Secure Mac OS X by adding parameters in the Syslog file

It is important that user accountability can be maintained on a secure system. It ensures that actions are performed on the system can be traced back to users through system and application logs, process accounting and auditing.

The syslog daemon is a system and application logging in Mac OS X. It's behaviour is controlled by the syslog file located in /etc/syslog.conf. I highly recommend that you setup a dedicated server solely for logging purposes.

To ensure that remote authentication error messages and other authentication error messages are logged to the /var/log/secure.log file, change the line:

authpriv.*;remoteauth.crit        /var/log/secure.log


authpriv.*;remoteauth.err;auth.err           /var//log/secure.log

To enable remote logging of the syslog processes, add the following lines to the syslog file:

authpriv.*;remoteaut.err;auth.err          @192.168.xx.xx

Log-out or restart the computer to make changes.

Powered by Blogger.