As usual, Debian has autonomous logging system that generates a lot of activities tracking data. Sometimes, the size of the of the log is so big to the point an admin could not be helped to dig through them. Hence, there should be some kind of watcher to dive into the log for
These are the identified threats related to Debian Software.
By default, there is no log watcher software that process the large log files and report in.
By default, there is no policy for cleaning up the log files.
By default, there is no remote backup for storing these log files.
By default, the log file permissions are not audited and set to appropriate users.
Here are the list if actions to counter the issues.
You can easily implement a log analyzer software like logwatch, logcheck and etc.
To control the logs size, you can implement logrotate to rotate the log files automatically.
To ensure /var/log
are remotely backup, you should schedule a rsync
session or loghost
to sync the log files to a remote archive server.
Review all log files' permission for accessing them respectively. Perform "chmod 660
" if needed such as /var/log/lastlog
and /var/log/faillog
.
That's all for hardening Debian by enabling email notification.