled)
|
||||
# ============================================================================
|
||||
|
||||
# Kernel messages
|
||||
kern.* -/var/log/kern.log
|
||||
|
||||
# Authentication logs (CIS 4.2.1)
|
||||
auth,authpriv.* -/var/log/auth.log
|
||||
|
||||
# System mail
|
||||
mail.* -/var/log/mail.log
|
||||
|
||||
# Cron logs
|
||||
cron.* -/var/log/cron.log
|
||||
|
||||
# User messages
|
||||
*.=info;*.=notice;*.=warn -/var/log/messages
|
||||
|
||||
# Emergency messages
|
||||
*.emerg :omusrmsg:*
|
||||
|
||||
# ============================================================================
|
||||
# Security-Specific Logging
|
||||
# ============================================================================
|
||||
|
||||
# Sudo command logging
|
||||
if $programname == 'sudo' then -/var/log/sudo.log
|
||||
& stop
|
||||
|
||||
# Audit logging
|
||||
if $programname == 'auditd' then -/var/log/audit/audit.log
|
||||
& stop
|
||||
|
||||
# Security events
|
||||
if $programname contains 'security' then -/var/log/security.log
|
||||
& stop
|
||||
|
||||
# Network events
|
||||
if $programname contains 'network' then -/var/log/network.log
|
||||
& stop
|
||||
|
||||
# WireGuard logs
|
||||
if $programname == 'wg-quick' or $programname == 'wireguard' then -/var/log/wireguard.log
|
||||
& stop
|
||||
|
||||
# Firewall logs
|
||||
if $programname == 'iptables' then -/var/log/firewall.log
|
||||
& stop
|
||||
|
||||
# ============================================================================
|
||||
# Compliance Logging (CMMC/FedRAMP Requirements)
|
||||
# ============================================================================
|
||||
|
||||
# All administrative actions
|
||||
if $syslogseverity-text == 'info' and $msg contains 'user' then -/var/log/admin.log
|
||||
& stop
|
||||
|
||||
# Failed access attempts
|
||||
if $msg contains 'failure' or $msg contains 'failed' or $msg contains 'denied' then -/var/log/access.log
|
||||
& stop
|
||||
|
||||
# System changes
|
||||
if $msg contains 'changed' or $msg contains 'modified' then -/var/log/change.log
|
||||
& stop
|
||||
|
||||
# ============================================================================
|
||||
# Rate Limiting Per Facility
|
||||
# ============================================================================
|
||||
|
||||
# Rate limit syslog messages
|
||||
$Ruleset remote
|
||||
$ActionQueueType LinkedList
|
||||
$ActionQueueSize 100000
|
||||
*.* :omusrmsg:*
|
||||
|
||||
# ============================================================================
|
||||
# Discard Messages
|
||||
# ============================================================================
|
||||
|
||||
# Discard debug messages
|
||||
*.=debug ~
|
||||
Reference in New Issue
Block a user