diff options
Diffstat (limited to 'system/sysklogd')
| -rw-r--r-- | system/sysklogd/APKBUILD | 60 | ||||
| -rw-r--r-- | system/sysklogd/LICENSE | 16 | ||||
| -rw-r--r-- | system/sysklogd/fix-includes.patch | 122 | ||||
| -rw-r--r-- | system/sysklogd/ksym-fclose-fix.patch | 12 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch | 162 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch | 103 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch | 118 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd-1.5-build.patch | 20 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd.confd | 6 | ||||
| -rwxr-xr-x | system/sysklogd/sysklogd.daily | 91 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd.initd | 76 | ||||
| -rw-r--r-- | system/sysklogd/sysklogd.logrotate | 6 | ||||
| -rw-r--r-- | system/sysklogd/syslog.conf | 48 |
13 files changed, 840 insertions, 0 deletions
diff --git a/system/sysklogd/APKBUILD b/system/sysklogd/APKBUILD new file mode 100644 index 000000000..3e15a8444 --- /dev/null +++ b/system/sysklogd/APKBUILD @@ -0,0 +1,60 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=sysklogd +pkgver=1.5.1 +pkgrel=1 +pkgdesc="System and kernel log daemons" +url="http://www.infodrom.org/projects/sysklogd/" +arch="all" +license="GPL BSD" +subpackages="$pkgname-doc" +depends="" +makedepends="linux-headers" +options="!check" # requires kernel sources to build oops.ko +source="http://www.infodrom.org/projects/$pkgname/download/$pkgname-$pkgver.tar.gz + sysklogd.logrotate + sysklogd.daily + sysklogd.initd + sysklogd.confd + sysklogd-1.4.2-caen-owl-klogd-drop-root.patch + sysklogd-1.4.2-caen-owl-syslogd-bind.patch + sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch + sysklogd-1.5-build.patch + ksym-fclose-fix.patch + fix-includes.patch + syslog.conf + LICENSE" + +builddir="$srcdir"/$pkgname-$pkgver +build() { + cd "$builddir" + make CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" +} + +package() { + cd "$builddir" + make INSTALL="install -D" prefix="$pkgdir" install + + install -D -m644 "$srcdir"/sysklogd.logrotate \ + "$pkgdir"/etc/logrotate.d/sysklogd + install -D -m755 "$srcdir"/sysklogd.daily \ + "$pkgdir"/etc/periodic/daily/sysklogd + install -D -m755 "$srcdir"/sysklogd.initd "$pkgdir"/etc/init.d/sysklogd + install -D -m644 "$srcdir"/sysklogd.confd "$pkgdir"/etc/conf.d/sysklogd + install -D -m644 "$srcdir"/syslog.conf "$pkgdir"/etc/syslog.conf + install -D -m644 "$srcdir"/LICENSE \ + "$pkgdir"/usr/share/licenses/$pkgname/LICENSE +} + +sha512sums="a72196a1a172d25be1c4791ef6256fe71fa2ba8c1383d230e646e93f8a65c3a57c535189726325da4c792fdb2e9cb119bba43c878816a8e78e78189fd32b12b7 sysklogd-1.5.1.tar.gz +d82caedfa61bfefc0162e5c416ff75a5cd8f60abe1cf8a3c5c4e7775aeb7bb64e712c783031659d3793378c8753578adf73ef79aac6a0e7cfbc5bbba5a74bd81 sysklogd.logrotate +87a95d612b9841a022c91a219ff4f69f57badb7f84178f06fc8abec242df948540582f27146b34c6ce730a451ddfc5195b24237cd70c70896ef040148789dd20 sysklogd.daily +eb4c2c411d75315e113efe40c8445dd2eb7aa88e3318ce3d7624916005ec82325a877c83f5816231fc25d5103ac5be1fc58a4d9593b99fea24c87805abd03039 sysklogd.initd +4553d85e93fb07e7d4a6ed0b47a3ea2044a5605adaac05223724c32a60bb8ae96d99ca95965c3931640beef234e976c1141b83f603aa8c6e8aca1dec20ca807c sysklogd.confd +1a5cf4a5dec3ecaa8258110820b64d6a8e1e768e841a3f0ade8d7827b91e73c2d8a49a9d8b74566373133627af88dd46d14e83ae1940a0b2e6cd6fe8710a7e7a sysklogd-1.4.2-caen-owl-klogd-drop-root.patch +995c240fc54681445f68f7681173e1e1860aaab309edc8ac3531881c63c8889f009a7fd622d37145e80fe187410b80c28554140d6a6660134ca87a1c8d13570d sysklogd-1.4.2-caen-owl-syslogd-bind.patch +87865e069f9c78990660cf29a37ba1ded7cc078ea8f05af63fc6068c470d1881181387477dccb830d96af05f352959181619380d61afccf3a11d213372e68852 sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch +ab979b36f091c62ada916246723cd75a71319a6c3687c034167b9caafc53807e6d224e0d6c836bc4b81b61c1d02ec21a1cb19477396a416c62f097d4b9ccc678 sysklogd-1.5-build.patch +ceb1f7cb70f526dd285fc8bad5511cdef603fc1296f69cc0e7ec4901f11685fae083d028687765b233ca074dfbe0cdafa921de6c80a5cbced94de1059d9761ee ksym-fclose-fix.patch +0208662a0158ecb6b0a387bd1bf467c866105dac02767209aeaaaeb02762d6c2b814a2707315f8f6cd40f46c4b7744b74653e30973c31354998c27cd7c966dbd fix-includes.patch +49f73b8a16b92d0cda56db9cfc16d5322e797590dfc998282a62560d54205042af953837f5f94b45a3de403fdf5f63efe65d72e9908c7185a2cd5941275abf33 syslog.conf +7b3de1d38b50df14ceaada900f2e8f23b0d5035278c9eacb06d2578ccdcf64ffc44bbb76ed6a10d80f4b883bf36a3ecd2bf60897321e4eae7aed7d8a5a36d86c LICENSE" diff --git a/system/sysklogd/LICENSE b/system/sysklogd/LICENSE new file mode 100644 index 000000000..7e9b5d59c --- /dev/null +++ b/system/sysklogd/LICENSE @@ -0,0 +1,16 @@ +/* + * Copyright (c) 1983, 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ diff --git a/system/sysklogd/fix-includes.patch b/system/sysklogd/fix-includes.patch new file mode 100644 index 000000000..d15baf5c3 --- /dev/null +++ b/system/sysklogd/fix-includes.patch @@ -0,0 +1,122 @@ +--- sysklogd-1.5.orig/klogd.c ++++ sysklogd-1.5/klogd.c +@@ -260,11 +260,8 @@ + #include <unistd.h> + #include <signal.h> + #include <errno.h> +-#include <sys/fcntl.h> ++#include <fcntl.h> + #include <sys/stat.h> +-#if !defined(__GLIBC__) +-#include <linux/time.h> +-#endif /* __GLIBC__ */ + #include <stdarg.h> + #include <paths.h> + #include <stdlib.h> +@@ -279,13 +276,8 @@ + + #define __LIBRARY__ + #include <linux/unistd.h> +-#if !defined(__GLIBC__) +-# define __NR_ksyslog __NR_syslog +-_syscall3(int,ksyslog,int, type, char *, buf, int, len); +-#else + #include <sys/klog.h> + #define ksyslog klogctl +-#endif + + #define LOG_BUFFER_SIZE 4096 + #define LOG_LINE_LENGTH 1000 +--- sysklogd-1.5.orig/ksym_mod.c ++++ sysklogd-1.5/ksym_mod.c +@@ -113,12 +113,9 @@ + #include <unistd.h> + #include <signal.h> + #include <errno.h> +-#include <sys/fcntl.h> ++#include <fcntl.h> + #include <sys/stat.h> + #include "module.h" +-#if !defined(__GLIBC__) +-#include <linux/time.h> +-#endif /* __GLIBC__ */ + #include <stdarg.h> + #include <paths.h> + #include <linux/version.h> +--- sysklogd-1.5.orig/pidfile.c ++++ sysklogd-1.5/pidfile.c +@@ -25,6 +25,7 @@ + */ + + #include <stdio.h> ++#include <fcntl.h> + #include <unistd.h> + #include <sys/stat.h> + #include <sys/file.h> +--- sysklogd-1.5.orig/syslog.c ++++ sysklogd-1.5/syslog.c +@@ -55,7 +55,6 @@ + #include <sys/types.h> + #include <sys/socket.h> + #include <sys/file.h> +-#include <sys/signal.h> + #include <sys/syslog.h> + #if 0 + #include "syslog.h" +@@ -64,6 +63,8 @@ + + #include <sys/uio.h> + #include <sys/wait.h> ++#include <signal.h> ++#include <fcntl.h> + #include <netdb.h> + #include <string.h> + #include <time.h> +--- sysklogd-1.5.orig/syslogd.c ++++ sysklogd-1.5/syslogd.c +@@ -519,9 +519,9 @@ + #include <time.h> + + #define SYSLOG_NAMES ++#include <errno.h> + #include <sys/syslog.h> + #include <sys/param.h> +-#include <sys/errno.h> + #include <sys/ioctl.h> + #include <sys/stat.h> + #include <sys/wait.h> +@@ -823,9 +823,7 @@ + void init(); + void cfline(char *line, register struct filed *f); + int decode(char *name, struct code *codetab); +-#if defined(__GLIBC__) + #define dprintf mydprintf +-#endif /* __GLIBC__ */ + static void dprintf(char *, ...); + static void allocate_log(void); + void sighup_handler(); +@@ -860,15 +858,9 @@ + register char *p; + #ifndef TESTING + ssize_t msglen; +-#endif +-#if !defined(__GLIBC__) +- int len, num_fds; +-#else /* __GLIBC__ */ +-#ifndef TESTING + socklen_t len; + #endif + int num_fds; +-#endif /* __GLIBC__ */ + /* + * It took me quite some time to figure out how this is + * supposed to work so I guess I should better write it down. +@@ -2126,7 +2118,7 @@ + (void) signal(SIGCHLD, reapchild); /* reset signal handler -ASP */ + wait ((int *)0); + #else +- union wait status; ++ int status; + + while (wait3(&status, WNOHANG, (struct rusage *) NULL) > 0) + ; diff --git a/system/sysklogd/ksym-fclose-fix.patch b/system/sysklogd/ksym-fclose-fix.patch new file mode 100644 index 000000000..a1b3401e2 --- /dev/null +++ b/system/sysklogd/ksym-fclose-fix.patch @@ -0,0 +1,12 @@ +Index: sysklogd-1.5/ksym_mod.c +=================================================================== +--- sysklogd-1.5.orig/ksym_mod.c 2009-08-04 09:47:53.000000000 +0300 ++++ sysklogd-1.5/ksym_mod.c 2009-08-04 09:48:05.000000000 +0300 +@@ -189,7 +189,6 @@ + else + Syslog(LOG_ERR, "Error loading kernel symbols " \ + "- %s\n", strerror(errno)); +- fclose(ksyms); + return(0); + } + diff --git a/system/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch b/system/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch new file mode 100644 index 000000000..40b8817d4 --- /dev/null +++ b/system/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.patch @@ -0,0 +1,162 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8 +--- sysklogd-1.4.2.orig/klogd.8 2005-03-11 16:12:09 +0000 ++++ sysklogd-1.4.2/klogd.8 2005-08-18 14:37:47 +0000 +@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon + .RB [ " \-f " + .I fname + ] ++.RB [ " \-u " ++.I username ++] ++.RB [ " \-j " ++.I chroot_dir ++] + .RB [ " \-iI " ] + .RB [ " \-n " ] + .RB [ " \-o " ] +@@ -53,6 +60,20 @@ stderr. + .BI "\-f " file + Log messages to the specified filename rather than to the syslog facility. + .TP ++.BI "\-u " username ++Tells klogd to become the specified user and drop root privileges before ++starting logging. ++.TP ++.BI "\-j " chroot_dir ++Tells klogd to ++.BR chroot (2) ++into this directory after initializing. ++This option is only valid if the \-u option is also used to run klogd ++without root privileges. ++Note that the use of this option will prevent \-i and \-I from working ++unless you set up the chroot directory in such a way that klogd can still ++read the kernel module symbols. ++.TP + .BI "\-i \-I" + Signal the currently executing klogd daemon. Both of these switches control + the loading/reloading of symbol information. The \-i switch signals the +diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c +--- sysklogd-1.4.2.orig/klogd.c 2005-08-18 12:29:52 +0000 ++++ sysklogd-1.4.2/klogd.c 2005-08-18 14:37:47 +0000 +@@ -261,6 +261,8 @@ + #include <stdarg.h> + #include <paths.h> + #include <stdlib.h> ++#include <pwd.h> ++#include <grp.h> + #include "klogd.h" + #include "ksyms.h" + #ifndef TESTING +@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel} + int debugging = 0; + int symbols_twice = 0; + ++char *server_user = NULL; ++char *chroot_dir = NULL; ++int log_flags = 0; + + /* Function prototypes. */ + extern int ksyslog(int type, char *buf, int len); +@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void) + * First do a stat to determine whether or not the proc based + * file system is available to get kernel messages from. + */ +- if ( use_syscall || +- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) ) ++ if (!server_user && ++ (use_syscall || ++ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)))) + { + /* Initialize kernel logging. */ + ksyslog(1, NULL, 0); +@@ -983,6 +989,27 @@ static void LogProcLine(void) + } + + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (chroot_dir) { ++ if (chdir(chroot_dir)) return -1; ++ if (chroot(".")) return -1; ++ } ++ ++ if (setgroups(0, NULL)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ ++ + int main(argc, argv) + + int argc; +@@ -1000,7 +1027,7 @@ int main(argc, argv) + chdir ("/"); + #endif + /* Parse the command-line. */ +- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF) ++ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF) + switch((char)ch) + { + case '2': /* Print lines with symbols twice. */ +@@ -1022,6 +1049,10 @@ int main(argc, argv) + case 'I': + SignalDaemon(SIGUSR2); + return(0); ++ case 'j': /* chroot 'j'ail */ ++ chroot_dir = optarg; ++ log_flags |= LOG_NDELAY; ++ break; + case 'k': /* Kernel symbol file. */ + symfile = optarg; + break; +@@ -1037,6 +1068,9 @@ int main(argc, argv) + case 's': /* Use syscall interface. */ + use_syscall = 1; + break; ++ case 'u': /* Run as this user */ ++ server_user = optarg; ++ break; + case 'v': + printf("klogd %s.%s\n", VERSION, PATCHLEVEL); + exit (1); +@@ -1045,6 +1079,10 @@ int main(argc, argv) + break; + } + ++ if (chroot_dir && !server_user) { ++ fputs("'-j' is only valid with '-u'\n", stderr); ++ exit(1); ++ } + + /* Set console logging level. */ + if ( log_level != (char *) 0 ) +@@ -1158,7 +1196,7 @@ int main(argc, argv) + } + } + else +- openlog("kernel", 0, LOG_KERN); ++ openlog("kernel", log_flags, LOG_KERN); + + + /* Handle one-shot logging. */ +@@ -1191,6 +1229,11 @@ int main(argc, argv) + } + } + ++ if (server_user && drop_root()) { ++ syslog(LOG_ALERT, "klogd: failed to drop root"); ++ Terminate(); ++ } ++ + /* The main loop. */ + while (1) + { diff --git a/system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch b/system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch new file mode 100644 index 000000000..ad311a512 --- /dev/null +++ b/system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.patch @@ -0,0 +1,103 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2004-07-09 17:33:32 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:40:25 +0000 +@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti + .I config file + ] + .RB [ " \-h " ] ++.RB [ " \-i " ++.I IP address ++] + .RB [ " \-l " + .I hostlist + ] +@@ -104,6 +107,13 @@ Specifying this switch on the command li + This can cause syslog loops that fill up hard disks quite fast and + thus needs to be used with caution. + .TP ++.BI "\-i " "IP address" ++If ++.B syslogd ++is configured to accept log input from a UDP port, specify an IP address ++to bind to, rather than the default of INADDR_ANY. The address must be in ++dotted quad notation, DNS host names are not allowed. ++.TP + .BI "\-l " "hostlist" + Specify a hostname that should be logged only with its simple hostname + and not the fqdn. Multiple hosts may be specified using the colon +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:33:22 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:40:25 +0000 +@@ -774,6 +774,8 @@ char **LocalHosts = NULL; /* these hosts + int NoHops = 1; /* Can we bounce syslog messages through an + intermediate host. */ + ++char *bind_addr = NULL; /* bind UDP port to this interface only */ ++ + extern int errno; + + /* Function prototypes. */ +@@ -878,7 +880,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -895,9 +897,17 @@ int main(argc, argv) + case 'h': + NoHops = 0; + break; ++ case 'i': ++ if (bind_addr) { ++ fprintf(stderr, "Only one -i argument allowed, " ++ "the first one is taken.\n"); ++ break; ++ } ++ bind_addr = optarg; ++ break; + case 'l': + if (LocalHosts) { +- fprintf (stderr, "Only one -l argument allowed," \ ++ fprintf(stderr, "Only one -l argument allowed, " + "the first one is taken.\n"); + break; + } +@@ -1244,7 +1254,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address]\n"); + exit(1); + } + +@@ -1286,15 +1296,22 @@ static int create_inet_socket() + int fd, on = 1; + struct sockaddr_in sin; + ++ memset(&sin, 0, sizeof(sin)); ++ sin.sin_family = AF_INET; ++ sin.sin_port = LogPort; ++ if (bind_addr) { ++ if (!inet_aton(bind_addr, &sin.sin_addr)) { ++ logerror("syslog: not a valid IP address to bind to."); ++ return -1; ++ } ++ } ++ + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) { + logerror("syslog: Unknown protocol, suspending inet service."); + return fd; + } + +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_port = LogPort; + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \ + (char *) &on, sizeof(on)) < 0 ) { + logerror("setsockopt(REUSEADDR), suspending inet"); diff --git a/system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch b/system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch new file mode 100644 index 000000000..8c3f571f3 --- /dev/null +++ b/system/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.patch @@ -0,0 +1,118 @@ +http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain +diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8 +--- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:41:26 +0000 +@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti + .RB [ " \-s " + .I domainlist + ] ++.RB [ " \-u" ++.IB username ++] + .RB [ " \-v " ] + .LP + .SH DESCRIPTION +@@ -161,6 +164,19 @@ is specified and the host logging resolv + no domain would be cut, you will have to specify two domains like: + .BR "\-s north.de:infodrom.north.de" . + .TP ++.BI "\-u " "username" ++This causes the ++.B syslogd ++daemon to become the named user before starting up logging. ++ ++Note that when this option is in use, ++.B syslogd ++will open all log files as root when the daemon is first started; ++however, after a ++.B SIGHUP ++the files will be reopened as the non-privileged user. You should ++take this into account when deciding the ownership of the log files. ++.TP + .B "\-v" + Print version and exit. + .LP +diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c +--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:40:25 +0000 ++++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:41:26 +0000 +@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c 5. + #include <arpa/nameser.h> + #include <arpa/inet.h> + #include <resolv.h> ++ ++#include <pwd.h> ++#include <grp.h> ++ + #ifndef TESTING + #include "pidfile.h" + #endif +@@ -775,6 +779,7 @@ int NoHops = 1; /* Can we bounce syslog + intermediate host. */ + + char *bind_addr = NULL; /* bind UDP port to this interface only */ ++char *server_user = NULL; /* user name to run server as */ + + extern int errno; + +@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc) + return fcntl(desc, F_SETFL, flags | O_NONBLOCK); + } + ++static int drop_root(void) ++{ ++ struct passwd *pw; ++ ++ if (!(pw = getpwnam(server_user))) return -1; ++ ++ if (!pw->pw_uid) return -1; ++ ++ if (initgroups(server_user, pw->pw_gid)) return -1; ++ if (setgid(pw->pw_gid)) return -1; ++ if (setuid(pw->pw_uid)) return -1; ++ ++ return 0; ++} ++ + int main(argc, argv) + int argc; + char **argv; +@@ -880,7 +900,7 @@ int main(argc, argv) + funix[i] = -1; + } + +- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF) ++ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF) + switch((char)ch) { + case 'a': + if (nfunix < MAXFUNIX) +@@ -933,6 +953,9 @@ int main(argc, argv) + } + StripDomains = crunch_list(optarg); + break; ++ case 'u': ++ server_user = optarg; ++ break; + case 'v': + printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); + exit (0); +@@ -1100,6 +1123,11 @@ int main(argc, argv) + kill (ppid, SIGTERM); + #endif + ++ if (server_user && drop_root()) { ++ dprintf("syslogd: failed to drop root\n"); ++ exit(1); ++ } ++ + /* Main loop begins here. */ + for (;;) { + int nfds; +@@ -1254,7 +1282,7 @@ int main(argc, argv) + int usage() + { + fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ +- " [-s domainlist] [-f conffile] [-i IP address]\n"); ++ " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n"); + exit(1); + } + diff --git a/system/sysklogd/sysklogd-1.5-build.patch b/system/sysklogd/sysklogd-1.5-build.patch new file mode 100644 index 000000000..6175cdfe7 --- /dev/null +++ b/system/sysklogd/sysklogd-1.5-build.patch @@ -0,0 +1,20 @@ +respect env CC/CFLAGS/CPPFLAGS/LDFLAGS + +--- a/Makefile ++++ b/Makefile +@@ -17,14 +17,12 @@ + # along with this program; if not, write to the Free Software + # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +-CC= gcc + #SKFLAGS= -g -DSYSV -Wall + #LDFLAGS= -g +-SKFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce ++SKFLAGS= $(CFLAGS) $(CPPFLAGS) -DSYSV -Wall -fno-strength-reduce + # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE + # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE + # $(shell getconf LFS_SKFLAGS) +-LDFLAGS= -s + + # Look where your install program is. + INSTALL = /usr/bin/install diff --git a/system/sysklogd/sysklogd.confd b/system/sysklogd/sysklogd.confd new file mode 100644 index 000000000..c97357391 --- /dev/null +++ b/system/sysklogd/sysklogd.confd @@ -0,0 +1,6 @@ +# Config file for /etc/init.d/sysklogd + +SYSLOGD="-m 0" +# send warnings and above to the console +KLOGD="-c 3 -2" + diff --git a/system/sysklogd/sysklogd.daily b/system/sysklogd/sysklogd.daily new file mode 100755 index 000000000..725c33e31 --- /dev/null +++ b/system/sysklogd/sysklogd.daily @@ -0,0 +1,91 @@ +#!/bin/sh +# This is a shell script replacement for the sysklogd's logrotate cron script +# and syslogd-listfiles perl script. +# Copyright (C) 2008-2015 N. Angelacos for the Alpine Linux project - GPL2 + + +CONF="/etc/syslog.conf" + + +syslogd_listfiles() { + # List the target files from syslog.conf + + local skip= + [ "$1" = "--auth" ] && skip="!" + + # the while loop joins lines that end in "\" + # the sed (in order)- + # strips comments; + # remove empty lines; + # collapses spaces/tabs to 1 space; + # deletes the "-" in front of the filename; + # deletes whitespace before ';' + # deletes lines that have/dont have the "auth" facility + # deletes the facility (leaving just the filename) + # deletes lines that are not filenames with leading "/" + # print it + while read a ; do echo "$a"; done < $CONF |\ + sed -nE -e "s/\#.*//" \ + -e "/^[[:space:]]*$/D" \ + -e "s/[[:space:]]+/ /g" \ + -e "s: -/: /:g" \ + -e "s/ *; */;/" \ + -e "/^.*(auth)[^ ]* /${skip}D" \ + -e "s:^.* /:/:" \ + -e "/^[^\\/]/D" \ + -e "P" \ + | sort | uniq +} + +# dumb little savelog - no error checking here +savelog () { + local group="adm" + local mode="644" + local user="root" + local cycle=2 + local logfile="" + + # parse args + while getopts "g:u:m:c:" opt; do + case $opt in + g) group=$OPTARG ;; + u) user=$OPTARG ;; + m) mode=$OPTARG ;; + c) cycle=$OPTARG ;; + *) echo "unknown option: $opt" >&2 && return 1;; + esac + done + shift $(( $OPTIND - 1 )) + logfile=$1 + + # Cycle the logs + while [ $cycle -ne 0 ]; do + p=$cycle + cycle=$(( $cycle - 1 )) + a=$logfile.$cycle* + b=$( echo $a | sed "s/\.$cycle/\.$p/") + [ -f $a ] && mv $a $b + done + + # compress .1 and let .0 be uncompressed + [ -f $logfile.1 ] && gzip $logfile.1 + [ -f $logfile ] && mv $logfile $logfile.0 + + # set permissions + chown $user:$group $logfile.* 2>/dev/null + chmod $mode $logfile.* 2>/dev/null +} + + +# Main script + +for LOG in $( syslogd_listfiles ); do + [ -f $LOG ] && savelog -g adm -m 640 -u root -c 7 $LOG +done + +for LOG in $(syslogd_listfiles --auth); do + [ -f $LOG ] && savelog -g adm -m 640 -u root -c 7 $LOG +done + +killall -HUP syslogd + diff --git a/system/sysklogd/sysklogd.initd b/system/sysklogd/sysklogd.initd new file mode 100644 index 000000000..c2355f484 --- /dev/null +++ b/system/sysklogd/sysklogd.initd @@ -0,0 +1,76 @@ +#!/sbin/openrc-run +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/app-admin/sysklogd/files/sysklogd.rc7,v 1.1 2011/09/14 22:22:57 polynomial-c Exp $ + +extra_started_commands="reload" + +depend() { + need clock hostname localmount + before net + provide logger +} + +start_daemon() { + local retval=0 + local daemon="$1" + local options="$2" + + [ -z "${daemon}" ] && return 1 + + ebegin "sysklogd -> start: ${daemon}" + start-stop-daemon --start --exec /usr/sbin/"${daemon}" \ + --pidfile /var/run/"${daemon}".pid -- ${options} + retval=$? + eend ${retval} "Failed to start ${daemon}" + + return ${retval} +} + +stop_daemon() { + local retval=0 + local daemon="$1" + + [ -z "${daemon}" ] && return 1 + + ebegin "sysklogd -> stop: ${daemon}" + # syslogd can be stubborn some times (--retry 15)... + start-stop-daemon --stop --retry 15 --quiet --pidfile /var/run/"${daemon}".pid + retval=$? + eend ${retval} "Failed to stop ${daemon}" + + return ${retval} +} + +start() { + start_daemon "syslogd" "${SYSLOGD}" || return 1 + + # klogd do not always start proper if started too early + sleep 1 + + if ! start_daemon "klogd" "${KLOGD}" ; then + stop_daemon "syslogd" + return 1 + fi + + return 0 +} + +stop() { + stop_daemon "klogd" || return 1 + stop_daemon "syslogd" || return 1 + return 0 +} + +reload() { + local ret=0 + + ebegin "Reloading configuration" + + start-stop-daemon --signal HUP --pidfile /var/run/syslogd.pid + ret=$((${ret} + $?)) + start-stop-daemon --signal USR1 --pidfile /var/run/klogd.pid + ret=$((${ret} + $?)) + + eend ${ret} +} diff --git a/system/sysklogd/sysklogd.logrotate b/system/sysklogd/sysklogd.logrotate new file mode 100644 index 000000000..0fd0be2ff --- /dev/null +++ b/system/sysklogd/sysklogd.logrotate @@ -0,0 +1,6 @@ +# we do logrotatation in a separate cron script that parses syslog.conf +# and rotates whatever user have configured. +# +# That is better than having users to maunally update this logrotate config +# whenever they touch syslog.conf +# diff --git a/system/sysklogd/syslog.conf b/system/sysklogd/syslog.conf new file mode 100644 index 000000000..aead955cc --- /dev/null +++ b/system/sysklogd/syslog.conf @@ -0,0 +1,48 @@ +# /etc/syslog.conf Configuration file for syslogd. +# +# For more information see syslog.conf(5) +# manpage. + +# First some standard logfiles. Log by facility. +# + +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +#mail.info -/var/log/mail.info +#mail.warning -/var/log/mail.warn +#mail.err /var/log/mail.err + +# Some `catch-all' logfiles. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warning;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg * + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warning /dev/tty8 + |