Add *_backend options for services to allow distros to set the default backend

per service. Set default to systemd for Fedora as appropriate.
2015-10-07 19:50:03 -06:00 · 2015-10-07 19:50:03 -06:00 · 75d33c0f09
parent 3a5d4fdd26
commit 75d33c0f09
4 changed files with 51 additions and 1 deletions
--- a/2
+++ b/2
@ -34,6 +34,8 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
     (Thanks M. Maraun)
   * Added check against atacker's Googlebot PTR fake records
     (Thanks Pablo Rodriguez Fernandez)
+   * Add *_backend options for services to allow distros to set the default
+     backend per service, set default to systemd for Fedora as appropriate

 ver. 0.9.3 (2015/08/01) - lets-all-stay-friends
 ----------
--- a/config/jail.conf
+++ b/config/jail.conf
@ -216,6 +216,7 @@ action = %(action_)s

 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s


 [sshd-ddos]
@ -224,12 +225,14 @@ logpath = %(sshd_log)s
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s


 [dropbear]

 port     = ssh
 logpath  = %(dropbear_log)s
+backend  = %(dropbear_backend)s


 [selinux-ssh]
@ -393,6 +396,7 @@ maxretry = 5

 port     = http,https
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s

 [guacamole]

@ -410,12 +414,14 @@ logpath  = /var/log/monit

 port    = 10000
 logpath = %(syslog_authpriv)s
+backend = %(syslog_backend)s


 [froxlor-auth]

 port    = http,https
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s


 #
@ -444,12 +450,14 @@ logpath = /var/log/3proxy.log

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
+backend  = %(proftpd_backend)s


 [pure-ftpd]

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
+backend  = %(pureftpd_backend)s
 maxretry = 6


@ -457,6 +465,7 @@ maxretry = 6

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s
 maxretry = 6


@ -464,6 +473,7 @@ maxretry = 6

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
+backend  = %(wuftpd_backend)s
 maxretry = 6


@ -491,18 +501,21 @@ logpath  = /root/path/to/assp/logs/maillog.txt

 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s


 [postfix]

 port     = smtp,465,submission
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s


 [postfix-rbl]

 port     = smtp,465,submission
-logpath  = %(syslog_mail)s
+logpath  = %(postfix_mail)s
+backend  = %(postfix_backend)s
 maxretry = 1


@ -510,12 +523,14 @@ maxretry = 1

 port    = submission,465,smtp
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 [sendmail-reject]

 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s


 [qmail-rbl]
@ -531,12 +546,14 @@ logpath = /service/qmail/log/main/current

 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s


 [sieve]

 port   = smtp,465,submission
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s


 [solid-pop3d]
@ -572,6 +589,7 @@ logpath = /opt/kerio/mailserver/store/logs/security.log

 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s


 [postfix-sasl]
@ -581,12 +599,14 @@ port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s


 [perdition]

 port   = imap3,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 [squirrelmail]
@ -599,12 +619,14 @@ logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log

 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 [uwimap-auth]

 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 #
@ -686,6 +708,7 @@ maxretry = 10

 port     = 3306
 logpath  = %(mysql_log)s
+backend  = %(mysql_backend)s
 maxretry = 5


@ -712,12 +735,14 @@ maxretry = 5
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = iptables-allports
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s


 [xinetd-fail]

 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
+backend   = %(syslog_backend)s
 maxretry  = 2


@ -748,6 +773,7 @@ action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp

 enabled  = false
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+backend  = %(syslog_backend)s
 maxretry = 1


--- a/config/paths-common.conf
+++ b/config/paths-common.conf
@ -8,8 +8,10 @@ after  = paths-overrides.local
 [DEFAULT]

 sshd_log = %(syslog_authpriv)s
+sshd_backend = auto

 dropbear_log = %(syslog_authpriv)s
+dropbear_backend = auto

 # There is no sensible generic defaults for syslog log targets, thus
 # leaving them empty here so that no errors while parsing/interpolating configs
@ -18,6 +20,8 @@ syslog_ftp =
 syslog_local0 =
 syslog_mail_warn =
 syslog_user =
+# Set the default syslog backend target to auto
+syslog_backend = auto

 # from /etc/audit/auditd.conf
 auditd_log = /var/log/audit/audit.log
@ -38,14 +42,17 @@ suhosin_log = %(syslog_user)s %(lighttpd_error_log)s

 # defaults to ftp or local2 if ftp doesn't exist
 proftpd_log = %(syslog_ftp)s
+proftpd_backend = auto

 # http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
 # defaults to ftp but can be overwritten.
 pureftpd_log = %(syslog_ftp)s
+pureftpd_backend = auto

 # ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
 #
 wuftpd_log = %(syslog_ftp)s
+wuftpd_backend = auto

 # syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
 # No distro seems to set it to syslog by default
@ -54,13 +61,16 @@ vsftpd_log = /var/log/vsftpd.log

 # Technically syslog_facility in main.cf can overwrite but no-one sane does this.
 postfix_log = %(syslog_mail_warn)s
+postfix_backend = auto

 dovecot_log = %(syslog_mail_warn)s
+dovecot_backend = auto

 # Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
 solidpop3d_log = %(syslog_local0)s

 mysql_log = %(syslog_daemon)s
+mysql_backend = auto

 roundcube_errors_log = /var/log/roundcube/errors

--- a/config/paths-fedora.conf
+++ b/config/paths-fedora.conf
@ -37,3 +37,15 @@ exim_main_log = /var/log/exim/main.log
 mysql_log = /var/lib/mysql/mysqld.log

 roundcube_errors_log = /var/log/roundcubemail/errors
+
+# These services will log to the journal via syslog, so use the journal by
+# default.
+syslog_backend = systemd
+sshd_backend = systemd
+dropbear_backend = systemd
+proftpd_backend = systemd
+pureftpd_backend = systemd
+wuftpd_backend = systemd
+postfix_backend = systemd
+dovecot_backend = systemd
+mysql_backend = systemd