From: Matthijs Kooijman Date: Tue, 5 May 2009 14:29:56 +0000 (+0200) Subject: Merge commit 'origin/template' into mail X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;h=b17c59cdaba252243080d79ec3e800a840e3e2f2;hp=65cf2f49508f04297239866bc8a4e8590db15d27;p=matthijs%2Fservers%2Fdrsnuggles.git Merge commit 'origin/template' into mail * commit 'origin/template': rsyslog: Make the main queue disk-assisted as well. rsyslog: Enable queuing of log messages. nss: Add some comments. rsyslog: Send all logs to the log vserver. rsyslog: Move all rsyslog log files into a subdir. rsyslog: Update logrotate config to new rsyslog config. rsyslog: Add default logrotate config. rsyslog: Disable logging of kernel messages. rsyslog: Enable loggin of mark lines. rsyslog: Clean up rsyslog configuration. rsyslog: Add default configuration. pam: Add pam_permit to the auth section of chfn. nss: Update to use our custom LDAP schema. apt: Set the Default-Release to "stable". Conflicts: etc/rsyslog.conf --- diff --git a/etc/apt/apt.conf.d/10default-release b/etc/apt/apt.conf.d/10default-release new file mode 100644 index 0000000..4143a94 --- /dev/null +++ b/etc/apt/apt.conf.d/10default-release @@ -0,0 +1 @@ +APT::Default-Release "stable"; diff --git a/etc/libnss-ldap.conf b/etc/libnss-ldap.conf index d4991e1..32b8645 100644 --- a/etc/libnss-ldap.conf +++ b/etc/libnss-ldap.conf @@ -11,3 +11,12 @@ uri ldap://ldap.drsnuggles.stderr.nl # The LDAP version to use ldap_version 3 + +# Use the uniqueMember property, referring to dn's instead of the memberUid +# property referring to usernames. This allows us to have group members with or +# without an account, and give a group member an account without having to +# change all his memberships. +nss_schema rfc2307bis + +# Use our custom posixGroup replacement +nss_map_objectclass posixGroup simplePosixGroup diff --git a/etc/logrotate.d/rsyslog b/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..5682508 --- /dev/null +++ b/etc/logrotate.d/rsyslog @@ -0,0 +1,26 @@ +/var/log/rsyslog/syslog +{ + rotate 7 + daily + missingok + notifempty + delaycompress + compress + postrotate + invoke-rc.d rsyslog reload > /dev/null + endscript +} + +/var/log/rsyslog/*.log +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + invoke-rc.d rsyslog reload > /dev/null + endscript +} diff --git a/etc/pam.d/chfn b/etc/pam.d/chfn index efbc34b..58e1d48 100644 --- a/etc/pam.d/chfn +++ b/etc/pam.d/chfn @@ -4,3 +4,4 @@ # This allows only root to change user infomation at all. auth required pam_rootok.so +account required pam_permit.so diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index d88cb68..c6e706b 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -9,17 +9,8 @@ ################# $ModLoad imuxsock # provides support for local system logging -$ModLoad imklog # provides kernel logging support (previously done by rklogd) -#$ModLoad immark # provides --MARK-- message capability - -# provides UDP syslog reception -#$ModLoad imudp -#$UDPServerRun 514 - -# provides TCP syslog reception -#$ModLoad imtcp -#$InputTCPServerRun 514 - +$ModLoad immark # provides --MARK-- message capability +$MarkMessagePeriod 900 # mark messages appear every 15 Minutes ########################### #### GLOBAL DIRECTIVES #### @@ -44,72 +35,69 @@ $DirCreateMode 0755 # $IncludeConfig /etc/rsyslog.d/*.conf +# Store any queues here. This directory is not created automatically, so it +# must already exist! +$WorkDirectory /var/spool/rsyslog + +# Use a (disk-assisted) main queue +# Use a linked list for queueing +$MainMsgQueueType LinkedList +# Name to use for the queue file +$MainMsgQueueFileName main +# save in-memory data if rsyslog shuts down +$MainMsgQueueSaveOnShutdown on + +####################### +#### Local logging #### +####################### + +# +# Log each facility into its own log +auth,authpriv.* /var/log/rsyslog/auth.log +cron.* -/var/log/rsyslog/user.log +daemon.* -/var/log/rsyslog/daemon.log +kern.* -/var/log/rsyslog/kern.log +lpr.* -/var/log/rsyslog/lpr.log +mail.* -/var/log/rsyslog/mail.log +user.* -/var/log/rsyslog/user.log +local0,local1,local2,\ + local3,local4,local5,\ + local6,local7.* -/var/log/rsyslog/local.log + +# Omitted facilities: syslog, news, uucp, ftp + +# All logs end up in syslog as weel as the corresponding facility log above +# (except for auth, mail which only end up in the facility log for privacy +# reasons and debug which only ends up in the debug log below to prevent +# flooding). +*.*;\ + *.!=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/rsyslog/syslog -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -#cron.* /var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files. -# -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system. -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files. -# +# Debug entries end up in debug.log as well as the corresponding facility log +# above (except for auth and mail, which only end up in the facility logs for +# privacy reasons). *.=debug;\ auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - + news.none;mail.none -/var/log/rsyslog/debug.log # # Emergencies are sent to everybody logged in. # *.emerg * -# -# I like to have messages displayed on the console, but only on a virtual -# console I usually leave idle. -# -#daemon,mail.*;\ -# news.=crit;news.=err;news.=notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn /dev/tty8 - -# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, -# you must invoke `xconsole' with the `-file' option: -# -# $ xconsole -file /dev/xconsole [...] -# -# NOTE: adjust the list below, or you'll go crazy if you have a reasonably -# busy site.. -# -daemon.*;mail.*;\ - news.err;\ - *.=debug;*.=info;\ - *.=notice;*.=warn |/dev/xconsole +######################## +#### Remote logging #### +######################## + +# Send all log entries to the log vserver, but queue them in memory as well as +# on disk if needed. +# Use a linked list for queueing +$ActionQueueType LinkedList +# Name to use for the queue file +$ActionQueueFileName remote +# infinite retries on insert failure +$ActionResumeRetryCount -1 +# save in-memory data if rsyslog shuts down +$ActionQueueSaveOnShutdown on +*.* @@log;RSYSLOG_SyslogProtocol23Format