Description
Is your feature request related to a problem? Please describe.
Set by this cookbook, on CentOS 7 there is no syslog facility named AUTH available by default causing all logging to be redirected to /var/log/messages. CentOS 7 defines syslog facility AUTHPRIV in SSH daemon configuration by default, that references /var/log/secure, but it cannot be configured using this cookbook.
Describe the solution you'd like
Please add node attribute to allow configuration of syslog facility in SSH daemon config which should be set to AUTHPRIV on RHEL and AUTH for other platforms by default. This node attribute should be rendered into SSH daemon config file to option SyslogFacility.
Describe alternatives you've considered
It is possible to override the template of this cookbook in a wrapper cookbook and use that one to render the SSH daemon config file. However this is problematic when the configuration file of this cookbook changes, as these changes must be manually be applied to the configuration file template in the wrapper cookbook.
Apart from that, it is also possible to workaround the problem by adding an additional facility with name AUTH to syslog configuration. However, it affects the whole system, any package that uses AUTH will be affected. By default, CentOS 7 does not include AUTH and defines AUTHPRIV instead which should be followed (see above).
Additional context
Due to use of AUTH by default in SSH daemon config, services as fail2ban parse the wrong log file without any actions taken on wrong user authentication. By default, fail2ban defines SSH logs to be AUTHPRIV (so /var/log/secure) on RHEL platform families.