Harden Debian by Logwatching
As usual, Debian has autonomous logging system that generates a lot of activities tracking data. Sometimes, the size of the of the log is so big to the point an admin could not be helped to dig through them. Hence, there should be some kind of watcher to dive into the log for
Identified Threats
These are the identified threats related to Debian Software.
(T-46) No Watcher Installed to Process Log Files Periodically
By default, there is no log watcher software that process the large log files and report in.
(T-47) No Policy in Place to Control Log Sizes
By default, there is no policy for cleaning up the log files.
(T-48) No Remote Backup for Log Files
By default, there is no remote backup for storing these log files.
(T-49) Log File Permissions Are Not Audited
By default, the log file permissions are not audited and set to appropriate users.
Actions Required
Here are the list if actions to counter the issues.
Install LogWatcher or LogCheck Log File Analyzer
You can easily implement a log analyzer software like logwatch, logcheck and etc.
Install Logrotate to Control Logsize
To control the logs size, you can implement logrotate to rotate the log files automatically.
Setup scheduled Rsync or Use Loghost
To ensure /var/log
are remotely backup, you should schedule a rsync
session or loghost
to sync the log files to a remote archive server.
Revise Log File Permissions
Review all log files' permission for accessing them respectively. Perform "chmod 660
" if needed such as /var/log/lastlog
and /var/log/faillog
.
That's all for hardening Debian by enabling email notification.