# Installs newsyslog, the program that we use for log rotation, and installs
# standard configuration and disables logrotate and the default system log
# rotation.  Also installs filter-syslog, which we use for auditing system
# logs, and its basic configuration.

class base::newsyslog {
  package {
    'filter-syslog': ensure => present;
    'newsyslog':     ensure => present;
  }

  # Remove or disable logrotate, since otherwise it will fight with newsyslog.
  # We can't actually remove it on Red Hat 5 and above because it's required
  # by other packages.
  case $::operatingsystem {
    'debian', 'ubuntu': {
      package { 'logrotate': ensure => absent }
    }

    'redhat': {
      if $::lsbdistrelease == '4' {
        package {
          'logrotate':
            ensure => absent;
          'conman':
            ensure => absent,
            before => Package['logrotate'];
        }
      }

      # Even if we weren't able to remove the package, ensure the cron job
      # that runs it is gone.
      file { '/etc/cron.daily/logrotate': ensure => absent }
    }

    default: {
    }
  }

  # Determine the PID file location for the HUP action in the default messages
  # configuration.  Red Hat uses syslogd and Debian uses rsyslogd.
  case $::operatingsystem {
    'redhat': { $pid_file = '/var/run/syslogd.pid'  }
    default:  { $pid_file = '/var/run/rsyslogd.pid' }
  }

  # Determine the owner.  Ubuntu makes the syslog user owner of all of the
  # logs; everyone else uses root.
  case $::lsbdistname {
    'ubuntu': { $log_owner = 'syslog' }
    default:  { $log_owner = 'root'   }
  }

  # Default log rotation rules for /var/log/messages.
  base::newsyslog::config { 'messages':
    frequency => 'daily',
    log_owner => $log_owner,
    log_mode  => '640',
    analyze   => '/usr/bin/filter-syslog',
    logs      => [ 'messages' ],
    restart   => "hup ${pid_file}",
  }

  # Install the default filter-syslog configuration.
  file {
    '/etc/filter-syslog.conf':
      source  => 'puppet:///modules/base/newsyslog/etc/filter-syslog.conf';
    '/etc/filter-syslog':
      ensure  => directory,
      recurse => true,
      purge   => true,
  }

  # Rotate btmp and wtmp monthly and save one year's worth of those files.
  base::newsyslog::config { 'wtmp':
    frequency => 'monthly',
    log_owner => 'root',
    log_group => 'utmp',
    log_mode  => '664',
    logs      => [ 'btmp', 'wtmp' ],
    save_num  => '12',
  }
  file { '/etc/newsyslog.monthly/wmtp': ensure => absent }

  # Bad login attempt logging is only done if btmp exists.  Ensure the file is
  # present with the correct permissions.
  file { '/var/log/btmp':
    ensure => file,
    owner  => 'root',
    group  => 'utmp',
    mode   => '0664',
  }

  # Clean up after old Puppet manifests.  We used to install a weekly
  # newsyslog configuration to tar up the root .history-save directory and
  # save it, but now we no longer rotate root history.  Delete the lingering
  # newsyslog configuration if it exists.
  file { '/etc/newsyslog.weekly/audit': ensure => absent }
}