Default logcheck settings are good

This commit is contained in:
Wojciech Kozlowski 2022-12-28 19:01:22 +01:00
parent 4ebf9a4e14
commit 993636e724
3 changed files with 1 additions and 102 deletions

View File

@ -1,96 +0,0 @@
# The following variable settings are the initial default values,
# which can be uncommented and modified to alter logcheck's behaviour
# Controls the format of date-/time-stamps in subject lines:
# Alternatively, set the format to suit your locale
#DATE="$(date +'%Y-%m-%d %H:%M')"
# Controls the presence of boilerplate at the top of each message:
# Alternatively, set to "0" to disable the introduction.
#
# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
# are present their contents will be read and used as the header and
# footer of any generated mails.
#INTRO=1
# Controls the level of filtering:
# Can be Set to "workstation", "server" or "paranoid" for different
# levels of filtering. Defaults to server if not set.
REPORTLEVEL="server"
# Controls the address mail goes to:
# *NOTE* the script does not set a default value for this variable!
# Should be set to an offsite "emailaddress@some.domain.tld"
SENDMAILTO="root"
# Send the results as attachment or not.
# 0=not as attachment; 1=as attachment; 2=as gzip attachment
# Default is 0
MAILASATTACH=0
# Should the hostname in the subject of generated mails be fully qualified?
FQDN=1
# Controls whether "sort -u" is used on log entries (which will
# eliminate duplicates but destroy the original ordering); the
# default is to use "sort -k 1,3 -s":
# Alternatively, set to "1" to enable unique sorting
#SORTUNIQ=0
# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
# exceptions to the rules in /etc/logcheck/cracking.d:
# Alternatively, set to "1" to enable cracking.ignore support
#SUPPORT_CRACKING_IGNORE=0
# Controls the base directory for rules file location
# This must be an absolute path
#RULEDIR="/etc/logcheck"
# Controls if syslog-summary is run over each section.
# Alternatively, set to "1" to enable extra summary.
# HINT: syslog-summary needs to be installed.
#SYSLOGSUMMARY=0
# Controls Subject: lines on logcheck reports:
#ATTACKSUBJECT="Security Alerts"
#SECURITYSUBJECT="Security Events"
#EVENTSSUBJECT="System Events"
# Controls [logcheck] prefix on Subject: lines
#ADDTAG="no"
# Previous versions of logcheck always sent messages in 7bit encoding,
# even if that resulted in RFC-violating messages. For example, really
# long syslog lines would generate too-long SMTP lines, which are
# rejected at least by Debian's default exim configuration. The new
# default is to let mime-construct pick an appropriate encoding, but you
# can override it by setting the below (to any of the encodings
# supported by mime-construct). You may need to do this if you have
# tools handling logcheck emails that don't understand MIME encoding.
#MIMEENCODING=
# Set a different location for temporary files than /tmp
# this is useful if your /tmp is small and you are getting
# errors such as:
# cp: writing `/tmp/logcheck.y12449/checked': No space left on device
# /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device
# mail: /tmp/mail.RsXXXXpc2eAx: No space left on device
# Null message body; hope that's ok
#
# If this is happening, likely you will want to change the following to be some other
# location, such as /var/tmp
TMP="/tmp"

View File

@ -5,12 +5,6 @@
- "logcheck"
- "logrotate"
- name: "configure logcheck"
ansible.builtin.copy:
src: "./logcheck.conf"
dest: "/etc/logcheck/logcheck.conf"
mode: 0640
- block:
- name: "identify logcheck ignore files"

View File

@ -11,4 +11,5 @@ ftp: root
abuse: root
noc: root
security: root
logcheck: root
root: root@{{ system_mail_domain }}