Navigation

← Previous Changeset
Next Changeset →

Changeset 2178

Timestamp:

06/07/08 11:21:22 (6 months ago)

Author:

mbr

Message:

updated to not modify the syslog config or test for the acquisition of syslog messages, added --install-syslog-fifo to override this

Files:

psad/trunk/install.pl (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

psad/trunk/install.pl

r2136	r2178
155	155	my $init_dir = '/etc/init.d';
156	156	my $init_name = 'psad';
	157	my $install_syslog_fifo = 0;
157	158	my $runlevel = -1;
158	159
…	…
174	175	'init-dir=s' => \$init_dir,
175	176	'init-name=s' => \$init_name,
	177	'install-syslog-fifo' => \$install_syslog_fifo,
176	178	'runlevel=i' => \$runlevel,
177	179	'LC_ALL=s' => \$locale,
…	…
451	453	}
452	454
453		### get syslog daemon (e.g. syslog, rsyslog syslog-ng, or metalog)
454		my $syslog_str = &query_syslog();
	455	my $syslog_str = '';
	456
	457	if ($install_syslog_fifo) {
	458	### get syslog daemon (e.g. syslog, rsyslog syslog-ng, or metalog)
	459	$syslog_str = &query_syslog();
	460	} else {
	461	print
	462	"[+] psad by default parses iptables log messages from the /var/log/messages\n",
	463	" file, but you can alter this with the IPT_SYSLOG_FILE variable in the\n",
	464	" /etc/psad/psad.conf file.\n";
	465	}
455	466
456	467	my $preserve_rv = 0;
…	…
573	584	}
574	585
575		&put_string('SYSLOG_DAEMON', $syslog_str,
576		"$config{'PSAD_CONF_DIR'}/psad.conf");
577
578		if ($syslog_str ne 'ulogd') {
579		my $restarted_syslog = 0;
580		if ($syslog_str eq 'syslogd') {
581		if (-e $syslog_conf) {
582		&append_fifo_syslog($syslog_conf);
583		if (((system "$cmds{'killall'} -HUP syslogd 2> /dev/null")>>8) == 0) {
584		&logr("[+] HUP signal sent to syslogd.\n");
	586	if ($install_syslog_fifo) {
	587	&put_string('SYSLOG_DAEMON', $syslog_str,
	588	"$config{'PSAD_CONF_DIR'}/psad.conf");
	589
	590	if ($syslog_str ne 'ulogd') {
	591	my $restarted_syslog = 0;
	592	if ($syslog_str eq 'syslogd') {
	593	if (-e $syslog_conf) {
	594	&append_fifo_syslog($syslog_conf);
	595	if (((system "$cmds{'killall'} -HUP syslogd 2> /dev/null")>>8) == 0) {
	596	&logr("[+] HUP signal sent to syslogd.\n");
	597	$restarted_syslog = 1;
	598	}
	599	}
	600	} elsif ($syslog_str eq 'rsyslogd') {
	601	if (-e $syslog_conf) {
	602	&append_fifo_syslog($syslog_conf);
	603	if (((system "$cmds{'killall'} -HUP rsyslogd 2> /dev/null")>>8) == 0) {
	604	&logr("[+] HUP signal sent to rsyslogd.\n");
	605	$restarted_syslog = 1;
	606	}
	607	}
	608
	609	} elsif ($syslog_str eq 'syslog-ng') {
	610	if (-e $syslog_conf) {
	611	&append_fifo_syslog_ng($syslog_conf);
	612	if (((system "$cmds{'killall'} -HUP syslog-ng 2> /dev/null")>>8) == 0) {
	613	&logr("[+] HUP signal sent to syslog-ng.\n");
	614	$restarted_syslog = 1;
	615	}
	616	}
	617	} elsif ($syslog_str eq 'metalog') {
	618	if (-e $syslog_conf) {
	619	&config_metalog($syslog_conf);
	620	&logr("[-] Metalog support is shaky in psad. " .
	621	"Use at your own risk.\n");
	622	### don't send warning about not restarting metalog daemon
585	623	$restarted_syslog = 1;
586	624	}
587	625	}
588		} elsif ($syslog_str eq 'rsyslogd') {
589		if (-e $syslog_conf) {
590		&append_fifo_syslog($syslog_conf);
591		if (((system "$cmds{'killall'} -HUP rsyslogd 2> /dev/null")>>8) == 0) {
592		&logr("[+] HUP signal sent to rsyslogd.\n");
593		$restarted_syslog = 1;
594		}
595		}
596
597		} elsif ($syslog_str eq 'syslog-ng') {
598		if (-e $syslog_conf) {
599		&append_fifo_syslog_ng($syslog_conf);
600		if (((system "$cmds{'killall'} -HUP syslog-ng 2> /dev/null")>>8) == 0) {
601		&logr("[+] HUP signal sent to syslog-ng.\n");
602		$restarted_syslog = 1;
603		}
604		}
605		} elsif ($syslog_str eq 'metalog') {
606		if (-e $syslog_conf) {
607		&config_metalog($syslog_conf);
608		&logr("[-] Metalog support is shaky in psad. " .
609		"Use at your own risk.\n");
610		### don't send warning about not restarting metalog daemon
611		$restarted_syslog = 1;
612		}
613		}
614
615		unless ($restarted_syslog) {
616		&logr("[-] Could not restart any syslog daemons.\n");
617		}
618		}
619
620		if (-x $cmds{'iptables'} and not $skip_syslog_test) {
621		&logr("[+] Found iptables. Testing syslog configuration:\n");
622		### make sure we actually see packets being logged by
623		### the firewall.
624		if ($syslog_str ne 'ulogd') {
625		if (&test_syslog_config($syslog_str)) {
626		&logr("[+] Successful $syslog_str reconfiguration.\n\n");
627		} else {
628		if (&query_init_script_restart_syslog()) {
629
630		my $restarted = 0;
631		if ($syslog_str eq 'syslog-ng') {
632		if (-e "$init_dir/syslog-ng") {
633		system "$init_dir/syslog-ng restart";
634		$restarted = 1;
	626
	627	unless ($restarted_syslog) {
	628	&logr("[-] Could not restart any syslog daemons.\n");
	629	}
	630	}
	631
	632	if (-x $cmds{'iptables'} and not $skip_syslog_test) {
	633	&logr("[+] Found iptables. Testing syslog configuration:\n");
	634	### make sure we actually see packets being logged by
	635	### the firewall.
	636	if ($syslog_str ne 'ulogd') {
	637	if (&test_syslog_config($syslog_str)) {
	638	&logr("[+] Successful $syslog_str reconfiguration.\n\n");
	639	} else {
	640	if (&query_init_script_restart_syslog()) {
	641
	642	my $restarted = 0;
	643	if ($syslog_str eq 'syslog-ng') {
	644	if (-e "$init_dir/syslog-ng") {
	645	system "$init_dir/syslog-ng restart";
	646	$restarted = 1;
	647	}
	648	} elsif ($syslog_str eq 'rsyslogd') {
	649	if (-e "$init_dir/sysklogd") {
	650	system "$init_dir/sysklogd restart";
	651	$restarted = 1;
	652	} elsif (-e "$init_dir/syslog") {
	653	system "$init_dir/syslog restart";
	654	$restarted = 1;
	655	}
	656	} else {
	657	if (-e "$init_dir/rsyslog") {
	658	system "$init_dir/rsyslog restart";
	659	$restarted = 1;
	660	}
635	661	}
636		} elsif ($syslog_str eq 'rsyslogd') {
637		if (-e "$init_dir/sysklogd") {
638		system "$init_dir/sysklogd restart";
639		$restarted = 1;
640		} elsif (-e "$init_dir/syslog") {
641		system "$init_dir/syslog restart";
642		$restarted = 1;
	662	### test syslog config again now that we
	663	### have restarted syslog via the init script
	664	### instead of relying on a HUP signal to
	665	### syslog
	666	if ($restarted) {
	667	if (&test_syslog_config($syslog_str)) {
	668	&logr("[+] Successful $syslog_str reconfiguration.\n\n");
	669	} else {
	670	&logr("[-] Unsuccessful $syslog_str reconfiguration.\n");
	671	&logr(" Consult the psad man page for the basic " .
	672	"$syslog_str requirement to get psad to work.\n\n");
	673	}
643	674	}
644	675	} else {
645		if (-e "$init_dir/rsyslog") {
646		system "$init_dir/rsyslog restart";
647		$restarted = 1;
648		}
	676	&logr("[-] Ok, hoping that psad can get packet data anyway.\n");
649	677	}
650		~~### test syslog config again now that we~~
651		~~### have restarted syslog via the init script~~
652		~~### instead of relying on a HUP signal to~~
653		~~### syslog~~
654		~~if ($restarted) {~~
655		~~if (&test_syslog_config($syslog_str)) {~~
656		~~&logr("[+] Successful $syslog_str reconfiguration.\n\n");~~
657		~~} else {~~
658		~~&logr("[-] Unsuccessful $syslog_str reconfiguration.\n");~~
659		~~&logr(" Consult the psad man page for the basic " .~~
660		~~"$syslog_str requirement to get psad to work.\n\n");~~
661		}
662		}
663		~~} else {~~
664		~~&logr("[-] Ok, hoping that psad can get packet data anyway.\n");~~
665	678	}
666	679	}
…	…
2089	2102	--init-name <name> - Specify the name for the psad init
2090	2103	script (the default is $init_name).
	2104	--install-syslog-fifo - Add the installation of the psadfifo
	2105	(this is not usually necessary since
	2106	the default is to enable
	2107	ENABLE_SYSLOG_FILE).
2091	2108	-r, --runlevel <N> - Specify the current system runlevel.
2092	2109	--no-rm-lib-dir - Do not remove the /usr/lib/psad/

Navigation

Changeset 2178

Legend:

psad/trunk/install.pl

Download in other formats: