o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.
o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).
This creates a special authentication log, which can now be searched
by scripts for authentication events.
systems due to sshd not using the security log class. Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.
Submitted by: aeonflux@synapse.subneural.net
MFC after: 4 weeks
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.
Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism. Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.
Approved by: jkh
Reviewed by: freebsd-security
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
news.notice info should not be sent to /var/log/messages, as news has
its own set of logs and notice is overused by inn
added entries for newsservers (but they're commented out)
Further it implements crontab -e.
I moved cron from /usr/libexec to /usr/sbin where most daemons are
that are run from rc. That also gets rid of the ugly path crond
used to have in ps(1) outputs. Further I renamed it to cron, as
Paul Vixie likes it and is done by NetBSD.
NOTE VERY WELL THE FOLLOWING:
1) Systems crontab changed. Every users crontab resides in /var/cron
*EXCEPT* root's. This is a special crontab as it resides in
/etc. Further it is the *ONLY* crontab file in which you specify
usernames. See /usr/src/etc/crontab. This is also done by BSDI's
BSD/386 as far as I know (they provided the patches for it anyway)
2) So you *must* delete root's crontab and reinstall the copy
in /etc from /usr/src/etc.
'Must' is to much: the old installed crontab will work but cron
will also try to 'run' /etc/crontab.
3) Last but not least: cron's logging is now done via syslog. Note
that logging by cron is done lowercase when it logs about itsself
and uppercase when it logs user events, like installing a new crontab.
The default logfile file is the same as before:
syslog.conf:cron.* /var/cron/log
-Guido