Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replaced rsyslog by sec (simple event correlator) #1732

Closed
wants to merge 1 commit into from
Closed

Replaced rsyslog by sec (simple event correlator) #1732

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion deb/openmediavault/debian/changelog
View file
Open in desktop
@@ -1,6 +1,6 @@
openmediavault (7.0.5-1) stable; urgency=low

*
* Replace rsyslog by sec to react for events in syslog.

-- Volker Theile <volker.theile@openmediavault.org> Wed, 20 Mar 2024 20:49:15 +0100

Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault/debian/control
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@ Depends: php-fpm, libpam-modules, php-json, dpkg, patch, dash, mawk | gawk,
php-cgi, php-cli, php-mbstring, php-pam, sudo, ethtool, python3-dialog,
acl, iproute2, xfsprogs, jfsutils, ntfs-3g, wsdd (>= 0.7.0),
sdparm, mdadm, postfix, libsasl2-modules, bsd-mailx, python3-dbus,
cpufrequtils, rsyslog, logrotate, smartmontools, openssl, openssh-server,
cpufrequtils, sec, logrotate, smartmontools, openssl, openssh-server,
uuid, tzdata, nfs-kernel-server, lsb-release, sshpass, grep, zstd,
wget, util-linux, samba, samba-common-bin, rsync, apt-utils, netplan.io,
avahi-daemon, libnss-mdns, iptables, monit, beep, php-bcmath, sed,
Expand Down
19 changes: 16 additions & 3 deletions deb/openmediavault/debian/openmediavault.postinst
View file
Open in desktop
Expand Up @@ -127,6 +127,10 @@ case "$1" in
# Setup all services.
####################################################################
echo "Updating service units ..."

# Reload systemd unit files.
deb-systemd-helper daemon-reload || :

# Stop and disable various services that are disabled by default.
deb-systemd-helper disable smartmontools.service
deb-systemd-invoke stop smartmontools.service || :
Expand Down Expand Up @@ -163,8 +167,8 @@ case "$1" in
deb-systemd-invoke start systemd-resolved.service || :
deb-systemd-helper enable systemd-journald.service
deb-systemd-invoke start systemd-journald.service || :
deb-systemd-helper enable rsyslog.service
deb-systemd-invoke start rsyslog.service || :
deb-systemd-helper enable sec.service
deb-systemd-invoke restart sec.service || :
deb-systemd-helper enable unattended-upgrades.service
deb-systemd-invoke start unattended-upgrades.service || :
fi
Expand Down Expand Up @@ -241,7 +245,7 @@ case "$1" in
# Deploy the configuration for various services.
echo "Deploying service configurations ..."
LANG=C.UTF-8 omv-salt deploy run --no-color --quiet \
apt cpufrequtils chrony rsyslog \
apt cpufrequtils chrony \
watchdog monit rrdcached avahi ssh nginx collectd \
phpfpm issue sysctl systemd systemd-logind || :
fi
Expand Down Expand Up @@ -520,6 +524,15 @@ case "$1" in
if dpkg --compare-versions "$2" lt-nl "6.9.11"; then
omv_module_set_dirty nfs
fi
if dpkg --compare-versions "$2" lt-nl "7.0.5"; then
# Stop rsyslog which is not used anymore. It has been replaced by
# sec (simple event correlator).
deb-systemd-helper daemon-reload || :
deb-systemd-helper disable rsyslog.service
deb-systemd-invoke stop rsyslog.service || :
deb-systemd-helper enable sec.service
deb-systemd-invoke restart sec.service || :
fi

########################################################################
# Trigger the restart of the omv-engined daemon to load and use the
Expand Down
10 changes: 0 additions & 10 deletions deb/openmediavault/etc/rsyslog.d/openmediavault-pamfaillock.conf
View file
Open in desktop

This file was deleted.

6 changes: 6 additions & 0 deletions deb/openmediavault/etc/sec.d/pam_faillock.sec
View file
Open in desktop
@@ -0,0 +1,6 @@
# May 11 16:30:37 omv6box omv-engined[71484]: pam_faillock(openmediavault:auth): Consecutive login failures for user admin account temporarily locked
type=Single
ptype=RegExp
pattern=pam_faillock\(.*:auth\): Consecutive login failures for user (.+) account temporarily locked
desc=After consecutive failed login attempts user $1 has been banned
action=pipe '%s at %t. Access is denied for 3 minutes. After that time, the user is able to log in again with the correct password.' /usr/bin/mail -s "Too many failed login attempts by user $1" root
5 changes: 5 additions & 0 deletions deb/openmediavault/etc/systemd/system/sec.service.d/openmediavault.conf
View file
Open in desktop
@@ -0,0 +1,5 @@
[Service]
Type=simple
EnvironmentFile=
ExecStart=
ExecStart=/usr/bin/bash -c "/usr/bin/journalctl -f | /usr/bin/sec --conf=/etc/sec.d/*.sec --input=- --notail"