-
Bob Mottram authoredBob Mottram authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-logging 10.62 KiB
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Turn logging on or off
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-logging
export TEXTDOMAINDIR="/usr/share/locale"
WEBSERVER_LOG_LEVEL='warn'
function turn_off_rsys_logging {
sed -i 's|mail,news.none.*|mail,news.none /dev/null|g' /etc/rsyslog.conf
sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /dev/null|g' /etc/rsyslog.conf
sed -i 's|mail.info.*|mail.info /dev/null|g' /etc/rsyslog.conf
sed -i 's|mail.warn.*|mail.warn /dev/null|g' /etc/rsyslog.conf
sed -i 's|mail.err.*|mail.err /dev/null|g' /etc/rsyslog.conf
sed -i 's|daemon.\*.*|daemon.\* /dev/null|g' /etc/rsyslog.conf
sed -i 's|mail.\*.*|mail.\* /dev/null|g' /etc/rsyslog.conf
sed -i 's|user.\*.*|user.\* /dev/null|g' /etc/rsyslog.conf
sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none /dev/null|g' /etc/rsyslog.conf
sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
sed -i 's|cron.\*.*|cron.\* /dev/null|g' /etc/rsyslog.conf
shred -zu /var/log/wtmp*
shred -zu /var/log/debug*
shred -zu /var/log/cron.*
shred -zu /var/log/auth.*
shred -zu /var/log/mail.*
shred -zu /var/log/daemon.*
shred -zu /var/log/user.*
shred -zu /var/log/messages*
}
function turn_on_rsys_logging {
sed -i 's|mail,news.none.*|mail,news.none -/var/log/messages|g' /etc/rsyslog.conf
sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /var/log/auth.log|g' /etc/rsyslog.conf
sed -i 's|mail.info.*|mail.info -/var/log/mail.info|g' /etc/rsyslog.conf
sed -i 's|mail.warn.*|mail.warn -/var/log/mail.warn|g' /etc/rsyslog.conf
sed -i 's|mail.err.*|mail.err /var/log/mail.err|g' /etc/rsyslog.conf
sed -i 's|daemon.\*.*|daemon.\* -/var/log/daemon.log|g' /etc/rsyslog.conf
sed -i 's|mail.\*.*|mail.\* -/var/log/mail.log|g' /etc/rsyslog.conf
sed -i 's|user.\*.*|user.\* -/var/log/user.log|g' /etc/rsyslog.conf
sed -i 's|news.none;mail.none.*|news.none;mail.none -/var/log/debug|g' /etc/rsyslog.conf
sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none -/var/log/syslog|g' /etc/rsyslog.conf
sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
sed -i 's|cron.\*.*|cron.\* /var/log/cron.log|g' /etc/rsyslog.conf
}
if [ ! "$1" ]; then
exit 1
fi
if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
if [ -f /etc/fail2ban/fail2ban.conf ]; then
sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
fi
if [ -d /etc/tor ]; then
if [ ! -f /var/log/tor.log ]; then
touch /var/log/tor.log
chown debian-tor:debian-tor /var/log/tor.log
fi
sed -i 's|#Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
sed -i 's|Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
fi
if [ -f /etc/mumble-server.ini ]; then
sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
fi
if [ -f /etc/php5/fpm/php-fpm.conf ]; then
sed -i 's|error_log =.*|error_log = /var/log/php5-fpm.log|g' /etc/php5/fpm/php-fpm.conf
fi
if [ -d /etc/nginx ]; then
if [ ! -d /var/log/nginx ]; then
mkdir /var/log/nginx
fi
for filename in /etc/nginx/sites-available/* ; do
filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename
sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename
done
sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
fi
if [ -f /etc/init.d/spamassassin ]; then
sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
fi
if [ -d /etc/prosody ]; then
if [ ! -d /var/log/prosody ]; then
mkdir /var/log/prosody
chown root:adm /var/log/prosody
fi
sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
fi
if [ -d /etc/exim4 ]; then
if [ ! -d /var/log/exim4 ]; then
mkdir /var/log/exim4
fi
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/exim4.conf.template
sed -i 's|log_selector =.*|log_selector = MAIN_LOG_SELECTOR|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
fi
if [ -f /etc/dovecot/dovecot.conf ]; then
sed -i 's|log_path =.*|log_path = /var/log/dovecot.log|g' /etc/dovecot/dovecot.conf
sed -i 's|info_log_path =.*|info_log_path = /var/log/dovecot-info.log|g' /etc/dovecot/dovecot.conf
sed -i 's|debug_log_path =.*|debug_log_path = /var/log/dovecot-debug.log|g' /etc/dovecot/dovecot.conf
fi
if [ -d /etc/mysql ]; then
if [ ! -d /var/log/mysql ]; then
mkdir /var/log/mysql
fi
sed -i 's|log_error =.*|log_error = /var/log/mysql/error.log|g' /etc/mysql/my.cnf
fi
turn_on_rsys_logging
else
if [ -d /etc/tor ]; then
sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
if [ -d /var/log/tor ]; then
shred -zu /var/log/tor/*
rm -rf /var/log/tor
fi
fi
if [ -f /etc/mumble-server.ini ]; then
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
if [ -d /var/log/mumble-server ]; then
shred -zu /var/log/mumble-server/*
rm -rf /var/log/mumble-server
fi
fi
if [ -d /var/log/radicale ]; then
shred -zu /var/log/radicale/*
rm -rf /var/log/radicale
fi
if [ -f /etc/php5/fpm/php-fpm.conf ]; then
sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php5/fpm/php-fpm.conf
shred -zu /var/log/php5-fpm.*
fi
if [ -d /etc/nginx ]; then
for filename in /etc/nginx/sites-available/* ; do
sed -i 's|access_log.*|access_log /dev/null;|g' $filename
sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename
sed -i 's|error_log.*|error_log /dev/null;|g' $filename
done
sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
shred -zu /var/log/nginx/*
fi
if [ -f /etc/init.d/spamassassin ]; then
sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
fi
if [ -d /etc/prosody ]; then
sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
shred -zu /var/log/prosody/*
rm -rf /var/log/prosody
fi
if [ -d /etc/exim4 ]; then
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
shred -zu /var/log/exim4/*
fi
if [ -f /etc/dovecot/dovecot.conf ]; then
sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
shred -zu /var/log/mail.*
shred -zu /var/log/dovecot*
fi
if [ -d /etc/mysql ]; then
if [ -d /var/log/mysql ]; then
shred -zu /var/log/mysql/*
fi
if [ -f /var/log/mysql.err ]; then
shred -zu /var/log/mysql.err
fi
if [ -f /var/log/mysql.log ]; then
shred -zu /var/log/mysql.log
fi
sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
fi
if [ -f /etc/fail2ban/fail2ban.conf ]; then
sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
shred -zu /var/log/fail2ban.*
fi
turn_off_rsys_logging
fi
systemctl restart syslog
if [ -d /etc/tor ]; then
if [[ "$2" != "--onion" ]]; then
systemctl restart tor
fi
fi
if [ -d /etc/nginx ]; then
systemctl restart php5-fpm
systemctl restart nginx
fi
if [ -f /etc/init.d/spamassassin ]; then
systemctl restart spamassassin
fi
if [ -d /etc/prosody ]; then
systemctl restart prosody
fi
if [ -d /etc/exim4 ]; then
systemctl restart exim4
fi
if [ -d /etc/dovecot ]; then
systemctl restart dovecot
fi
if [ -f /etc/mumble-server.ini ]; then
systemctl restart mumble-server
fi
if [ -d /var/www/radicale ]; then
systemctl restart radicale
fi
if [ -d /etc/fail2ban ]; then
systemctl restart fail2ban
fi
exit 0