freedombone-logging 9.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285
  1. #!/bin/bash
  2. # _____ _ _
  3. # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
  4. # | __| _| -_| -_| . | . | | . | . | | -_|
  5. # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
  6. #
  7. # Freedom in the Cloud
  8. #
  9. # Turn logging on or off
  10. # License
  11. # =======
  12. #
  13. # Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
  14. #
  15. # This program is free software: you can redistribute it and/or modify
  16. # it under the terms of the GNU Affero General Public License as published by
  17. # the Free Software Foundation, either version 3 of the License, or
  18. # (at your option) any later version.
  19. #
  20. # This program is distributed in the hope that it will be useful,
  21. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. # GNU Affero General Public License for more details.
  24. #
  25. # You should have received a copy of the GNU Affero General Public License
  26. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  27. PROJECT_NAME='freedombone'
  28. export TEXTDOMAIN=${PROJECT_NAME}-logging
  29. export TEXTDOMAINDIR="/usr/share/locale"
  30. WEBSERVER_LOG_LEVEL='warn'
  31. # Shredding could be used here, but especially on microSD
  32. # or SSD it's debatable how useful shredding really is.
  33. # Also the shred command can be very slow on Beaglebone Black
  34. REMOVE_FILES_COMMAND='rm -rf'
  35. source /usr/local/bin/${PROJECT_NAME}-vars
  36. UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
  37. for f in $UTILS_FILES
  38. do
  39. source "$f"
  40. done
  41. APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
  42. for f in $APP_FILES
  43. do
  44. source "$f"
  45. done
  46. APPS_AVAILABLE=()
  47. function logging_get_app_names {
  48. FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
  49. for filename in $FILES
  50. do
  51. app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
  52. if grep -q "logging_on_" "${filename}"; then
  53. if grep -q "logging_off_" "${filename}"; then
  54. APPS_AVAILABLE+=("${app_name}")
  55. fi
  56. fi
  57. done
  58. }
  59. function turn_logging_on {
  60. logging_get_app_names
  61. # shellcheck disable=SC2068
  62. for a in ${APPS_AVAILABLE[@]}
  63. do
  64. echo $"Turning on logging for ${a}"
  65. "logging_on_${a}"
  66. done
  67. }
  68. function turn_logging_off {
  69. logging_get_app_names
  70. # shellcheck disable=SC2068
  71. for a in ${APPS_AVAILABLE[@]}
  72. do
  73. echo $"Turning off logging for ${a}"
  74. "logging_off_${a}"
  75. done
  76. }
  77. function turn_on_rsys_logging {
  78. save_rsys_header
  79. { echo 'auth,authpriv.* /var/log/auth.log';
  80. echo '*.*;auth,authpriv.none -/var/log/syslog';
  81. echo 'cron.* /var/log/cron.log';
  82. echo 'daemon.* -/var/log/daemon.log';
  83. echo 'kern.* -/var/log/kern.log';
  84. echo 'lpr.* -/var/log/lpr.log';
  85. echo 'mail.* -/var/log/mail.log';
  86. echo 'user.* -/var/log/user.log';
  87. echo '';
  88. echo 'mail.info -/var/log/mail.info';
  89. echo 'mail.warn -/var/log/mail.warn';
  90. echo 'mail.err /var/log/mail.err';
  91. echo '';
  92. echo "*.=debug;\\";
  93. echo " auth,authpriv.none;\\";
  94. echo ' news.none;mail.none -/var/log/debug';
  95. echo "*.=info;*.=notice;*.=warn;\\";
  96. echo " auth,authpriv.none;\\";
  97. echo " cron,daemon.none;\\";
  98. echo ' mail,news.none -/var/log/messages';
  99. echo '';
  100. echo '*.emerg :omusrmsg:*'; } >> /etc/rsyslog.conf
  101. }
  102. if [ ! "$1" ]; then
  103. exit 1
  104. fi
  105. if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
  106. turn_logging_on
  107. if [ -d /etc/tor ]; then
  108. if [ ! -d /var/log/tor ]; then
  109. mkdir /var/log/tor
  110. chown -R debian-tor:adm /var/log/tor
  111. fi
  112. if [ ! -f /var/log/tor/notices.log ]; then
  113. touch /var/log/tor/notices.log
  114. chown debian-tor:adm /var/log/tor/notices.log
  115. fi
  116. echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
  117. fi
  118. if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
  119. sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
  120. fi
  121. if [ -d /etc/nginx ]; then
  122. if [ ! -d /var/log/nginx ]; then
  123. mkdir /var/log/nginx
  124. fi
  125. for filename in /etc/nginx/sites-available/* ; do
  126. filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
  127. sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
  128. sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
  129. done
  130. sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
  131. sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
  132. fi
  133. if [ -f /etc/init.d/spamassassin ]; then
  134. sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
  135. fi
  136. if [ -d /etc/exim4 ]; then
  137. if [ ! -d /var/log/exim4 ]; then
  138. mkdir /var/log/exim4
  139. fi
  140. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  141. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/exim4.conf.template
  142. sed -i 's|log_selector =.*|log_selector = MAIN_LOG_SELECTOR|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
  143. fi
  144. if [ -f /etc/dovecot/dovecot.conf ]; then
  145. sed -i 's|log_path =.*|log_path = /var/log/dovecot.log|g' /etc/dovecot/dovecot.conf
  146. sed -i 's|info_log_path =.*|info_log_path = /var/log/dovecot-info.log|g' /etc/dovecot/dovecot.conf
  147. sed -i 's|debug_log_path =.*|debug_log_path = /var/log/dovecot-debug.log|g' /etc/dovecot/dovecot.conf
  148. fi
  149. if [ -d /etc/mysql ]; then
  150. if [ ! -d /var/log/mysql ]; then
  151. mkdir /var/log/mysql
  152. fi
  153. if [ -f /etc/mysql/my.cnf ]; then
  154. sed -i 's|log_error =.*|log_error = /var/log/mysql/error.log|g' /etc/mysql/my.cnf
  155. fi
  156. fi
  157. turn_on_rsys_logging
  158. turn_on_postgresql_logging
  159. else
  160. turn_logging_off
  161. if [ -d /etc/tor ]; then
  162. echo 'Log notice file /dev/null' > /etc/torrc.d/logging
  163. rm /var/log/tor/*
  164. fi
  165. if [ -d /var/log/radicale ]; then
  166. $REMOVE_FILES_COMMAND /var/log/radicale/*
  167. rm -rf /var/log/radicale
  168. fi
  169. if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
  170. sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf
  171. $REMOVE_FILES_COMMAND /var/log/php-fpm.*
  172. fi
  173. if [ -d /etc/nginx ]; then
  174. for filename in /etc/nginx/sites-available/* ; do
  175. sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
  176. sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
  177. sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
  178. done
  179. sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
  180. sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
  181. $REMOVE_FILES_COMMAND /var/log/nginx/*
  182. fi
  183. if [ -f /etc/init.d/spamassassin ]; then
  184. sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
  185. fi
  186. if [ -d /etc/exim4 ]; then
  187. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  188. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
  189. sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
  190. $REMOVE_FILES_COMMAND /var/log/exim4/*
  191. fi
  192. if [ -f /etc/dovecot/dovecot.conf ]; then
  193. sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
  194. sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
  195. sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
  196. $REMOVE_FILES_COMMAND /var/log/mail.*
  197. $REMOVE_FILES_COMMAND /var/log/dovecot*
  198. fi
  199. if [ -d /etc/mysql ]; then
  200. if [ -d /var/log/mysql ]; then
  201. $REMOVE_FILES_COMMAND /var/log/mysql/*
  202. fi
  203. if [ -f /var/log/mysql.err ]; then
  204. $REMOVE_FILES_COMMAND /var/log/mysql.err
  205. fi
  206. if [ -f /var/log/mysql.log ]; then
  207. $REMOVE_FILES_COMMAND /var/log/mysql.log
  208. fi
  209. if [ -f /etc/mysql/my.cnf ]; then
  210. sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
  211. fi
  212. fi
  213. turn_off_rsys_logging
  214. turn_off_postgresql_logging
  215. fi
  216. if [ -d /etc/exim4 ]; then
  217. update-exim4.conf.template -r
  218. update-exim4.conf
  219. dpkg-reconfigure --frontend noninteractive exim4-config
  220. fi
  221. if [[ "$2" == "--reboot"* || "$2" == "--restart"* ]]; then
  222. # if we are rebooting anyway then there is no need to
  223. # restart the daemons
  224. exit 0
  225. fi
  226. if [ -d /etc/exim4 ]; then
  227. systemctl restart exim4
  228. fi
  229. systemctl restart syslog
  230. if [ -d /etc/tor ]; then
  231. if [[ "$2" != "--onion" ]]; then
  232. systemctl restart tor
  233. fi
  234. fi
  235. if [ -d /etc/nginx ]; then
  236. systemctl restart php7.0-fpm
  237. systemctl restart nginx
  238. fi
  239. if [ -f /etc/init.d/spamassassin ]; then
  240. systemctl restart spamassassin
  241. fi
  242. if [ -d /etc/prosody ]; then
  243. systemctl restart prosody
  244. fi
  245. if [ -d /etc/dovecot ]; then
  246. systemctl restart dovecot
  247. fi
  248. if [ -f /etc/mumble-server.ini ]; then
  249. systemctl restart mumble-server
  250. fi
  251. if [ -d /var/www/radicale ]; then
  252. systemctl restart radicale
  253. fi
  254. if [ -d /etc/matrix ]; then
  255. systemctl restart matrix
  256. fi
  257. if [ -d /etc/postgresql ]; then
  258. systemctl restart postgresql
  259. fi
  260. exit 0