123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285 |
- #!/bin/bash
- # _____ _ _
- # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
- # | __| _| -_| -_| . | . | | . | . | | -_|
- # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
- #
- # Freedom in the Cloud
- #
- # Turn logging on or off
-
- # License
- # =======
- #
- # Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
- #
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU Affero General Public License as published by
- # the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU Affero General Public License for more details.
- #
- # You should have received a copy of the GNU Affero General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
-
- PROJECT_NAME='freedombone'
-
- export TEXTDOMAIN=${PROJECT_NAME}-logging
- export TEXTDOMAINDIR="/usr/share/locale"
-
- WEBSERVER_LOG_LEVEL='warn'
-
- # Shredding could be used here, but especially on microSD
- # or SSD it's debatable how useful shredding really is.
- # Also the shred command can be very slow on Beaglebone Black
- REMOVE_FILES_COMMAND='rm -rf'
-
- source /usr/local/bin/${PROJECT_NAME}-vars
-
- UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
- for f in $UTILS_FILES
- do
- source "$f"
- done
-
- APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
- for f in $APP_FILES
- do
- source "$f"
- done
-
- APPS_AVAILABLE=()
-
- function logging_get_app_names {
- FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
-
- for filename in $FILES
- do
- app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
- if grep -q "logging_on_" "${filename}"; then
- if grep -q "logging_off_" "${filename}"; then
- APPS_AVAILABLE+=("${app_name}")
- fi
- fi
- done
- }
-
- function turn_logging_on {
- logging_get_app_names
-
- # shellcheck disable=SC2068
- for a in ${APPS_AVAILABLE[@]}
- do
- echo $"Turning on logging for ${a}"
- "logging_on_${a}"
- done
- }
-
- function turn_logging_off {
- logging_get_app_names
-
- # shellcheck disable=SC2068
- for a in ${APPS_AVAILABLE[@]}
- do
- echo $"Turning off logging for ${a}"
- "logging_off_${a}"
- done
- }
-
- function turn_on_rsys_logging {
- save_rsys_header
-
- { echo 'auth,authpriv.* /var/log/auth.log';
- echo '*.*;auth,authpriv.none -/var/log/syslog';
- echo 'cron.* /var/log/cron.log';
- echo 'daemon.* -/var/log/daemon.log';
- echo 'kern.* -/var/log/kern.log';
- echo 'lpr.* -/var/log/lpr.log';
- echo 'mail.* -/var/log/mail.log';
- echo 'user.* -/var/log/user.log';
- echo '';
- echo 'mail.info -/var/log/mail.info';
- echo 'mail.warn -/var/log/mail.warn';
- echo 'mail.err /var/log/mail.err';
- echo '';
- echo "*.=debug;\\";
- echo " auth,authpriv.none;\\";
- echo ' news.none;mail.none -/var/log/debug';
- echo "*.=info;*.=notice;*.=warn;\\";
- echo " auth,authpriv.none;\\";
- echo " cron,daemon.none;\\";
- echo ' mail,news.none -/var/log/messages';
- echo '';
- echo '*.emerg :omusrmsg:*'; } >> /etc/rsyslog.conf
- }
-
- if [ ! "$1" ]; then
- exit 1
- fi
-
- if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
- turn_logging_on
-
- if [ -d /etc/tor ]; then
- if [ ! -d /var/log/tor ]; then
- mkdir /var/log/tor
- chown -R debian-tor:adm /var/log/tor
- fi
- if [ ! -f /var/log/tor/notices.log ]; then
- touch /var/log/tor/notices.log
- chown debian-tor:adm /var/log/tor/notices.log
- fi
- echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
- fi
- if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
- sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
- fi
- if [ -d /etc/nginx ]; then
- if [ ! -d /var/log/nginx ]; then
- mkdir /var/log/nginx
- fi
- for filename in /etc/nginx/sites-available/* ; do
- filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
- sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
- sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
- done
- sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
- sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
- fi
- if [ -f /etc/init.d/spamassassin ]; then
- sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
- fi
- if [ -d /etc/exim4 ]; then
- if [ ! -d /var/log/exim4 ]; then
- mkdir /var/log/exim4
- fi
- sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
- sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/exim4.conf.template
- sed -i 's|log_selector =.*|log_selector = MAIN_LOG_SELECTOR|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
- fi
- if [ -f /etc/dovecot/dovecot.conf ]; then
- sed -i 's|log_path =.*|log_path = /var/log/dovecot.log|g' /etc/dovecot/dovecot.conf
- sed -i 's|info_log_path =.*|info_log_path = /var/log/dovecot-info.log|g' /etc/dovecot/dovecot.conf
- sed -i 's|debug_log_path =.*|debug_log_path = /var/log/dovecot-debug.log|g' /etc/dovecot/dovecot.conf
- fi
- if [ -d /etc/mysql ]; then
- if [ ! -d /var/log/mysql ]; then
- mkdir /var/log/mysql
- fi
- if [ -f /etc/mysql/my.cnf ]; then
- sed -i 's|log_error =.*|log_error = /var/log/mysql/error.log|g' /etc/mysql/my.cnf
- fi
- fi
- turn_on_rsys_logging
- turn_on_postgresql_logging
- else
- turn_logging_off
-
- if [ -d /etc/tor ]; then
- echo 'Log notice file /dev/null' > /etc/torrc.d/logging
- rm /var/log/tor/*
- fi
- if [ -d /var/log/radicale ]; then
- $REMOVE_FILES_COMMAND /var/log/radicale/*
- rm -rf /var/log/radicale
- fi
- if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
- sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf
- $REMOVE_FILES_COMMAND /var/log/php-fpm.*
- fi
- if [ -d /etc/nginx ]; then
- for filename in /etc/nginx/sites-available/* ; do
- sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
- sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
- sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
- done
- sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
- sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
- $REMOVE_FILES_COMMAND /var/log/nginx/*
- fi
- if [ -f /etc/init.d/spamassassin ]; then
- sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
- fi
- if [ -d /etc/exim4 ]; then
- sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
- sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
- sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
- $REMOVE_FILES_COMMAND /var/log/exim4/*
- fi
- if [ -f /etc/dovecot/dovecot.conf ]; then
- sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
- sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
- sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
- $REMOVE_FILES_COMMAND /var/log/mail.*
- $REMOVE_FILES_COMMAND /var/log/dovecot*
- fi
- if [ -d /etc/mysql ]; then
- if [ -d /var/log/mysql ]; then
- $REMOVE_FILES_COMMAND /var/log/mysql/*
- fi
- if [ -f /var/log/mysql.err ]; then
- $REMOVE_FILES_COMMAND /var/log/mysql.err
- fi
- if [ -f /var/log/mysql.log ]; then
- $REMOVE_FILES_COMMAND /var/log/mysql.log
- fi
- if [ -f /etc/mysql/my.cnf ]; then
- sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
- fi
- fi
- turn_off_rsys_logging
- turn_off_postgresql_logging
- fi
-
- if [ -d /etc/exim4 ]; then
- update-exim4.conf.template -r
- update-exim4.conf
- dpkg-reconfigure --frontend noninteractive exim4-config
- fi
-
- if [[ "$2" == "--reboot"* || "$2" == "--restart"* ]]; then
- # if we are rebooting anyway then there is no need to
- # restart the daemons
- exit 0
- fi
-
- if [ -d /etc/exim4 ]; then
- systemctl restart exim4
- fi
- systemctl restart syslog
- if [ -d /etc/tor ]; then
- if [[ "$2" != "--onion" ]]; then
- systemctl restart tor
- fi
- fi
- if [ -d /etc/nginx ]; then
- systemctl restart php7.0-fpm
- systemctl restart nginx
- fi
- if [ -f /etc/init.d/spamassassin ]; then
- systemctl restart spamassassin
- fi
- if [ -d /etc/prosody ]; then
- systemctl restart prosody
- fi
- if [ -d /etc/dovecot ]; then
- systemctl restart dovecot
- fi
- if [ -f /etc/mumble-server.ini ]; then
- systemctl restart mumble-server
- fi
- if [ -d /var/www/radicale ]; then
- systemctl restart radicale
- fi
- if [ -d /etc/matrix ]; then
- systemctl restart matrix
- fi
- if [ -d /etc/postgresql ]; then
- systemctl restart postgresql
- fi
-
- exit 0
|