In this hands-on lab, you will be reviewing the `secure` log located in the `/var/log` directory to check for any critical issues and will make a backup copy of the current log file in your home directory. After backing up the `secure` log, you will check to see if the system journals are configured to be persistent. If not, update the configuration to be persistent and limit the size of the journal files.
*This course is not approved or sponsored by Red Hat.*
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Review the /var/log/secure Log File for Any Critical Authorization Issues
- Use the
less
command to view the file. - Jump to the end of the file and tail it for a bit to view inbound traffic.
- Use the
- Create a Backup of the /var/log/secure Log File
- Create a
log_archive
directory in your home directory. - Copy the
/var/log/secure
file to thelog_archive
directory. Be sure to preserve extended attributes and security contexts when copying the file.
- Create a
- Determine If Journals Are Configured to Be Persistent
- Confirm the
/var/log/journal
directory exists. - Create the
/var/log/journal
directory. - Confirm journal data is being written to the directory.
- Confirm the
- Update the journald Configuration to Limit the Size of Journal Files
- Review the
/etc/systemd/journald.conf
. - Add
SystemMaxUse=50M
to the end of the configuration file. - Cycle the
journald
service.
- Review the