Use secure log on RHEL systems not auth.log

Signed-off-by: Seth Vargo <sethvargo@gmail.com>
sous-chefs · Aug 24, 2013 · 0290222 · 0290222
1 parent 42ef081
commit 0290222
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/metadata.rb b/metadata.rb
@@ -9,6 +9,6 @@
 
 depends "yum"
 
-%w{ debian ubuntu redhat centos fedora scientific amazon oracle}.each do |os|
+%w{ debian ubuntu redhat centos fedora scientific amazon oracle }.each do |os|
   supports os
 end
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -33,6 +33,9 @@
     group "root"
     mode 0644
     notifies :restart, "service[fail2ban]"
+    variables(
+      :auth_log => node['platform_family'] == 'rhel' ? "secure" : 'auth.log'
+    )
   end
 end
 

diff --git a/templates/default/jail.conf.erb b/templates/default/jail.conf.erb
@@ -95,7 +95,7 @@ action = %(action_)s
 enabled  = true
 port     = ssh
 filter   = sshd
-logpath  = /var/log/auth.log
+logpath  = /var/log/<%= @auth_log %>
 maxretry = 6
 
 [dropbear]
@@ -117,7 +117,7 @@ filter   = pam-generic
 port     = all
 banaction = iptables-allports
 port     = anyport
-logpath  = /var/log/auth.log
+logpath  = /var/log/<%= @auth_log %>
 maxretry = 6
 
 [xinetd-fail]
@@ -135,7 +135,7 @@ maxretry  = 2
 enabled  = false
 port     = ssh
 filter   = sshd-ddos
-logpath  = /var/log/auth.log
+logpath  = /var/log/<%= @auth_log %>
 maxretry = 6
 
 #
@@ -207,7 +207,7 @@ maxretry = 6
 enabled  = false
 port     = ftp,ftp-data,ftps,ftps-data
 filter   = pure-ftpd
-logpath  = /var/log/auth.log
+logpath  = /var/log/<%= @auth_log %>
 maxretry = 6
 
 
@@ -216,7 +216,7 @@ maxretry = 6
 enabled  = false
 port     = ftp,ftp-data,ftps,ftps-data
 filter   = wuftpd
-logpath  = /var/log/auth.log
+logpath  = /var/log/<%= @auth_log %>
 maxretry = 6