From 769bfeec955c4ee62d3be51cd77e6ab3aaf3aca9 Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Sat, 27 Jul 2024 00:44:06 +0530 Subject: [PATCH] PE-4076: Rsyslog and logrotate changes (#225) * rsyslog logrotate installation * config update * conf changes * log duplicate issue fix and file permission and ownership fix * rsyslog conf in providers and adm group not in opensuse fix * group change --- Earthfile | 8 +++++--- overlay/files/etc/logrotate.d/stylus.conf | 12 ++++++++++++ overlay/files/etc/rsyslog.d/49-stylus.conf | 19 +++++++++++++++++++ slem/Dockerfile | 2 ++ 4 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 overlay/files/etc/logrotate.d/stylus.conf create mode 100644 overlay/files/etc/rsyslog.d/49-stylus.conf diff --git a/Earthfile b/Earthfile index 12cbf3f..e9e25af 100644 --- a/Earthfile +++ b/Earthfile @@ -290,6 +290,7 @@ uki-provider-image: RUN apt-get update && apt-get install -y rsync WORKDIR / + COPY overlay/files/etc/ /etc/ COPY +luet/luet /usr/bin/luet COPY +kairos-agent/kairos-agent /usr/bin/kairos-agent COPY --platform=linux/${ARCH} +trust-boot-unpack/ /trusted-boot @@ -589,6 +590,7 @@ provider-image: ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG END + COPY overlay/files/etc/ /etc/ COPY --platform=linux/${ARCH} +kairos-provider-image/ / COPY +stylus-image/etc/kairos/branding /etc/kairos/branding COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml @@ -725,7 +727,7 @@ base-image: END RUN apt-get update && \ - apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool -y + apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool rsyslog logrotate -y IF [ "$UPDATE_KERNEL" = "false" ] RUN if dpkg -l "linux-image-generic-hwe-$OS_VERSION" > /dev/null; then apt-mark hold "linux-image-generic-hwe-$OS_VERSION" "linux-headers-generic-hwe-$OS_VERSION" "linux-generic-hwe-$OS_VERSION" ; fi && \ @@ -785,7 +787,7 @@ base-image: END IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] - RUN zypper install -y apparmor-parser apparmor-profiles + RUN zypper install -y apparmor-parser apparmor-profiles rsyslog logrotate RUN zypper cc && \ zypper clean RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi @@ -804,7 +806,7 @@ base-image: RUN --no-cache luet repo update IF [ "$OS_DISTRIBUTION" = "rhel" ] - RUN yum install -y openssl + RUN yum install -y openssl rsyslog logrotate END IF [ "$OS_DISTRIBUTION" = "sles" ] diff --git a/overlay/files/etc/logrotate.d/stylus.conf b/overlay/files/etc/logrotate.d/stylus.conf new file mode 100644 index 0000000..e45df6a --- /dev/null +++ b/overlay/files/etc/logrotate.d/stylus.conf @@ -0,0 +1,12 @@ +/var/log/stylus-audit.log { + yearly + rotate 2 + missingok + notifempty + compress + delaycompress + dateext + dateformat -%m-%Y + size 100M + create 600 root root +} \ No newline at end of file diff --git a/overlay/files/etc/rsyslog.d/49-stylus.conf b/overlay/files/etc/rsyslog.d/49-stylus.conf new file mode 100644 index 0000000..a540b6b --- /dev/null +++ b/overlay/files/etc/rsyslog.d/49-stylus.conf @@ -0,0 +1,19 @@ +# Running rsyslog as root. +# TODO: should this be done or change acceptance criteria to about audit log file permissions accordingly +$PrivDropToUser root +# default config has $Umask 0022 set. That breaks any config related to masks and modes. +$Umask 0000 + +# Mesage format as per rfc5424. +$template ForwardFormat,"<%pri%>1 %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag% %procid% - - %msg%\n" + +# route messages with facility local7 and severity notice to /var/log/stylus-audit.log +if ($syslogfacility-text == 'local7' and $syslogseverity-text == 'notice') then{ + action( + type="omfile" + file="/var/log/stylus-audit.log" + FileCreateMode="0600" + fileowner="root" + template="ForwardFormat" + ) & stop +} diff --git a/slem/Dockerfile b/slem/Dockerfile index 1b2d47f..d252a92 100644 --- a/slem/Dockerfile +++ b/slem/Dockerfile @@ -22,6 +22,8 @@ RUN zypper in --force-resolution -y --no-allow-vendor-change \ fail2ban \ lldpd \ nethogs \ + rsyslog \ + logrotate \ && zypper cc # NOTE: removed dhcp-client RUN mkdir -p /run/lock