free
/
freedombone
ウォッチ 1
お気に入りに登録 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
5442 コミット
5 ブランチ
ツリー: 47f0beb9bf
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'47f0beb9bf' から
${ noResults }
freedombone/src/freedombone-logging

freedombone-logging 10KB
履歴 Raw形式

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # Turn logging on or off

  12. 

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU Affero General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  26. # GNU Affero General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU Affero General Public License

  29. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. PROJECT_NAME='freedombone'

  32. 

  33. export TEXTDOMAIN=${PROJECT_NAME}-logging

  34. export TEXTDOMAINDIR="/usr/share/locale"

  35. 

  36. WEBSERVER_LOG_LEVEL='warn'

  37. 

  38. function turn_off_rsys_logging {

  39.     sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf

  40.     sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf

  41.     sed -i 's|mail.info.*|mail.info            /dev/null|g' /etc/rsyslog.conf

  42.     sed -i 's|mail.warn.*|mail.warn            /dev/null|g' /etc/rsyslog.conf

  43.     sed -i 's|mail.err.*|mail.err            /dev/null|g' /etc/rsyslog.conf

  44.     sed -i 's|daemon.\*.*|daemon.\*              /dev/null|g' /etc/rsyslog.conf

  45.     sed -i 's|mail.\*.*|mail.\*              /dev/null|g' /etc/rsyslog.conf

  46.     sed -i 's|user.\*.*|user.\*              /dev/null|g' /etc/rsyslog.conf

  47.     sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf

  48.     sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf

  49.     sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf

  50.     sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf

  51.     shred -zu /var/log/wtmp*

  52.     shred -zu /var/log/debug*

  53.     shred -zu /var/log/cron.*

  54.     shred -zu /var/log/auth.*

  55.     shred -zu /var/log/mail.*

  56.     shred -zu /var/log/daemon.*

  57.     shred -zu /var/log/user.*

  58.     shred -zu /var/log/messages*

  59. }

  60. 

  61. function turn_on_rsys_logging {

  62.     sed -i 's|mail,news.none.*|mail,news.none      -/var/log/messages|g' /etc/rsyslog.conf

  63.     sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /var/log/auth.log|g' /etc/rsyslog.conf

  64.     sed -i 's|mail.info.*|mail.info            -/var/log/mail.info|g' /etc/rsyslog.conf

  65.     sed -i 's|mail.warn.*|mail.warn            -/var/log/mail.warn|g' /etc/rsyslog.conf

  66.     sed -i 's|mail.err.*|mail.err            /var/log/mail.err|g' /etc/rsyslog.conf

  67.     sed -i 's|daemon.\*.*|daemon.\*              -/var/log/daemon.log|g' /etc/rsyslog.conf

  68.     sed -i 's|mail.\*.*|mail.\*              -/var/log/mail.log|g' /etc/rsyslog.conf

  69.     sed -i 's|user.\*.*|user.\*              -/var/log/user.log|g' /etc/rsyslog.conf

  70.     sed -i 's|news.none;mail.none.*|news.none;mail.none -/var/log/debug|g' /etc/rsyslog.conf

  71.     sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      -/var/log/syslog|g' /etc/rsyslog.conf

  72.     sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf

  73.     sed -i 's|cron.\*.*|cron.\*             /var/log/cron.log|g' /etc/rsyslog.conf

  74. }

  75. 

  76. if [ ! "$1" ]; then

  77.     exit 1

  78. fi

  79. 

  80. if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then

  81.     if [ -f /etc/fail2ban/fail2ban.conf ]; then

  82.         sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf

  83.         sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf

  84.     fi

  85.     if [ -d /etc/tor ]; then

  86.         if [ ! -f /var/log/tor.log ]; then

  87.             touch /var/log/tor.log

  88.             chown root:debian-tor /var/log/tor.log

  89.         fi

  90.         sed -i 's|#Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc

  91.         sed -i 's|Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc

  92.     fi

  93.     if [ -f /etc/mumble-server.ini ]; then

  94.         sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini

  95.     fi

  96.     if [ -f /etc/php5/fpm/php-fpm.conf ]; then

  97.         sed -i 's|error_log =.*|error_log = /var/log/php5-fpm.log|g' /etc/php5/fpm/php-fpm.conf

  98.     fi

  99.     if [ -d /etc/nginx ]; then

  100.         if [ ! -d /var/log/nginx ]; then

  101.             mkdir /var/log/nginx

  102.         fi

  103.         for filename in /etc/nginx/sites-available/* ; do

  104.             filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')

  105.             sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename

  106.             sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename

  107.         done

  108.         sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf

  109.         sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf

  110.     fi

  111.     if [ -f /etc/init.d/spamassassin ]; then

  112.         sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin

  113.     fi

  114.     if [ -d /etc/prosody ]; then

  115.         if [ ! -d /var/log/prosody ]; then

  116.             mkdir /var/log/prosody

  117.             chown root:adm /var/log/prosody

  118.         fi

  119.         sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua

  120.         sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua

  121.         sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua

  122.     fi

  123.     if [ -d /etc/exim4 ]; then

  124.         if [ ! -d /var/log/exim4 ]; then

  125.             mkdir /var/log/exim4

  126.         fi

  127.         sed -i 's|log_selector =.*|log_selector = MAIN_LOG_SELECTOR|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector

  128.     fi

  129.     if [ -f /etc/dovecot/dovecot.conf ]; then

  130.         sed -i 's|log_path =.*|log_path = /var/log/dovecot.log|g' /etc/dovecot/dovecot.conf

  131.         sed -i 's|info_log_path =.*|info_log_path = /var/log/dovecot-info.log|g' /etc/dovecot/dovecot.conf

  132.         sed -i 's|debug_log_path =.*|debug_log_path = /var/log/dovecot-debug.log|g' /etc/dovecot/dovecot.conf

  133.     fi

  134.     if [ -d /etc/mysql ]; then

  135.         if [ ! -d /var/log/mysql ]; then

  136.             mkdir /var/log/mysql

  137.         fi

  138.         sed -i 's|log_error =.*|log_error = /var/log/mysql/error.log|g' /etc/mysql/my.cnf

  139.     fi

  140.     turn_on_rsys_logging

  141. else

  142.     if [ -d /etc/tor ]; then

  143.         sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc

  144.         sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc

  145.         if [ -d /var/log/tor ]; then

  146.             shred -zu /var/log/tor/*

  147.             rm -rf /var/log/tor

  148.         fi

  149.     fi

  150.     if [ -f /etc/mumble-server.ini ]; then

  151.         sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini

  152.         if [ -d /var/log/mumble-server ]; then

  153.             shred -zu /var/log/mumble-server/*

  154.             rm -rf /var/log/mumble-server

  155.         fi

  156.     fi

  157.     if [ -d /var/log/radicale ]; then

  158.         shred -zu /var/log/radicale/*

  159.         rm -rf /var/log/radicale

  160.     fi

  161.     if [ -f /etc/php5/fpm/php-fpm.conf ]; then

  162.         sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php5/fpm/php-fpm.conf

  163.         shred -zu /var/log/php5-fpm.*

  164.     fi

  165.     if [ -d /etc/nginx ]; then

  166.         for filename in /etc/nginx/sites-available/* ; do

  167.             sed -i 's|access_log.*|access_log /dev/null;|g' $filename

  168.             sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename

  169.             sed -i 's|error_log.*|error_log /dev/null;|g' $filename

  170.         done

  171.         sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf

  172.         sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf

  173.         shred -zu /var/log/nginx/*

  174.     fi

  175.     if [ -f /etc/init.d/spamassassin ]; then

  176.         sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin

  177.     fi

  178.     if [ -d /etc/prosody ]; then

  179.         sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua

  180.         sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua

  181.         sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua

  182.         shred -zu /var/log/prosody/*

  183.         rm -rf /var/log/prosody

  184.     fi

  185.     if [ -d /etc/exim4 ]; then

  186.         sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector

  187.         shred -zu /var/log/exim4/*

  188.     fi

  189.     if [ -f /etc/dovecot/dovecot.conf ]; then

  190.         sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf

  191.         sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf

  192.         sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf

  193.         shred -zu /var/log/mail.*

  194.         shred -zu /var/log/dovecot*

  195.     fi

  196.     if [ -d /etc/mysql ]; then

  197.         if [ -d /var/log/mysql ]; then

  198.             shred -zu /var/log/mysql/*

  199.         fi

  200.         if [ -f /var/log/mysql.err ]; then

  201.             shred -zu /var/log/mysql.err

  202.         fi

  203.         if [ -f /var/log/mysql.log ]; then

  204.             shred -zu /var/log/mysql.log

  205.         fi

  206.         sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf

  207.     fi

  208.     if [ -f /etc/fail2ban/fail2ban.conf ]; then

  209.         sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf

  210.         sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf

  211.         shred -zu /var/log/fail2ban.*

  212.     fi

  213.     turn_off_rsys_logging

  214. fi

  215. 

  216. systemctl restart syslog

  217. if [ -d /etc/tor ]; then

  218.     if [[ "$2" != "--onion" ]]; then

  219.         systemctl restart tor

  220.     fi

  221. fi

  222. if [ -d /etc/nginx ]; then

  223.     systemctl restart php5-fpm

  224.     systemctl restart nginx

  225. fi

  226. if [ -f /etc/init.d/spamassassin ]; then

  227.     systemctl restart spamassassin

  228. fi

  229. if [ -d /etc/prosody ]; then

  230.     systemctl restart prosody

  231. fi

  232. if [ -d /etc/exim4 ]; then

  233.     systemctl restart exim4

  234. fi

  235. if [ -d /etc/dovecot ]; then

  236.     systemctl restart dovecot

  237. fi

  238. if [ -f /etc/mumble-server.ini ]; then

  239.     systemctl restart mumble-server

  240. fi

  241. if [ -d /var/www/radicale ]; then

  242.     systemctl restart radicale

  243. fi

  244. if [ -d /etc/fail2ban ]; then

  245.     systemctl restart fail2ban

  246. fi

  247. 

  248. exit 0