freedombone-logging 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # Turn logging on or off
  12. # License
  13. # =======
  14. #
  15. # Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
  16. #
  17. # This program is free software: you can redistribute it and/or modify
  18. # it under the terms of the GNU Affero General Public License as published by
  19. # the Free Software Foundation, either version 3 of the License, or
  20. # (at your option) any later version.
  21. #
  22. # This program is distributed in the hope that it will be useful,
  23. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. # GNU Affero General Public License for more details.
  26. #
  27. # You should have received a copy of the GNU Affero General Public License
  28. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  29. PROJECT_NAME='freedombone'
  30. export TEXTDOMAIN=${PROJECT_NAME}-logging
  31. export TEXTDOMAINDIR="/usr/share/locale"
  32. WEBSERVER_LOG_LEVEL='warn'
  33. function turn_off_rsys_logging {
  34. sed -i 's|mail,news.none.*|mail,news.none /dev/null|g' /etc/rsyslog.conf
  35. sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /dev/null|g' /etc/rsyslog.conf
  36. sed -i 's|mail.info.*|mail.info /dev/null|g' /etc/rsyslog.conf
  37. sed -i 's|mail.warn.*|mail.warn /dev/null|g' /etc/rsyslog.conf
  38. sed -i 's|mail.err.*|mail.err /dev/null|g' /etc/rsyslog.conf
  39. sed -i 's|daemon.\*.*|daemon.\* /dev/null|g' /etc/rsyslog.conf
  40. sed -i 's|mail.\*.*|mail.\* /dev/null|g' /etc/rsyslog.conf
  41. sed -i 's|user.\*.*|user.\* /dev/null|g' /etc/rsyslog.conf
  42. sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
  43. sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none /dev/null|g' /etc/rsyslog.conf
  44. sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
  45. sed -i 's|cron.\*.*|cron.\* /dev/null|g' /etc/rsyslog.conf
  46. shred -zu /var/log/wtmp*
  47. shred -zu /var/log/debug*
  48. shred -zu /var/log/cron.*
  49. shred -zu /var/log/auth.*
  50. shred -zu /var/log/mail.*
  51. shred -zu /var/log/daemon.*
  52. shred -zu /var/log/user.*
  53. shred -zu /var/log/messages*
  54. }
  55. function turn_on_rsys_logging {
  56. sed -i 's|mail,news.none.*|mail,news.none -/var/log/messages|g' /etc/rsyslog.conf
  57. sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /var/log/auth.log|g' /etc/rsyslog.conf
  58. sed -i 's|mail.info.*|mail.info -/var/log/mail.info|g' /etc/rsyslog.conf
  59. sed -i 's|mail.warn.*|mail.warn -/var/log/mail.warn|g' /etc/rsyslog.conf
  60. sed -i 's|mail.err.*|mail.err /var/log/mail.err|g' /etc/rsyslog.conf
  61. sed -i 's|daemon.\*.*|daemon.\* -/var/log/daemon.log|g' /etc/rsyslog.conf
  62. sed -i 's|mail.\*.*|mail.\* -/var/log/mail.log|g' /etc/rsyslog.conf
  63. sed -i 's|user.\*.*|user.\* -/var/log/user.log|g' /etc/rsyslog.conf
  64. sed -i 's|news.none;mail.none.*|news.none;mail.none -/var/log/debug|g' /etc/rsyslog.conf
  65. sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none -/var/log/syslog|g' /etc/rsyslog.conf
  66. sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
  67. sed -i 's|cron.\*.*|cron.\* /var/log/cron.log|g' /etc/rsyslog.conf
  68. }
  69. if [ ! "$1" ]; then
  70. exit 1
  71. fi
  72. if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
  73. if [ -f /etc/fail2ban/fail2ban.conf ]; then
  74. sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
  75. sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
  76. fi
  77. if [ -f /var/lib/matrix/homeserver.yaml ]; then
  78. sed -i 's|log_file:.*|log_file: /var/lib/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
  79. fi
  80. if [ -d /etc/tor ]; then
  81. if [ ! -f /var/log/tor.log ]; then
  82. touch /var/log/tor.log
  83. chown debian-tor:debian-tor /var/log/tor.log
  84. fi
  85. sed -i 's|#Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
  86. sed -i 's|Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
  87. fi
  88. if [ -f /etc/mumble-server.ini ]; then
  89. sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
  90. fi
  91. if [ -f /etc/php5/fpm/php-fpm.conf ]; then
  92. sed -i 's|error_log =.*|error_log = /var/log/php5-fpm.log|g' /etc/php5/fpm/php-fpm.conf
  93. fi
  94. if [ -d /etc/nginx ]; then
  95. if [ ! -d /var/log/nginx ]; then
  96. mkdir /var/log/nginx
  97. fi
  98. for filename in /etc/nginx/sites-available/* ; do
  99. filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
  100. sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename
  101. sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename
  102. done
  103. sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
  104. sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
  105. fi
  106. if [ -f /etc/init.d/spamassassin ]; then
  107. sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
  108. fi
  109. if [ -d /etc/prosody ]; then
  110. if [ ! -d /var/log/prosody ]; then
  111. mkdir /var/log/prosody
  112. chown root:adm /var/log/prosody
  113. fi
  114. sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
  115. sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
  116. sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
  117. fi
  118. if [ -d /etc/exim4 ]; then
  119. if [ ! -d /var/log/exim4 ]; then
  120. mkdir /var/log/exim4
  121. fi
  122. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  123. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = +tls_peerdn|g' /etc/exim4/exim4.conf.template
  124. sed -i 's|log_selector =.*|log_selector = MAIN_LOG_SELECTOR|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
  125. fi
  126. if [ -f /etc/dovecot/dovecot.conf ]; then
  127. sed -i 's|log_path =.*|log_path = /var/log/dovecot.log|g' /etc/dovecot/dovecot.conf
  128. sed -i 's|info_log_path =.*|info_log_path = /var/log/dovecot-info.log|g' /etc/dovecot/dovecot.conf
  129. sed -i 's|debug_log_path =.*|debug_log_path = /var/log/dovecot-debug.log|g' /etc/dovecot/dovecot.conf
  130. fi
  131. if [ -d /etc/mysql ]; then
  132. if [ ! -d /var/log/mysql ]; then
  133. mkdir /var/log/mysql
  134. fi
  135. if [ -f /etc/mysql/my.cnf ]; then
  136. sed -i 's|log_error =.*|log_error = /var/log/mysql/error.log|g' /etc/mysql/my.cnf
  137. fi
  138. fi
  139. turn_on_rsys_logging
  140. else
  141. if [ -f /var/lib/matrix/homeserver.yaml ]; then
  142. sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
  143. fi
  144. if [ -d /etc/tor ]; then
  145. sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
  146. sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
  147. if [ -d /var/log/tor ]; then
  148. shred -zu /var/log/tor/*
  149. rm -rf /var/log/tor
  150. fi
  151. fi
  152. if [ -f /etc/mumble-server.ini ]; then
  153. sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
  154. if [ -d /var/log/mumble-server ]; then
  155. shred -zu /var/log/mumble-server/*
  156. rm -rf /var/log/mumble-server
  157. fi
  158. fi
  159. if [ -d /var/log/radicale ]; then
  160. shred -zu /var/log/radicale/*
  161. rm -rf /var/log/radicale
  162. fi
  163. if [ -f /etc/php5/fpm/php-fpm.conf ]; then
  164. sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php5/fpm/php-fpm.conf
  165. shred -zu /var/log/php5-fpm.*
  166. fi
  167. if [ -d /etc/nginx ]; then
  168. for filename in /etc/nginx/sites-available/* ; do
  169. sed -i 's|access_log.*|access_log /dev/null;|g' $filename
  170. sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename
  171. sed -i 's|error_log.*|error_log /dev/null;|g' $filename
  172. done
  173. sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
  174. sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
  175. shred -zu /var/log/nginx/*
  176. fi
  177. if [ -f /etc/init.d/spamassassin ]; then
  178. sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
  179. fi
  180. if [ -d /etc/prosody ]; then
  181. sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
  182. sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
  183. sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
  184. shred -zu /var/log/prosody/*
  185. rm -rf /var/log/prosody
  186. fi
  187. if [ -d /etc/exim4 ]; then
  188. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
  189. sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
  190. sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
  191. shred -zu /var/log/exim4/*
  192. fi
  193. if [ -f /etc/dovecot/dovecot.conf ]; then
  194. sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
  195. sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
  196. sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
  197. shred -zu /var/log/mail.*
  198. shred -zu /var/log/dovecot*
  199. fi
  200. if [ -d /etc/mysql ]; then
  201. if [ -d /var/log/mysql ]; then
  202. shred -zu /var/log/mysql/*
  203. fi
  204. if [ -f /var/log/mysql.err ]; then
  205. shred -zu /var/log/mysql.err
  206. fi
  207. if [ -f /var/log/mysql.log ]; then
  208. shred -zu /var/log/mysql.log
  209. fi
  210. if [ -f /etc/mysql/my.cnf ]; then
  211. sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
  212. fi
  213. fi
  214. if [ -f /etc/fail2ban/fail2ban.conf ]; then
  215. sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
  216. sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
  217. shred -zu /var/log/fail2ban.*
  218. fi
  219. turn_off_rsys_logging
  220. fi
  221. systemctl restart syslog
  222. if [ -d /etc/tor ]; then
  223. if [[ "$2" != "--onion" ]]; then
  224. systemctl restart tor
  225. fi
  226. fi
  227. if [ -d /etc/nginx ]; then
  228. systemctl restart php5-fpm
  229. systemctl restart nginx
  230. fi
  231. if [ -f /etc/init.d/spamassassin ]; then
  232. systemctl restart spamassassin
  233. fi
  234. if [ -d /etc/prosody ]; then
  235. systemctl restart prosody
  236. fi
  237. if [ -d /etc/exim4 ]; then
  238. update-exim4.conf.template -r
  239. update-exim4.conf
  240. dpkg-reconfigure --frontend noninteractive exim4-config
  241. systemctl restart exim4
  242. fi
  243. if [ -d /etc/dovecot ]; then
  244. systemctl restart dovecot
  245. fi
  246. if [ -f /etc/mumble-server.ini ]; then
  247. systemctl restart mumble-server
  248. fi
  249. if [ -d /var/www/radicale ]; then
  250. systemctl restart radicale
  251. fi
  252. if [ -d /etc/fail2ban ]; then
  253. systemctl restart fail2ban
  254. fi
  255. if [ -f /var/lib/matrix/homeserver.yaml ]; then
  256. systemctl restart matrix
  257. fi
  258. exit 0