Merge pull request #1225 from opoplawski/journaldefault

Add *_backend options for services to allow distros to set the default backend
2015-11-14 10:49:45 -05:00 · 2015-11-14 10:49:45 -05:00 · fe8d585d91
parent b3ed19b36a c656cb0d36
commit fe8d585d91
4 changed files with 56 additions and 1 deletions
--- a/5
+++ b/5
@ -26,6 +26,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
     with new default variable `banaction_allports` (gh-1216)
   * Fixed `fail2ban-regex` stops working on invalid (wrong encoded) character
     for python version < 3.x (gh-1248)
+   * Use postfix_log logpath for postfix-rbl jail

 - New Features:
   * New interpolation feature for definition config readers - `<known/parameter>`
@ -54,6 +55,10 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
   * Enhance filter against atacker's Googlebot PTR fake records
     (gh-1226)
   * Nginx log paths extended (prefixed with "*" wildcard) (gh-1237)
+   * Added filter for openhab domotic software authentication failure with the
+     rest api and web interface (gh-1223)
+   * Add *_backend options for services to allow distros to set the default
+     backend per service, set default to systemd for Fedora as appropriate

 ver. 0.9.3 (2015/08/01) - lets-all-stay-friends
 ----------
--- a/config/jail.conf
+++ b/config/jail.conf
@ -217,6 +217,7 @@ action = %(action_)s

 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s


 [sshd-ddos]
@ -225,12 +226,14 @@ logpath = %(sshd_log)s
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
+backend = %(sshd_backend)s


 [dropbear]

 port     = ssh
 logpath  = %(dropbear_log)s
+backend  = %(dropbear_backend)s


 [selinux-ssh]
@ -408,6 +411,7 @@ maxretry = 5

 port     = http,https
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s

 [guacamole]

@ -425,12 +429,14 @@ logpath  = /var/log/monit

 port    = 10000
 logpath = %(syslog_authpriv)s
+backend = %(syslog_backend)s


 [froxlor-auth]

 port    = http,https
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s


 #
@ -459,12 +465,14 @@ logpath = /var/log/3proxy.log

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
+backend  = %(proftpd_backend)s


 [pure-ftpd]

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
+backend  = %(pureftpd_backend)s
 maxretry = 6


@ -472,6 +480,7 @@ maxretry = 6

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
+backend  = %(syslog_backend)s
 maxretry = 6


@ -479,6 +488,7 @@ maxretry = 6

 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
+backend  = %(wuftpd_backend)s
 maxretry = 6


@ -506,18 +516,21 @@ logpath  = /root/path/to/assp/logs/maillog.txt

 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s


 [postfix]

 port     = smtp,465,submission
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s


 [postfix-rbl]

 port     = smtp,465,submission
-logpath  = %(syslog_mail)s
+logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
 maxretry = 1


@ -525,12 +538,14 @@ maxretry = 1

 port    = submission,465,smtp
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 [sendmail-reject]

 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s


 [qmail-rbl]
@ -546,12 +561,14 @@ logpath = /service/qmail/log/main/current

 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s


 [sieve]

 port   = smtp,465,submission
 logpath = %(dovecot_log)s
+backend = %(dovecot_backend)s


 [solid-pop3d]
@ -587,6 +604,7 @@ logpath = /opt/kerio/mailserver/store/logs/security.log

 port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
+backend  = %(syslog_backend)s


 [postfix-sasl]
@ -596,12 +614,14 @@ port     = smtp,465,submission,imap3,imaps,pop3,pop3s
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s


 [perdition]

 port   = imap3,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 [squirrelmail]
@ -614,12 +634,14 @@ logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log

 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 [uwimap-auth]

 port   = imap3,imaps
 logpath = %(syslog_mail)s
+backend = %(syslog_backend)s


 #
@ -701,6 +723,7 @@ maxretry = 10

 port     = 3306
 logpath  = %(mysql_log)s
+backend  = %(mysql_backend)s
 maxretry = 5


@ -727,12 +750,14 @@ maxretry = 5
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = %(banaction_allports)s
 logpath  = %(syslog_authpriv)s
+backend  = %(syslog_backend)s


 [xinetd-fail]

 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
+backend   = %(syslog_backend)s
 maxretry  = 2


@ -763,6 +788,7 @@ action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp

 enabled  = false
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+backend  = %(syslog_backend)s
 maxretry = 1


--- a/config/paths-common.conf
+++ b/config/paths-common.conf
@ -7,9 +7,13 @@ after  = paths-overrides.local

 [DEFAULT]

+default_backend = auto
+
 sshd_log = %(syslog_authpriv)s
+sshd_backend = %(default_backend)s

 dropbear_log = %(syslog_authpriv)s
+dropbear_backend = %(default_backend)s

 # There is no sensible generic defaults for syslog log targets, thus
 # leaving them empty here so that no errors while parsing/interpolating configs
@ -18,6 +22,8 @@ syslog_ftp =
 syslog_local0 =
 syslog_mail_warn =
 syslog_user =
+# Set the default syslog backend target to default_backend
+syslog_backend = %(default_backend)s

 # from /etc/audit/auditd.conf
 auditd_log = /var/log/audit/audit.log
@ -38,14 +44,17 @@ suhosin_log = %(syslog_user)s %(lighttpd_error_log)s

 # defaults to ftp or local2 if ftp doesn't exist
 proftpd_log = %(syslog_ftp)s
+proftpd_backend = %(default_backend)s

 # http://svnweb.freebsd.org/ports/head/ftp/proftpd/files/patch-src_proftpd.8.in?view=markup
 # defaults to ftp but can be overwritten.
 pureftpd_log = %(syslog_ftp)s
+pureftpd_backend = %(default_backend)s

 # ftp, daemon and then local7 are tried at configure time however it is overwriteable at configure time
 #
 wuftpd_log = %(syslog_ftp)s
+wuftpd_backend = %(default_backend)s

 # syslog_enable defaults to no. so it defaults to vsftpd_log_file setting of /var/log/vsftpd.log
 # No distro seems to set it to syslog by default
@ -54,13 +63,16 @@ vsftpd_log = /var/log/vsftpd.log

 # Technically syslog_facility in main.cf can overwrite but no-one sane does this.
 postfix_log = %(syslog_mail_warn)s
+postfix_backend = %(default_backend)s

 dovecot_log = %(syslog_mail_warn)s
+dovecot_backend = %(default_backend)s

 # Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
 solidpop3d_log = %(syslog_local0)s

 mysql_log = %(syslog_daemon)s
+mysql_backend = %(default_backend)s

 roundcube_errors_log = /var/log/roundcube/errors

--- a/config/paths-fedora.conf
+++ b/config/paths-fedora.conf
@ -37,3 +37,15 @@ exim_main_log = /var/log/exim/main.log
 mysql_log = /var/lib/mysql/mysqld.log

 roundcube_errors_log = /var/log/roundcubemail/errors
+
+# These services will log to the journal via syslog, so use the journal by
+# default.
+syslog_backend = systemd
+sshd_backend = systemd
+dropbear_backend = systemd
+proftpd_backend = systemd
+pureftpd_backend = systemd
+wuftpd_backend = systemd
+postfix_backend = systemd
+dovecot_backend = systemd
+mysql_backend = systemd