In this hands-on lab, you will be reviewing the `secure` log located in the `/var/log` directory to check for any critical issues and will make a backup copy of the current log file in your home directory. After backing up the `secure` log, you will check to see if the system journals are configured to be persistent. If not, update the configuration to be persistent and limit the size of the journal files.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Review the /var/log/secure Log File for Any Critical Authorization Issues
- Use the
less
command to view the file. - Jump to the end of the file and tail it for a bit to view inbound traffic.
- Use the
- Create a Backup of the /var/log/secure Log File
- Create a
log_archive
directory in your home directory. - Copy the
/var/log/secure
file to thelog_archive
directory. Be sure to preserve extended attributes and security contexts when copying the file.
- Create a
- Determine If Journals Are Configured to Be Persistent
- Confirm the
/var/log/journal
directory exists. - Create the
/var/log/journal
directory. - Confirm journal data is being written to the directory.
- Confirm the
- Update the journald Configuration to Limit the Size of Journal Files
- Review the
/etc/systemd/journald.conf
. - Add
SystemMaxUse=50M
to the end of the configuration file. - Cycle the
journald
service.
- Review the