[SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction

Support for security such as Firewalls and securing linux
Post Reply
User avatar
warron.french
Posts: 400
Joined: 2014/03/27 20:21:58

[SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction

Post by warron.french » 2015/04/08 14:05:05

I learned about how I can centralized logging, both for Syslog and Audit Logs.

I also learned about quite a few directives for settings templates for directories to be created "on demand" as new logfiles needed to be created into new directories based on /var/log/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%_syslog.log and etc...

Finally, I learned of some directives called:
$FileOwner,
$FileGroup,
$DirCreateMode, and
$FileCreateMode.

However, they all work exactly as expected but the $DirCreateMode does not. I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead.

Can someone explain if I am doing something wrong, or if maybe a UMASK somewhere is causing a conflict or if I am misunderstanding how to set this particular value?

Thank you in advance,
\\War
Last edited by warron.french on 2016/05/11 14:49:17, edited 1 time in total.
Thanks,
War

User avatar
AlanBartlett
Forum Moderator
Posts: 9323
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: rsyslog.conf - $template, $DirCreateMode disfunction

Post by AlanBartlett » 2015/04/08 16:33:55

A pure guess on my part but I suspect that is automagically done for security purposes. It seems fairly sensible that no group nor rest of the world access is permitted to the directories.

But I may be wrong. :?
Image 100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

User avatar
warron.french
Posts: 400
Joined: 2014/03/27 20:21:58

Re: rsyslog.conf - $template, $DirCreateMode disfunction

Post by warron.french » 2015/04/08 17:35:53

Except that the Security Team need access to review those logs without being - root.

Plus the feature is offered, it was never caveated in the man page that I can see.

Thanks for the reply,
\\War
Thanks,
War

User avatar
warron.french
Posts: 400
Joined: 2014/03/27 20:21:58

Re: rsyslog.conf - $template, $DirCreateMode disfunction

Post by warron.french » 2016/05/06 03:16:23

In the case anyone ever reads this post-thread I am attaching the document that I wrote up based on my experience with trying to accomplish centralized logging with rsyslog for CentOS-6.x.

The original focus for this document was not generically about rsyslog, rather it was about centralizing audit logging. Technically, this document demonstrates how to accomplish the aggregation of system (messages) log-data and also audit (AUDITD) log-data, but if the SA who implements these changes based on this single document wants to use the native RHEL-6.x variant audit tools (eg. ausearch and aureport) then don't follow the instructions in this particular thread; use this thread specifically for aggregating all other log data based on the other facility.priority associations.
Thanks,
War

JoMaTech
Posts: 1
Joined: 2016/09/26 11:01:56

Re: [SOLVED/unneeded] rsyslog.conf - $template, $DirCreateMode disfunction

Post by JoMaTech » 2016/09/26 11:12:14

Hi Warron,

what was the solution to your problem with directory permissions:
"I have the value set to 0755 and the permissions of all directories under /var/log are set to permissions of 0700 instead."

Can't find the attached document you are refering to.

-JoMaTech-

Post Reply

Return to “CentOS 6 - Security Support”