linux:home:shutting_up_pam_in_syslogs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
linux:home:shutting_up_pam_in_syslogs [2022/09/07 20:05] – removed - external edit (Unknown date) 127.0.0.1linux:home:shutting_up_pam_in_syslogs [2022/09/07 20:05] (current) – ↷ Page moved from linux:shutting_up_pam_in_syslogs to linux:home:shutting_up_pam_in_syslogs michaelbromilow
Line 1: Line 1:
 +====== Shutting Up PAM in Syslogs ======
 +In a Debian-like system, the easiest way is to use ''pam-auth-update'' to manage PAM.
 +To silence specific services, make a file like the following:
  
 +''/usr/share/pam-configs/shutup''
 +  # Don't log "session opened" and "session closed" messages for...
 +  # Cron, Samba
 +  # See: https://wiki.ubuntu.com/PAMConfigFrameworkSpec
 +  #      https://manpages.debian.org/stretch/libpam-modules/pam_succeed_if.8.en.html
 +  Name: disable annoying services session logging
 +  Default: yes
 +  Priority: 300
 +  Session-Type: Additional
 +  Session:
 +      [default=ignore success=1] pam_succeed_if.so quiet service in samba:cron
 +
 +This silences samba and cron. ''quiet'' means that this rule always succeeds or fails silently. ''success=1'' skips the next rule (i.e. ''pam_unix''), silencing a session open/close. You can also specify users only by replacing ''service in samba:cron'' with something like ''ruser in michael:otheruser''.
 +
 +After doing this, run ''pam-auth-update'' as root, selecting the configuration you just made. You can programmatically update configs by passing ''--package'', preventing options from needing to be chosen by the user.