polynomial-c 14/09/30 13:09:39
Added: README.gentoo rsyslog.initd rsyslog.conf
50-default.conf rsyslog.confd rsyslog.logrotate
Log:
Security bump (bug #524058). Removed old. Remote syslog PRI vulnerability
(CVE-2014-3634)
(Portage version: 2.2.14_rc1/cvs/Linux x86_64, signed Manifest commit with
key 0x981CA6FC)
Revision Changes Path
1.1 app-admin/rsyslog/files/8-stable/README.gentoo
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/README.gentoo?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/README.gentoo?rev=1.1&content-type=text/plain
Index: README.gentoo
===================================================================
Introduction
============
Since rsyslog version 7.6 we are shipping a new default Gentoo
configuration. See bug #501982 to learn more about what we were trying to
achieve by rewriting the entire configuration.
Important changes
=================
1. "/var/log/syslog" log file is now deprecated
Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
longer being written per default. We are considering this file as
deprecated/obsolet for the typical user/system.
The content from this log file is still availble through other
(dedicated) log files, see
- /var/log/cron.log
- /var/log/daemon.log
- /var/log/mail.log
- /var/log/messages
If you really need the old "/var/log/syslog" log file, all you have to
do is uncommenting the corresponding configuration directive in
"/etc/rsyslog.d/50-default.conf".
If you do so, don't forget to re-enable log rotation in
"/etc/logrotate.d/rsyslog", too.
2. An additional input socket in "/var/empty/dev/log" (default chroot
location) will be created per default
See bug #490744 for further details.
1.1 app-admin/rsyslog/files/8-stable/rsyslog.initd
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.initd?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.initd?rev=1.1&content-type=text/plain
Index: rsyslog.initd
===================================================================
#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header:
/var/cvsroot/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.initd,v 1.1
2014/09/30 13:09:39 polynomial-c Exp $
RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}
command="/usr/sbin/rsyslogd"
command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}"
start_stop_daemon_args="${RSYSLOG_SSDARGS}"
pidfile="${RSYSLOG_PIDFILE}"
retry="${RSYSLOG_TERMTIMEOUT}"
required_files="${RSYSLOG_CONFIGFILE}"
description="RSYSLOG is the rocket-fast system for log processing (syslog
replacement)."
extra_commands="configtest"
extra_started_commands="rotate"
description_configtest="Run rsyslogd's internal config check."
description_rotate="Sends rsyslogd a signal to re-open its log files."
depend() {
need clock hostname localmount
provide logger
}
start_pre() {
if [ "${RC_CMD}" != "restart" ]; then
configtest || return 1
fi
}
stop_pre() {
if [ "${RC_CMD}" = "restart" ]; then
configtest || return 1
fi
}
stop_post() {
rm -f ${RSYSLOG_PIDFILE}
}
configtest() {
# This will currently only detect fatal errors
# See https://github.com/rsyslog/rsyslog/issues/79
local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}"
local _retval=0
ebegin "Checking rsyslogd's configuration"
${_test_command} >/dev/null 2>&1
_retval=$?
if [ ${_retval} -ne 0 ]; then
${_test_command}
fi
eend ${_retval} "failed, please correct errors above"
}
rotate() {
ebegin "Re-opening rsyslogd logs"
start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
eend $?
}
1.1 app-admin/rsyslog/files/8-stable/rsyslog.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.conf?rev=1.1&content-type=text/plain
Index: rsyslog.conf
===================================================================
# /etc/rsyslog.conf
#
# This configuration is based on RainerScript, the new recommended syntax
# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
# details.
#
# But if you don't want to learn something new at moment, don't worry: The
# legacy syntax is still supported.
#
# You may want to use the new RSYSLOG configuration builder to create your
# own more advanced configuration:
http://www.rsyslog.com/rsyslog-configuration-builder/
# Check config syntax on startup and abort if unclean (default: off)
#$AbortOnUncleanConfig on
###############
### MODULES ###
###############
# Read syslog messages from default Unix socket /dev/log (e.g. via logger
command)
module(load="imuxsock")
# Read messages from the kernel log and submits them to the syslog engine
module(load="imklog")
# Inject "--MARK--" messages every $Interval (seconds)
#module(load="immark" Interval="600")
# Read syslog messages from UDP
#module(load="imudp")
#input(type="imudp" port="514")
# Read syslog messages from TCP
#module(load="imtcp")
#input(type="imtcp" port="514")
#########################
### GLOBAL DIRECTIVES ###
#########################
# Where to place spool and state files
$WorkDirectory /var/spool/rsyslog
# Reduce repeating messages (default: off)
#$RepeatedMsgReduction on
# Set defaults for every output file
$Umask 0022
module(
load="builtin:omfile"
Template="RSYSLOG_TraditionalFileFormat"
FileCreateMode="0644"
DirCreateMode="0755"
)
# Include all conf files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
1.1 app-admin/rsyslog/files/8-stable/50-default.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/50-default.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/50-default.conf?rev=1.1&content-type=text/plain
Index: 50-default.conf
===================================================================
#######################
### DEFAULT ACTIONS ###
#######################
auth,authpriv.* action(
type="omfile"
File="/var/log/auth.log"
FileCreateMode="0600"
FileOwner="root"
FileGroup="adm"
Sync="off"
)
cron.* action(
type="omfile"
File="/var/log/cron.log"
FileOwner="root"
FileGroup="adm"
)
daemon.* action(
type="omfile"
File="/var/log/daemon.log"
FileOwner="root"
FileGroup="adm"
)
kern.* action(
type="omfile"
File="/var/log/kern.log"
FileOwner="root"
FileGroup="adm"
)
lpr.* action(
type="omfile"
File="/var/log/lpr.log"
FileOwner="root"
FileGroup="adm"
)
mail.* action(
type="omfile"
File="/var/log/mail.log"
FileOwner="root"
FileGroup="adm"
)
news.* action(
type="omfile"
File="/var/log/news.log"
FileOwner="root"
FileGroup="adm"
)
user.* action(
type="omfile"
File="/var/log/user.log"
FileOwner="root"
FileGroup="adm"
)
*.=debug;auth,authpriv,news,mail.none action(
type="omfile"
File="/var/log/debug.log"
FileOwner="root"
FileGroup="adm"
)
*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
type="omfile"
File="/var/log/messages"
FileOwner="root"
FileGroup="adm"
)
# Uncomment the following directive to re-enable the
# deprecated "/var/log/syslog" log file (don't forget to re-enable log
# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
#*.*;auth,authpriv.none action(
# type="omfile"
# File="/var/log/syslog"
# FileOwner="root"
# FileGroup="adm"
#)
*.emerg action(
type="omusrmsg"
Users="*"
action.execOnlyOnceEveryInterval="10"
)
# Create an additional socket for the default chroot location
# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
input(type="imuxsock" Socket="/var/empty/dev/log")
1.1 app-admin/rsyslog/files/8-stable/rsyslog.confd
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.confd?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.confd?rev=1.1&content-type=text/plain
Index: rsyslog.confd
===================================================================
# /etc/conf.d/rsyslog
# Configuration file
RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"
# PID file
# If you should ever change this, remember to update
# "/etc/logrotate.d/rsyslog", too.
RSYSLOG_PIDFILE="/run/rsyslogd.pid"
# You can use this configuration option to pass additional options to the
# start-stop-daemon, see start-stop-daemon(8) for more details.
# Per default we wait 1000ms after we have started the service to ensure
# that the daemon is really up and running.
RSYSLOG_SSDARGS="--wait 1000"
# The termination timeout (start-stop-daemon parameter "retry") ensures
# that the service will be terminated within a given time (60 + 5 seconds
# per default) when you are stopping the service.
# You need to increase the value when you are working with a large queue.
# See http://www.rsyslog.com/doc/queues.html for further information.
RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"
# Options to rsyslogd
# See rsyslogd(8) for more details
# Notes:
# * Do not specify another PIDFILE but use the variable above to change the
location
# * Do not specify another CONFIGFILE but use the variable above to change the
location
RSYSLOG_OPTS=""
1.1 app-admin/rsyslog/files/8-stable/rsyslog.logrotate
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.logrotate?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.logrotate?rev=1.1&content-type=text/plain
Index: rsyslog.logrotate
===================================================================
# Uncomment the following directive if you have re-enabled
# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
#/var/log/syslog
#{
# rotate 7
# daily
# missingok
# notifempty
# delaycompress
# compress
# postrotate
# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid)
&>/dev/null
# endscript
#}
/var/log/auth.log
/var/log/cron.log
/var/log/daemon.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.log
/var/log/news.log
/var/log/user.log
/var/log/debug.log
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid)
&>/dev/null
endscript
}
