Turn on sshd authentication logging by default #18
Description
In a discussion in #oxide-q&a on 2023-03-08, it came up that our helios engvm doesn't have sshd authentication logging turned on by default. We should consider changing the default so that sshd auth logging is turned on.
Meanwhile, to do so manually:
-
Add the following to
/etc/syslog.conf:auth.info /var/log/authlog(The separator MUST be a tab character, not spaces.)
-
Restart the syslog service:
svcadm restart system-log.
Additional debugging
In the discussion mentioned above, it turned out that there's a bug in SMF that caused the syslog service to not be functioning at all. To see if you've hit that bug, run cat $(svcs -L system-log:default). The output below indicates a bug:
[ Mar 8 21:40:11 Stopping because service restarting. ]
[ Mar 8 21:40:11 Method property group 'stop' is not present. ]
[ Mar 8 21:40:11 Method property group 'start' is not present. ]
To work around the bug, run:
svcadm disable system-log:default
svccfg delete system-log
pfexec svccfg import /lib/svc/manifest/system/system-log.xml
svcadm enable system-log
After performing the above steps, and with the auth.info line in /etc/syslog.conf, I started seeing entries in /var/log/authlog.