====== Logs OpenLDAP ======
Auditoria para registrar alterações no OpenLDAP.
[root@ldapmatriz01 ldifs]# cat audit_mod.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: auditlog
[root@ldapmatriz02 ldifs]# cat audit_mod.ldif
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: auditlog
[root@ldapmatriz01 ldifs]# ldapadd -H ldap://ldapmatriz01.example.com -x -D cn=Manager,dc=example,dc=com -W -f audit_mod.ldif
[root@ldapmatriz02 ldifs]# ldapadd -H ldap://ldapmatriz02.example.com -x -D cn=Manager,dc=example,dc=com -W -f audit_mod.ldif
[root@ldapmatriz01 ldifs]# ldapsearch -W -x -D cn=config -b cn=module{0},cn=config -LLL
Enter LDAP Password:
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}auditlog
[root@ldapmatriz02 ldifs]# ldapsearch -W -x -D cn=config -b cn=module{0},cn=config -LLL
Enter LDAP Password:
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}auditlog
[root@ldapmatriz01 ldifs]# mkdir /var/log/ldap
[root@ldapmatriz01 ldifs]# chmod 755 /var/log/ldap/
[root@ldapmatriz01 ldifs]# chown ldap. /var/log/ldap/
[root@ldapmatriz02 ldifs]# mkdir /var/log/ldap
[root@ldapmatriz02 ldifs]# chmod 755 /var/log/ldap/
[root@ldapmatriz02 ldifs]# chown ldap. /var/log/ldap/
[root@ldapmatriz01 ldifs]# chcon -u system_u -r object_r -t slapd_log_t /var/log/ldap
[root@ldapmatriz02 ldifs]# chcon -u system_u -r object_r -t slapd_log_t /var/log/ldap
[root@ldapmatriz01 ldifs]# cat overlay.ldif
dn: olcOverlay=auditlog,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAuditLogConfig
olcOverlay: auditlog
olcAuditlogFile: /var/log/ldap/auditlog.log
[root@ldapmatriz02 ldifs]# cat overlay.ldif
dn: olcOverlay=auditlog,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAuditLogConfig
olcOverlay: auditlog
olcAuditlogFile: /var/log/ldap/auditlog.log
[root@ldapmatriz01 ldifs]# ldapadd -H ldap://ldapmatriz01.example.com -x -D cn=Manager,dc=example,dc=com -W -f overlay.ldif
[root@ldapmatriz02 ldifs]# ldapadd -H ldap://ldapmatriz01.example.com -x -D cn=Manager,dc=example,dc=com -W -f overlay.ldif
[root@ldapmatriz01 ldifs]# cat /etc/logrotate.d/slapd-audit
/var/log/ldap/auditlog.log {
notifempty
missingok
monthly
rotate 3
compress
copytruncate
}
[root@ldapmatriz02 ldifs]# cat /etc/logrotate.d/slapd-audit
/var/log/ldap/auditlog.log {
notifempty
missingok
monthly
rotate 3
compress
copytruncate
}
====== Regstros no syslog ======
[root@ldapmatriz01 ldifs]# vim /etc/rsyslog.conf
[...]
#### RULES ####
if $programname == 'slapd' then /var/log/ldap/ldap.log
& ~
[...]
[root@ldapmatriz02 ldifs]# vim /etc/rsyslog.conf
[...]
#### RULES ####
if $programname == 'slapd' then /var/log/ldap/ldap.log
& ~
[...]
[root@ldapmatriz01 ldifs]# cat /etc/logrotate.d/slapd
# /etc/logrotate.d/slapd
/var/log/ldap.log {
missingok
compress
notifempty
daily
rotate 10
size=100M
postrotate
/sbin/systemctl restart rsyslog
endscript
}
[root@ldapmatriz02 ldifs]# cat /etc/logrotate.d/slapd
# /etc/logrotate.d/slapd
/var/log/ldap.log {
missingok
compress
notifempty
daily
rotate 10
size=100M
postrotate
/sbin/systemctl restart rsyslog
endscript
}
[root@ldapmatriz01 ldifs]# systemctl restart rsyslog
[root@ldapmatriz01 ldifs]# systemctl restart slapd
[root@ldapmatriz02 ldifs]# systemctl restart rsyslog
[root@ldapmatriz02 ldifs]# systemctl restart slapd
[root@ldapmatriz01 ldifs]# cat /var/log/slapd/slapd.log
Sep 27 15:01:38 ldapmatriz01 slapd[2205]: daemon: shutdown requested and initiated.
Sep 27 15:01:38 ldapmatriz01 slapd[2205]: slapd shutdown: waiting for 0 operations/tasks to finish
Sep 27 15:01:38 ldapmatriz01 slapd[2205]: slapd stopped.
Sep 27 15:01:38 ldapmatriz01 slapd[2976]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $#012#011mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/servers/slapd
Sep 27 15:01:38 ldapmatriz01 slapd[2976]: PROXIED attributeDescription "DC" inserted.
Sep 27 15:01:38 ldapmatriz01 slapd[2978]: slapd starting
[root@ldapmatriz02 ldifs]# cat /var/log/slapd/slapd.log
Sep 27 15:01:28 ldapmatriz02 slapd[2234]: daemon: shutdown requested and initiated.
Sep 27 15:01:28 ldapmatriz02 slapd[2234]: slapd shutdown: waiting for 0 operations/tasks to finish
Sep 27 15:01:28 ldapmatriz02 slapd[2234]: slapd stopped.
Sep 27 15:01:28 ldapmatriz02 slapd[2334]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $#012#011mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/servers/slapd
Sep 27 15:01:28 ldapmatriz02 slapd[2334]: PROXIED attributeDescription "DC" inserted.
Sep 27 15:01:28 ldapmatriz02 slapd[2336]: slapd starting