Details
To capture logs to a local file, setup a channel for the file, in the logging configuration section. It’s often helpful to have one log file for security related logs, and a second one with a dynamic severity level to be used as needed for debugging.
Rationale:
Logging security related events is critical for monitoring the security of the server in order to see any issues affecting the server, and to be able to respond to attacks.
Solution
In named.conf, configure a channel for a local security log file with the categories config,
dnssec, network, security, updates, xfer-in and xfer-out. The local log file will be within the chroot directory.
logging {
. . .
channel local_security_log {
file “/var/run/named/secure.log” versions 10 size 20m;
severity debug;
print-time yes;
};
// Config file processing
category config { local_security_log; };
// Processing signed responses
category dnssec { local_security_log; };
// Network Operations
category network { local_security_log; };
// Approved or unapproved requests
category security { local_security_log; };
// dynamic updates
category update { local_security_log; };
// transfers to the name server
category xfer-in { local_security_log; };
// transfers from the name server
category xfer-out { local_security_log; };
// Optional debug log file, may be enabled dynamically.
channel local_debug_log {
file “/var/run/named/debug.log”;
severity dynamic;
print-time yes;
};
category default { local_debug_log; };
category general { local_debug_log; };
};
Default Value:
There is no security log by default.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.