KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b98a20cae82d8b4af567ffbbb61be9199f195985
football/config/cis-logs
Charles N Wyble 1339705f9d progress snapshot
2026-01-21 08:33:09 -05:00

215 lines
4.3 KiB
Plaintext
Raw Blame History

# CIS Debian 13 Benchmark - Log Rotation Configuration
# Implements CIS recommendations for secure log rotation
# Global rotation settings
weekly
rotate 52
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
# Security logs - longer retention
/var/log/security/*.log {
weekly
rotate 104
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# Authentication logs - high retention for forensic analysis
/var/log/security/auth.log /var/log/security/failed.log /var/log/security/login.log {
daily
rotate 365
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# Sudo logs - longer retention for audit purposes
/var/log/security/sudo.log {
daily
rotate 365
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# Audit logs - longer retention for compliance
/var/log/security/audit.log /var/log/audit/*.log {
weekly
rotate 104
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# System logs - standard retention
/var/log/security/messages /var/log/security/kern.log /var/log/security/daemon.log {
weekly
rotate 52
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# Network logs - standard retention
/var/log/security/network.log {
weekly
rotate 52
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# Security alerts - longer retention for incident analysis
/var/log/security/alerts.log {
daily
rotate 730
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate &>/dev/null || true
endscript
}
# AIDE integrity check logs
/var/log/aide/*.log {
weekly
rotate 104
compress
delaycompress
missingok
notifempty
create 0640 root adm
}
# Fail2ban logs
/var/log/fail2ban.log {
weekly
rotate 52
compress
delaycompress
missingok
notifempty
create 0640 root adm
sharedscripts
postrotate
service fail2ban reload >/dev/null 2>&1 || true
endscript
}
# Application logs - standard rotation
/var/log/remmina/*.log {
weekly
rotate 12
compress
delaycompress
missingok
notifempty
create 0640 user user
}
# IceWM logs - standard rotation
/var/log/icewm/*.log {
weekly
rotate 12
compress
delaycompress
missingok
notifempty
create 0640 user user
}
# WireGuard logs - important for network security
/var/log/wireguard/*.log {
weekly
rotate 52
compress
delaycompress
missingok
notifempty
create 0640 root adm
}
# Ensure secure permissions for all log directories
/var/log/security/ /var/log/audit/ /var/log/aide/ {
monthly
rotate 1
nocreate
compress
missingok
postrotate
find /var/log/security/ -type f -name "*.log" -exec chmod 0640 {} \;
find /var/log/security/ -type d -exec chmod 0750 {} \;
find /var/log/audit/ -type f -name "*.log" -exec chmod 0640 {} \;
find /var/log/audit/ -type d -exec chmod 0750 {} \;
find /var/log/aide/ -type f -name "*.log" -exec chmod 0640 {} \;
find /var/log/aide/ -type d -exec chmod 0750 {} \;
endscript
}
# Summary log rotation for compliance reporting
/var/log/security/summary.log {
monthly
rotate 60
compress
delaycompress
missingok
notifempty
create 0640 root adm
}
# Old system logs for historical reference
/var/log/syslog /var/log/messages /var/log/kern.log {
weekly
rotate 4
compress
delaycompress
missingok
notifempty
create 0640 root adm
}
Reference in New Issue View Git Blame Copy Permalink