/var/log/nginx/access.log
or /var/log/messages
is consuming excessive disk space.
1.x
2.x
Excessive invalid login attempts using invalid credentials.
Log files are not being rotated properly.
Address the source of the excessive invalid login attempts which are using invalid credentials within your environment and install and configure logrotate.
NOTE: All the commands must be executed as the 'root' user
Step 1: Disable Airgap Internet Repositories
root# tdnf clean all sed -i 's/^enabled=1/enabled=0/' /etc/yum.repos.d/*.repo
Step 2: Enable Airgap Local Repositories
root# echo "[airgapphoton] name=VMware Airgap Photon Release Repo baseurl=https://$HOSTNAME/release/photon gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY gpgcheck=1 enabled=1 skip_if_unavailable=True" > /etc/yum.repos.d/airgapphoton.repo root# echo "[airgappu] name=VMware Airgap Photon Updates Repo baseurl=https://$HOSTNAME/updates/photon-updates gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY gpgcheck=1 enabled=1 skip_if_unavailable=True" > /etc/yum.repos.d/airgappu.repo root# echo "[airgap-telco-debuginfo] name=VMware Airgap Photon Telco Debuginfo baseurl=https://$HOSTNAME/updates/photon-telco-debuginfo gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY gpgcheck=1 enabled=1 skip_if_unavailable=True" > /etc/yum.repos.d/airgap-telco-debuginfo.repo root# echo "[airgap-telco-updates] name=VMware Airgap Photon Telco Updates baseurl=https://$HOSTNAME/updates/photon-telco-updates gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY gpgcheck=1 enabled=1 skip_if_unavailable=True" > /etc/yum.repos.d/airgap-telco-updates.repo
Step3: Install logrotate and cronie
root# tdnf intall -y logrotate cronie
Step4: Start and Enable crond service
root# systemctl enable --now crond.service root# systemctl status crond.service
Step 5: Create config files in logrotate.d folder
root# echo "/var/log/nginx/*.log { rotate 10 size 200M copytruncate compress missingok nodateext }" > /etc/logrotate.d/nginx root# echo "/var/log/messages { prerotate /usr/bin/chattr -a /var/log/messages endscript compress size 200M weekly rotate 8 copytruncate missingok postrotate /usr/bin/kill -HUP rsyslogd endscript }" > /etc/logrotate.d/messages
Step 6: Update permissions:
chmod +x /etc/cron.daily/logrotate
Step 7: Execute testing:
root # logrotate -f /etc/logrotate.d/nginx root # logrotate -f /etc/logrotate.d/messages
4. Validate files have been rotated
root# ls -l /var/log/nginx/ root# ls -l /var/log/
Address the source of the excessive invalid login attempts which are using invalid credentials within your environment and truncate the /var/log/nginx/access.log