services: syslog: Log auth.info to /var/log/secure in default configuration.

This causes authentication failures such as those generated by SSH brute force attacks to appear in /var/log/secure, which is picked up by tools such as fail2ban. * gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for the /var/log/secure log. Series-to: 62802@debbugs.gnu.org
author: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2023-04-12 20:52:39 -0400
committer: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2023-04-21 09:04:40 -0400
commit: 2c1e17071d8cb16d5eb44962a5b6565451b8cc34 (patch)
tree: 63c44c19c194f676677c2af2a92de9782822f3b0 /gnu/services
parent: 9f890e39e4fb8798e15b8cd2ce77261740b6d875 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 669027f6d1..75d4e7b741 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1521,7 +1521,9 @@ Service Switch}, for an example."
 
 # The authpriv file has restricted access.
 # 'fsync' the file after each line (hence the lack of a leading dash).
-authpriv.*                              /var/log/secure
+# Also include unprivileged auth logs of info or higher level
+# to conveniently gather the authentication data at the same place.
+authpriv.*;auth.info                    /var/log/secure
 
 # Log all the mail messages in one place.
 mail.*                                 -/var/log/maillog
author	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2023-04-12 20:52:39 -0400
committer	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2023-04-21 09:04:40 -0400
commit	2c1e17071d8cb16d5eb44962a5b6565451b8cc34 (patch)
tree	63c44c19c194f676677c2af2a92de9782822f3b0 /gnu/services
parent	9f890e39e4fb8798e15b8cd2ce77261740b6d875 (diff)