From bda835d0051950c63c0f38bbf11fb6fe47b4af36 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 31 Oct 2013 01:10:49 +0100 Subject: Configure the (basic) logging policy. --- .../etc/logcheck/ignore.d.server/common.local | 6 ++ roles/common/files/etc/logcheck/logcheck.conf | 85 ++++++++++++++++++++++ roles/common/files/etc/logrotate.d/fripost-mail | 17 +++++ roles/common/tasks/logging.yml | 32 ++++++++ roles/common/tasks/main.yml | 1 + 5 files changed, 141 insertions(+) create mode 100644 roles/common/files/etc/logcheck/ignore.d.server/common.local create mode 100644 roles/common/files/etc/logcheck/logcheck.conf create mode 100644 roles/common/files/etc/logrotate.d/fripost-mail create mode 100644 roles/common/tasks/logging.yml diff --git a/roles/common/files/etc/logcheck/ignore.d.server/common.local b/roles/common/files/etc/logcheck/ignore.d.server/common.local new file mode 100644 index 0000000..22fe621 --- /dev/null +++ b/roles/common/files/etc/logcheck/ignore.d.server/common.local @@ -0,0 +1,6 @@ +# Ansible Managed +# Do NOT edit this file directly! +# +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/master\[[[:digit:]]+\]: reload -- version +# Ansible logs everything into syslog +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ansible-[a-z]+: Invoked diff --git a/roles/common/files/etc/logcheck/logcheck.conf b/roles/common/files/etc/logcheck/logcheck.conf new file mode 100644 index 0000000..9a7e7c6 --- /dev/null +++ b/roles/common/files/etc/logcheck/logcheck.conf @@ -0,0 +1,85 @@ +# The following variable settings are the initial default values, +# which can be uncommented and modified to alter logcheck's behaviour + +# Controls the format of date-/time-stamps in subject lines: +# Alternatively, set the format to suit your locale + +#DATE="$(date +'%Y-%m-%d %H:%M')" + +# Controls the presence of boilerplate at the top of each message: +# Alternatively, set to "0" to disable the introduction. +# +# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt +# are present their contents will be read and used as the header and +# footer of any generated mails. + +INTRO=0 + +# Controls the level of filtering: +# Can be Set to "workstation", "server" or "paranoid" for different +# levels of filtering. Defaults to server if not set. + +REPORTLEVEL="server" + +# Controls the address mail goes to: +# *NOTE* the script does not set a default value for this variable! +# Should be set to an offsite "emailaddress@some.domain.tld" + +SENDMAILTO="admin@fripost.org" + +# Send the results as attachment or not. +# 0=not as attachment; 1=as attachment; 2=as gzip attachment +# Default is 0 + +MAILASATTACH=0 + +# Should the hostname in the subject of generated mails be fully qualified? + +FQDN=1 + +# Controls whether "sort -u" is used on log entries (which will +# eliminate duplicates but destroy the original ordering); the +# default is to use "sort -k 1,3 -s": +# Alternatively, set to "1" to enable unique sorting + +#SORTUNIQ=0 + +# Controls whether /etc/logcheck/cracking.ignore.d is scanned for +# exceptions to the rules in /etc/logcheck/cracking.d: +# Alternatively, set to "1" to enable cracking.ignore support + +#SUPPORT_CRACKING_IGNORE=0 + +# Controls the base directory for rules file location +# This must be an absolute path + +#RULEDIR="/etc/logcheck" + +# Controls if syslog-summary is run over each section. +# Alternatively, set to "1" to enable extra summary. +# HINT: syslog-summary needs to be installed. + +#SYSLOGSUMMARY=0 + +# Controls Subject: lines on logcheck reports: + +#ATTACKSUBJECT="Security Alerts" +#SECURITYSUBJECT="Security Events" +#EVENTSSUBJECT="System Events" + +# Controls [logcheck] prefix on Subject: lines + +#ADDTAG="no" + +# Set a different location for temporary files than /tmp +# this is useful if your /tmp is small and you are getting +# errors such as: +# cp: writing `/tmp/logcheck.y12449/checked': No space left on device +# /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device +# mail: /tmp/mail.RsXXXXpc2eAx: No space left on device +# Null message body; hope that's ok +# +# If this is happening, likely you will want to change the following to be some other +# location, such as /var/tmp + +TMP="/tmp" diff --git a/roles/common/files/etc/logrotate.d/fripost-mail b/roles/common/files/etc/logrotate.d/fripost-mail new file mode 100644 index 0000000..9ed2617 --- /dev/null +++ b/roles/common/files/etc/logrotate.d/fripost-mail @@ -0,0 +1,17 @@ +# Don't forget to remove these log files from other files under +# /etc/logrotate.d/ ! + +/var/log/mail.log +/var/log/mail.info +{ + rotate 3 + daily + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml new file mode 100644 index 0000000..d305e29 --- /dev/null +++ b/roles/common/tasks/logging.yml @@ -0,0 +1,32 @@ +- name: Install logging server & utilities + apt: pkg={{ item }} + with_items: + - rsyslog + - syslog-summary + - logcheck + - logcheck-database + - logrotate + +- name: Configure logcheck + copy: src=etc/logcheck/{{ item }} + dest=/etc/logcheck/{{ item }} + owner=root group=logcheck + mode=0640 + with_items: + - logcheck.conf + - ignore.d.server/common.local + +- name: Minimal logging policy (1) + lineinfile: dest=/etc/logrotate.d/rsyslog + regexp="^/var/log/mail.(log|info)$" + state=absent + +- name: Minimal logging policy (2) + copy: src=etc/logrotate.d/fripost-mail + dest=/etc/logrotate.d/fripost-mail + owner=root group=root + mode=0644 + +# TODO: We also have specialized per-role logcheck rulesets, per-role +# logrotate configuration (/etc/logrotate.d), and per-role rsyslog +# configuration (/etc/rsyslog.d). diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index ea85900..3ee4f49 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -7,3 +7,4 @@ - include: rkhunter.yml tags=rkhunter - include: fail2ban.yml tags=fail2ban - include: ipsec.yml tags=strongswan,ipsec +- include: logging.yml tags=logging -- cgit v1.2.3