脚本执行需要root权限,但脚本中使用su命令来执行其他命令或脚本,比如使用nginx用户调用日志统计脚本。
在/var/log/message日志中有过多的日志显示
Jun 28 10:28:06 localhost su: (to nginx) chuangyw on none Jun 28 10:28:06 localhost su: (to nginx) chuangyw on none Jun 28 10:28:06 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:07 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none Jun 28 10:28:08 localhost su: (to nginx) chuangyw on none
严重影响message的阅读和过滤;
计划将信息重新建立一个文件保存比如/var/log/su
修改/etc/rsyslog.conf
在message条目中添加:
auth.none
增加条目:
auth.* /var/log/su
# Log anything (except mail) of level info or higher. # Don‘t log private authentication messages! *.info;mail.none;authpriv.none;cron.none;auth.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure auth.* /var/log/su # Log all the mail messages in one place. mail.* -/var/log/maillog
记得重启rsyslog生效
systemctl restart rsyslog.service
原文地址:http://axe999.blog.51cto.com/8295103/1942617