From 88b7bd7a7fa384a8a33ba69ce647a7a10bdb6ba1 Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Thu, 4 Jul 2024 06:45:20 +0000 Subject: [PATCH 1/6] rsyslog logrotate installation --- Earthfile | 4 ++-- overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf | 6 ++++++ rhel-core-images/Dockerfile.rhel8 | 2 +- rhel-fips/Dockerfile | 2 +- slem/Dockerfile | 2 ++ ubuntu-fips/Dockerfile | 2 ++ 6 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf diff --git a/Earthfile b/Earthfile index 3e29606..7aa90f4 100644 --- a/Earthfile +++ b/Earthfile @@ -693,7 +693,7 @@ base-image: END RUN apt-get update && \ - apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool -y + apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool rsyslog logrotate -y IF [ "$UPDATE_KERNEL" = "false" ] RUN if dpkg -l "linux-image-generic-hwe-$OS_VERSION" > /dev/null; then apt-mark hold "linux-image-generic-hwe-$OS_VERSION" "linux-headers-generic-hwe-$OS_VERSION" "linux-generic-hwe-$OS_VERSION" ; fi && \ @@ -753,7 +753,7 @@ base-image: END IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] - RUN zypper install -y apparmor-parser apparmor-profiles + RUN zypper install -y apparmor-parser apparmor-profiles rsyslog logrotate RUN zypper cc && \ zypper clean RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi diff --git a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf new file mode 100644 index 0000000..2493c90 --- /dev/null +++ b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf @@ -0,0 +1,6 @@ +# create stylus-audit.log with 600 +$FileCreateMode 0600 +:syslogfacility-text=auth, :syslogseverity-text=notice, :syslogtag, "arun-sharma" /var/log/stylus-audit.log + +# restore the default file permissions +$FileCreateMode 0640 \ No newline at end of file diff --git a/rhel-core-images/Dockerfile.rhel8 b/rhel-core-images/Dockerfile.rhel8 index e9520db..081074d 100644 --- a/rhel-core-images/Dockerfile.rhel8 +++ b/rhel-core-images/Dockerfile.rhel8 @@ -54,7 +54,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \ iscsi-initiator-utils \ iptables ethtool socat iproute-tc conntrack \ kernel kernel-modules kernel-modules-extra \ - rsync jq && dnf clean all + rsync jq rsyslog logrotate && dnf clean all COPY --from=quay.io/kairos/framework:v2.7.41 / / diff --git a/rhel-fips/Dockerfile b/rhel-fips/Dockerfile index 9f1b87f..8bdecfd 100644 --- a/rhel-fips/Dockerfile +++ b/rhel-fips/Dockerfile @@ -75,7 +75,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \ iscsi-initiator-utils \ iptables ethtool socat iproute-tc conntrack \ kernel kernel-modules kernel-modules-extra \ - rsync jq && dnf clean all + rsync jq rsyslog logrotate && dnf clean all RUN mkdir -p /run/lock && \ touch /usr/libexec/.keep diff --git a/slem/Dockerfile b/slem/Dockerfile index 1b2d47f..d252a92 100644 --- a/slem/Dockerfile +++ b/slem/Dockerfile @@ -22,6 +22,8 @@ RUN zypper in --force-resolution -y --no-allow-vendor-change \ fail2ban \ lldpd \ nethogs \ + rsyslog \ + logrotate \ && zypper cc # NOTE: removed dhcp-client RUN mkdir -p /run/lock diff --git a/ubuntu-fips/Dockerfile b/ubuntu-fips/Dockerfile index caaa4b5..aaf9380 100644 --- a/ubuntu-fips/Dockerfile +++ b/ubuntu-fips/Dockerfile @@ -111,6 +111,8 @@ RUN apt-get install -y --no-install-recommends \ zerofree \ zfsutils-linux \ zstd \ + rsyslog \ + logrotate \ && apt-get remove -y unattended-upgrades && apt-get clean \ && apt-get purge --auto-remove -y ubuntu-advantage-tools \ && rm -rf /var/lib/apt/lists/* From fb86128a59c1cb983a8eadb9e5f82d231720338a Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Thu, 11 Jul 2024 06:58:12 +0000 Subject: [PATCH 2/6] config update --- Earthfile | 7 ++++++- overlay/files/etc/logrotate.d/stylus.conf | 12 ++++++++++++ overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 overlay/files/etc/logrotate.d/stylus.conf diff --git a/Earthfile b/Earthfile index 7aa90f4..bc98551 100644 --- a/Earthfile +++ b/Earthfile @@ -772,11 +772,16 @@ base-image: RUN --no-cache luet repo update IF [ "$OS_DISTRIBUTION" = "rhel" ] - RUN yum install -y openssl + RUN yum install -y openssl rsyslog logrotate END IF [ "$OS_DISTRIBUTION" = "sles" ] RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi + # https://software.opensuse.org//download.html?project=home%3Argerhards&package=rsyslog + # RUN zypper -n addrepo https://download.opensuse.org/repositories/home:rgerhards/SLE_15/home:rgerhards.repo + + RUN zypper refresh + RUN zypper install rsyslog END DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION diff --git a/overlay/files/etc/logrotate.d/stylus.conf b/overlay/files/etc/logrotate.d/stylus.conf new file mode 100644 index 0000000..6c1596c --- /dev/null +++ b/overlay/files/etc/logrotate.d/stylus.conf @@ -0,0 +1,12 @@ +/var/log/stylus-audit.log { + yearly + rotate 2 + missingok + notifempty + compress + delaycompress + dateext + dateformat -%m-%Y + size 100M + create 600 root adm +} \ No newline at end of file diff --git a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf index 2493c90..8288bed 100644 --- a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf +++ b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf @@ -1,6 +1,6 @@ # create stylus-audit.log with 600 $FileCreateMode 0600 -:syslogfacility-text=auth, :syslogseverity-text=notice, :syslogtag, "arun-sharma" /var/log/stylus-audit.log +:syslogfacility-text=auth, :syslogseverity-text=notice, :syslogtag, "stylus-audit" /var/log/stylus-audit.log # restore the default file permissions $FileCreateMode 0640 \ No newline at end of file From 569961150806746c7e4a3f9209bb613602e74547 Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Wed, 17 Jul 2024 01:52:45 +0000 Subject: [PATCH 3/6] conf changes --- Earthfile | 5 ----- overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf | 7 +++---- rhel-core-images/Dockerfile.rhel8 | 2 +- rhel-fips/Dockerfile | 2 +- ubuntu-fips/Dockerfile | 2 -- 5 files changed, 5 insertions(+), 13 deletions(-) diff --git a/Earthfile b/Earthfile index bc98551..64b0b9a 100644 --- a/Earthfile +++ b/Earthfile @@ -777,11 +777,6 @@ base-image: IF [ "$OS_DISTRIBUTION" = "sles" ] RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi - # https://software.opensuse.org//download.html?project=home%3Argerhards&package=rsyslog - # RUN zypper -n addrepo https://download.opensuse.org/repositories/home:rgerhards/SLE_15/home:rgerhards.repo - - RUN zypper refresh - RUN zypper install rsyslog END DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION diff --git a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf index 8288bed..ccce1b8 100644 --- a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf +++ b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf @@ -1,6 +1,5 @@ -# create stylus-audit.log with 600 +$FileOwner root +$FileGroup adm $FileCreateMode 0600 -:syslogfacility-text=auth, :syslogseverity-text=notice, :syslogtag, "stylus-audit" /var/log/stylus-audit.log -# restore the default file permissions -$FileCreateMode 0640 \ No newline at end of file +auth.=notice /var/log/stylus-audit.log \ No newline at end of file diff --git a/rhel-core-images/Dockerfile.rhel8 b/rhel-core-images/Dockerfile.rhel8 index 081074d..e9520db 100644 --- a/rhel-core-images/Dockerfile.rhel8 +++ b/rhel-core-images/Dockerfile.rhel8 @@ -54,7 +54,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \ iscsi-initiator-utils \ iptables ethtool socat iproute-tc conntrack \ kernel kernel-modules kernel-modules-extra \ - rsync jq rsyslog logrotate && dnf clean all + rsync jq && dnf clean all COPY --from=quay.io/kairos/framework:v2.7.41 / / diff --git a/rhel-fips/Dockerfile b/rhel-fips/Dockerfile index 8bdecfd..9f1b87f 100644 --- a/rhel-fips/Dockerfile +++ b/rhel-fips/Dockerfile @@ -75,7 +75,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \ iscsi-initiator-utils \ iptables ethtool socat iproute-tc conntrack \ kernel kernel-modules kernel-modules-extra \ - rsync jq rsyslog logrotate && dnf clean all + rsync jq && dnf clean all RUN mkdir -p /run/lock && \ touch /usr/libexec/.keep diff --git a/ubuntu-fips/Dockerfile b/ubuntu-fips/Dockerfile index aaf9380..caaa4b5 100644 --- a/ubuntu-fips/Dockerfile +++ b/ubuntu-fips/Dockerfile @@ -111,8 +111,6 @@ RUN apt-get install -y --no-install-recommends \ zerofree \ zfsutils-linux \ zstd \ - rsyslog \ - logrotate \ && apt-get remove -y unattended-upgrades && apt-get clean \ && apt-get purge --auto-remove -y ubuntu-advantage-tools \ && rm -rf /var/lib/apt/lists/* From c7e8f319dabfb69bb3556ea65d9c507c86f09d59 Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Thu, 25 Jul 2024 03:56:58 +0000 Subject: [PATCH 4/6] log duplicate issue fix and file permission and ownership fix --- overlay/files/etc/rsyslog.d/49-stylus.conf | 21 +++++++++++++++++++ .../etc/rsyslog.d/51-stylus-rsyslog.conf | 5 ----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 overlay/files/etc/rsyslog.d/49-stylus.conf delete mode 100644 overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf diff --git a/overlay/files/etc/rsyslog.d/49-stylus.conf b/overlay/files/etc/rsyslog.d/49-stylus.conf new file mode 100644 index 0000000..4046b2d --- /dev/null +++ b/overlay/files/etc/rsyslog.d/49-stylus.conf @@ -0,0 +1,21 @@ +# Running rsyslog as root. +# TODO: should this be done or change acceptance criteria to about audit log file permissions accordingly +$PrivDropToUser root +$PrivDropToGroup adm +# default config has $Umask 0022 set. That breaks any config related to masks and modes. +$Umask 0000 + +# Mesage format as per rfc5424. +$template ForwardFormat,"<%pri%>1 %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag% %procid% - - %msg%\n" + +# route messages with facility local7 and severity notice to /var/log/stylus-audit.log +if ($syslogfacility-text == 'local7' and $syslogseverity-text == 'notice') then{ + action( + type="omfile" + file="/var/log/stylus-audit.log" + FileCreateMode="0600" + fileowner="root" + fileGroup="adm" + template="ForwardFormat" + ) & stop +} diff --git a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf b/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf deleted file mode 100644 index ccce1b8..0000000 --- a/overlay/files/etc/rsyslog.d/51-stylus-rsyslog.conf +++ /dev/null @@ -1,5 +0,0 @@ -$FileOwner root -$FileGroup adm -$FileCreateMode 0600 - -auth.=notice /var/log/stylus-audit.log \ No newline at end of file From 9deb3f27938219596d2946ba5efdb52c5ef830dd Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Thu, 25 Jul 2024 23:16:52 +0000 Subject: [PATCH 5/6] rsyslog conf in providers and adm group not in opensuse fix --- Earthfile | 2 ++ overlay/files/etc/rsyslog.d/49-stylus.conf | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index 64b0b9a..8232e6e 100644 --- a/Earthfile +++ b/Earthfile @@ -271,6 +271,7 @@ uki-provider-image: RUN apt-get update && apt-get install -y rsync WORKDIR / + COPY overlay/files/etc/ /etc/ COPY +luet/luet /usr/bin/luet COPY +kairos-agent/kairos-agent /usr/bin/kairos-agent COPY --platform=linux/${ARCH} +trust-boot-unpack/ /trusted-boot @@ -557,6 +558,7 @@ provider-image: ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG END + COPY overlay/files/etc/ /etc/ COPY --platform=linux/${ARCH} +kairos-provider-image/ / COPY +stylus-image/etc/kairos/branding /etc/kairos/branding COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml diff --git a/overlay/files/etc/rsyslog.d/49-stylus.conf b/overlay/files/etc/rsyslog.d/49-stylus.conf index 4046b2d..a540b6b 100644 --- a/overlay/files/etc/rsyslog.d/49-stylus.conf +++ b/overlay/files/etc/rsyslog.d/49-stylus.conf @@ -1,7 +1,6 @@ # Running rsyslog as root. # TODO: should this be done or change acceptance criteria to about audit log file permissions accordingly $PrivDropToUser root -$PrivDropToGroup adm # default config has $Umask 0022 set. That breaks any config related to masks and modes. $Umask 0000 @@ -15,7 +14,6 @@ if ($syslogfacility-text == 'local7' and $syslogseverity-text == 'notice') then{ file="/var/log/stylus-audit.log" FileCreateMode="0600" fileowner="root" - fileGroup="adm" template="ForwardFormat" ) & stop } From 1a0f2fe0d48d614e9e8fbec4288172aa0b6a0432 Mon Sep 17 00:00:00 2001 From: Arun Sharma Date: Fri, 26 Jul 2024 16:26:32 +0000 Subject: [PATCH 6/6] group change --- overlay/files/etc/logrotate.d/stylus.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/files/etc/logrotate.d/stylus.conf b/overlay/files/etc/logrotate.d/stylus.conf index 6c1596c..e45df6a 100644 --- a/overlay/files/etc/logrotate.d/stylus.conf +++ b/overlay/files/etc/logrotate.d/stylus.conf @@ -8,5 +8,5 @@ dateext dateformat -%m-%Y size 100M - create 600 root adm + create 600 root root } \ No newline at end of file