Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#
# Installs newsyslog, the program that we use for log rotation, and
# installs standard configuration and disables the system log rotation.
# Also installs filter-syslog, which we use for auditing system logs, and
# its basic configuration.
class base::newsyslog {
# Set the location of the pid file that is used in the
# newsyslog messages configuration file.
case $::operatingsystem {
'redhat': {
$messagesPIDFile = '/var/run/syslogd.pid'
}
default: { $messagesPIDFile = '/var/run/rsyslogd.pid' }
}
base::newsyslog::config { 'messages':
frequency => 'daily',
log_owner => $::lsbdistname ? {
'ubuntu' => 'syslog',
default => 'root',
},
log_mode => '640',
analyze => '/usr/bin/filter-syslog',
logs => [ 'messages' ],
restart => "hup $messagesPIDFile",
}
file {
'/etc/filter-syslog.conf':
source => 'puppet:///modules/base/newsyslog/etc/filter-syslog.conf';
'/etc/newsyslog.weekly/audit':
require => Package['newsyslog'],
source => 'puppet:///modules/base/newsyslog/etc/newsyslog.weekly/audit';
'/etc/newsyslog.monthly/wtmp':
require => Package['newsyslog'],
source => 'puppet:///modules/base/newsyslog/etc/newsyslog.monthly/wtmp';
'/var/log/btmp':
ensure => file,
mode => '0600';
}
# Ensure the configuration directory for filter-syslog exists.
file { '/etc/filter-syslog':
ensure => directory,
recurse => true,
purge => true,
}
# Ensure logrotate isn't installed on EL3 and EL4. EL5 will require
# special handling because the "rpm" package requires logrotate for some
# unknown reason. Only do this on Red Hat right now until the bug in Puppet
# for handling purged packages is fixed. We never install this on Debian
# so this is a no-op on Debian anyway.
case $::operatingsystem {
'redhat': {
# make sure that the daily logrotate cron is absent
file { '/etc/cron.daily/logrotate':
ensure => absent,
}
# remove logrotate on rhel3 4 (unable to do this on rhel 5.3)
case $::lsbdistrelease {
'3', '4': {
package {
'logrotate':
ensure => absent;
'conman':
ensure => absent,
before => Package['logrotate'];
}
}
default: {}
}
}
default: {}
}
# Ensure that newsyslog package and others related are installed.
package {
'filter-syslog': ensure => present;
'newsyslog': ensure => present;
}
# Debian ships with a couple of cron jobs that do the syslog file
# rotation. Make sure we disable them as well. Also clean up after old
# versions of stanford-server and remove the logrotate package if it's
# gotten accidentally installed.
case $::operatingsystem {
'debian', 'ubuntu': {
package { 'logrotate': ensure => absent }
file {
'/etc/cron.daily/sysklogd': ensure => absent;
'/etc/cron.weekly/sysklogd': ensure => absent;
'/etc/newsyslog.daily/syslog': ensure => absent;
}
}
default: {}
}
}
class base::newsyslog::skewed inherits base::newsyslog {
file {
'/etc/cron.daily/newsyslog':
source => 'puppet:///modules/base/newsyslog/etc/cron.daily/newsyslog';
}
}
class base::newsyslog::disabled {
# For RHEL6 and Ubuntu 12.04, the stack is rsyslogd, logrotate, optionally
# filter-syslog. We don't care about older releases.
# Step 1: Can I just not include base::newsyslog?
# A: Yes, but the build system puts newsyslog there, so need to remove config
# Actually need to install package since some modules (e.g. munin) have
# newsyslog rules that depend on the puppet package resource newsyslog
package { 'newsyslog': ensure => present; }
# we can leave /etc/newsyslog.* directories in place
# logrotate cron files are put there by logrotate package
file {
'/etc/cron.daily/newsyslog': ensure => absent;
'/etc/cron.weekly/newsyslog': ensure => absent;
'/etc/cron.monthly/newsyslog': ensure => absent;
}
}