auth.log gets filled up.


#1

Hi all,

The problem and workaround is described below. I know I could avoid the auth.log from getting filled up by setting firewall policies but in my case this isn’t possible because I need access from anywhere.

Problem: auth.log gets way to big due to brute force ssh attempts.

Workaround:

Make executable that truncates auth.log and add a task-scheduler in the configuration

–copy the vyatta-postconfig-bootup.script to a new file called authlog
-COMMANDS:
cp /config/scripts/vyatta-postconfig-bootup.script /config/scripts/authlog

–edit authlog executable and put in COMMAND: truncate -s 0 /var/log/auth.log

–create a system task-scheduler with an interval of 1 day to clear the auth.log daily
-COMMANDS:
set system task-schedule task AUTH_CLEAR interval 1d
set system task-scheduler task AUTH_CLEAR executable path /config/scripts/authlog


sidenote: this only works for vyos and NOT vyatta because there is no system task-scheduler foreseen.


#2

Another solution is to setup logrotate.d for auth.log