Linux: disable wtmp/utmp, sshd ip logging and any mentions of ip that does remote access

security linux

Any ideas how to do all above? I've disabled LOG_OK_LOGINS and SYSLOG_SU_ENAB in login.defs, but still don't know how to do everything else.


According to man wtmp, you cannot disable utmp on Linux:

Unlike various other systems, where utmp logging can be disabled by removing the file, utmp must always exist on Linux. If you want to disable who(1) then do not make utmp world readable.

About the sshd ip logging, you can comment the line begin with auth, authpriv facility in /etc/syslog.conf:

#authpriv.*                      /var/log/secure

and restart the syslog daemon:

# /etc/init.d/syslog start
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

PS: Could you please tell us the reason you want to do that?

Related

How do I configure a Linux VPN Client to get into a network through a Fortigate firewall?
Powershell query lastlogondate (lastlogontimestamp) returning mostly blank values (not matching the ADSIedit value for corresponding user attribute)
Why is AWS S3 Object count is measured iin units used to measure file size?
Disable Clipboard Mapping and Remote Drive Mapping for RDP
How to win_ping to hosts with inventory and group_vars files?
Is it possible to retain IP address when stopping/starting an AWS EC2 instance?
Robocopy command is very slow over the network
Why doesn't my crontab -e execute the .sh script?
How do I echo a string to a file and call a function to hash it in the same function?
Telnet escape character , norwegian keyboard
Is it possible to install ubuntu on banana pi m2 zero No graphic interface (headless)
Ubuntu 20.04 suspends when idle, even if relevant power settings are disabled