wikiv3:logs_ldap
Logs OpenLDAP
Auditoria para registrar alterações no OpenLDAP.
[root@ldapmatriz01 ldifs]# cat audit_mod.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: auditlog
[root@ldapmatriz02 ldifs]# cat audit_mod.ldif dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: auditlog
[root@ldapmatriz01 ldifs]# ldapadd -H ldap://ldapmatriz01.example.com -x -D cn=Manager,dc=example,dc=com -W -f audit_mod.ldif [root@ldapmatriz02 ldifs]# ldapadd -H ldap://ldapmatriz02.example.com -x -D cn=Manager,dc=example,dc=com -W -f audit_mod.ldif
[root@ldapmatriz01 ldifs]# ldapsearch -W -x -D cn=config -b cn=module{0},cn=config -LLL Enter LDAP Password: dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}auditlog
[root@ldapmatriz02 ldifs]# ldapsearch -W -x -D cn=config -b cn=module{0},cn=config -LLL Enter LDAP Password: dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}auditlog
[root@ldapmatriz01 ldifs]# mkdir /var/log/ldap [root@ldapmatriz01 ldifs]# chmod 755 /var/log/ldap/ [root@ldapmatriz01 ldifs]# chown ldap. /var/log/ldap/
[root@ldapmatriz02 ldifs]# mkdir /var/log/ldap [root@ldapmatriz02 ldifs]# chmod 755 /var/log/ldap/ [root@ldapmatriz02 ldifs]# chown ldap. /var/log/ldap/
[root@ldapmatriz01 ldifs]# chcon -u system_u -r object_r -t slapd_log_t /var/log/ldap
[root@ldapmatriz02 ldifs]# chcon -u system_u -r object_r -t slapd_log_t /var/log/ldap
[root@ldapmatriz01 ldifs]# cat overlay.ldif dn: olcOverlay=auditlog,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcAuditLogConfig olcOverlay: auditlog olcAuditlogFile: /var/log/ldap/auditlog.log
[root@ldapmatriz02 ldifs]# cat overlay.ldif dn: olcOverlay=auditlog,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcAuditLogConfig olcOverlay: auditlog olcAuditlogFile: /var/log/ldap/auditlog.log
[root@ldapmatriz01 ldifs]# ldapadd -H ldap://ldapmatriz01.example.com -x -D cn=Manager,dc=example,dc=com -W -f overlay.ldif [root@ldapmatriz02 ldifs]# ldapadd -H ldap://ldapmatriz01.example.com -x -D cn=Manager,dc=example,dc=com -W -f overlay.ldif
[root@ldapmatriz01 ldifs]# cat /etc/logrotate.d/slapd-audit /var/log/ldap/auditlog.log { notifempty missingok monthly rotate 3 compress copytruncate }
[root@ldapmatriz02 ldifs]# cat /etc/logrotate.d/slapd-audit /var/log/ldap/auditlog.log { notifempty missingok monthly rotate 3 compress copytruncate }
Regstros no syslog
[root@ldapmatriz01 ldifs]# vim /etc/rsyslog.conf [...] #### RULES #### if $programname == 'slapd' then /var/log/ldap/ldap.log & ~ [...]
[root@ldapmatriz02 ldifs]# vim /etc/rsyslog.conf [...] #### RULES #### if $programname == 'slapd' then /var/log/ldap/ldap.log & ~ [...]
[root@ldapmatriz01 ldifs]# cat /etc/logrotate.d/slapd # /etc/logrotate.d/slapd /var/log/ldap.log { missingok compress notifempty daily rotate 10 size=100M postrotate /sbin/systemctl restart rsyslog endscript }
[root@ldapmatriz02 ldifs]# cat /etc/logrotate.d/slapd # /etc/logrotate.d/slapd /var/log/ldap.log { missingok compress notifempty daily rotate 10 size=100M postrotate /sbin/systemctl restart rsyslog endscript }
[root@ldapmatriz01 ldifs]# systemctl restart rsyslog [root@ldapmatriz01 ldifs]# systemctl restart slapd
[root@ldapmatriz02 ldifs]# systemctl restart rsyslog [root@ldapmatriz02 ldifs]# systemctl restart slapd
[root@ldapmatriz01 ldifs]# cat /var/log/slapd/slapd.log Sep 27 15:01:38 ldapmatriz01 slapd[2205]: daemon: shutdown requested and initiated. Sep 27 15:01:38 ldapmatriz01 slapd[2205]: slapd shutdown: waiting for 0 operations/tasks to finish Sep 27 15:01:38 ldapmatriz01 slapd[2205]: slapd stopped. Sep 27 15:01:38 ldapmatriz01 slapd[2976]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $#012#011mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/servers/slapd Sep 27 15:01:38 ldapmatriz01 slapd[2976]: PROXIED attributeDescription "DC" inserted. Sep 27 15:01:38 ldapmatriz01 slapd[2978]: slapd starting
[root@ldapmatriz02 ldifs]# cat /var/log/slapd/slapd.log Sep 27 15:01:28 ldapmatriz02 slapd[2234]: daemon: shutdown requested and initiated. Sep 27 15:01:28 ldapmatriz02 slapd[2234]: slapd shutdown: waiting for 0 operations/tasks to finish Sep 27 15:01:28 ldapmatriz02 slapd[2234]: slapd stopped. Sep 27 15:01:28 ldapmatriz02 slapd[2334]: @(#) $OpenLDAP: slapd 2.4.40 (Mar 31 2016 15:24:52) $#012#011mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/servers/slapd Sep 27 15:01:28 ldapmatriz02 slapd[2334]: PROXIED attributeDescription "DC" inserted. Sep 27 15:01:28 ldapmatriz02 slapd[2336]: slapd starting
wikiv3/logs_ldap.txt · Last modified: by 127.0.0.1