diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-11-04 15:36:17 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:44 +0200 |
| commit | c669ce00eba4cd466f270a313abf1645b1149564 (patch) | |
| tree | b1612b4107dc93a5a7409a3e2263438f7e8813fa /roles/common/files | |
| parent | 51ea7eca6ca198606a71c107bb67d64186761456 (diff) | |
Replace the 'syslog' facility (5) by 'user' (1).
'syslog' is meant for the messages generated internally by syslogd,
whereas 'user' is for user-level messages.
Diffstat (limited to 'roles/common/files')
| -rwxr-xr-x | roles/common/files/etc/network/if-pre-up.d/iptables | 6 | ||||
| -rwxr-xr-x | roles/common/files/usr/local/sbin/update-firewall.sh | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/roles/common/files/etc/network/if-pre-up.d/iptables b/roles/common/files/etc/network/if-pre-up.d/iptables index 514f774..644211f 100755 --- a/roles/common/files/etc/network/if-pre-up.d/iptables +++ b/roles/common/files/etc/network/if-pre-up.d/iptables @@ -5,34 +5,34 @@ # to syslogd. # # Copyright 2013 Guilhem Moulin <guilhem@fripost.org> # # Licensed under the GNU GPL version 3 or higher. # set -uo pipefail PATH=/usr/sbin:/usr/bin:/sbin:/bin # NOTE: syslog starts after networking during the boot process, messages # won't be logged at boot time. log="/usr/bin/logger -st firewall" # Ignore the loopback interface; run the script for ifup only. [ "$IFACE" != lo -a "$MODE" = start ] || exit 0 # We support only IPv4 and IPv6. [ "$ADDRFAM" = inet -o "$ADDRFAM" = inet6 ] || exit 0 -$log -p syslog.info -- "Loading $ADDRFAM firewall on interface $IFACE." +$log -p user.info -- "Loading $ADDRFAM firewall on interface $IFACE." case "$ADDRFAM" in inet) iptr=/sbin/iptables-restore; rules=rules.v4;; inet6)iptr=/sbin/ip6tables-restore; rules=rules.v6;; esac rules="/etc/iptables/$rules" -$iptr < $rules 2>&1 | $log -p syslog.err +$iptr < $rules 2>&1 | $log -p user.err rv=$? -[ $rv -gt 0 ] && $log -p syslog.alert \ +[ $rv -gt 0 ] && $log -p user.alert \ "WARN: Failed to load iptables rulesets; the machine may be unprotected!" exit $rv diff --git a/roles/common/files/usr/local/sbin/update-firewall.sh b/roles/common/files/usr/local/sbin/update-firewall.sh index 2e16711..84e076a 100755 --- a/roles/common/files/usr/local/sbin/update-firewall.sh +++ b/roles/common/files/usr/local/sbin/update-firewall.sh @@ -35,44 +35,44 @@ secproto=esp # must match /etc/ipsec.conf; ESP is the default (vs AH/IPComp) fail2ban_re='^(\[[0-9]+:[0-9]+\]\s+)?-A fail2ban-\S' IPSec_re=" -m policy --dir (in|out) --pol ipsec --reqid [0-9]+ --proto $secproto -j ACCEPT$" declare -A rss=() tables=() usage() { cat >&2 <<- EOF Usage: $0 [OPTIONS] Options: -f force: no confirmation asked -c check: check (dry-run) mode -v verbose: see the difference between old and new ruleset -4 IPv4 only -6 IPv6 only EOF exit 1 } log() { - /usr/bin/logger -st firewall -p syslog.info -- "$@" + /usr/bin/logger -st firewall -p user.info -- "$@" } fatal() { - /usr/bin/logger -st firewall -p syslog.err -- "$@" + /usr/bin/logger -st firewall -p user.err -- "$@" exit 1 } iptables() { # Fake iptables/ip6tables(8); use the more efficient # iptables-restore(8) instead. echo "$@" >> "$new"; } commit() { # End a table echo COMMIT >> "$new" } inet46() { case "$1" in 4) echo "$2";; 6) echo "$3";; esac } ipt-chains() { # Define new (tables and) chains. |