Commit 2af5bc25 authored by Natanael Copa's avatar Natanael Copa

extra/sysklogd: new aport

System and kernel log daemons
http://www.infodrom.org/projects/sysklogd/
parent a0f50b63
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=sysklogd
pkgver=1.5
pkgrel=0
pkgdesc="System and kernel log daemons"
url="http://www.infodrom.org/projects/sysklogd/"
license="GPL BSD"
subpackages="$pkgname-doc"
depends="logrotate"
makedepends=""
source="http://www.infodrom.org/projects/$pkgname/download/$pkgname-$pkgver.tar.gz
sysklogd.logrotate
sysklogd.initd
sysklogd.confd
sysklogd-1.4.2-caen-owl-klogd-drop-root.diff
sysklogd-1.4.2-caen-owl-syslogd-bind.diff
sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff
sysklogd-1.5-build.patch
LICENSE"
build ()
{
cd "$srcdir"/$pkgname-$pkgver
for i in ../*.patch ../*.diff; do
msg "Applying $i..."
patch -p1 < $i || return 1
done
export CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
make || return 1
install -d "$pkgdir"/usr/sbin
install -d "$pkgdir"/usr/share/man/man5
install -d "$pkgdir"/usr/share/man/man8
make INSTALL=install prefix="$pkgdir" install
install -D -m644 ../sysklogd.logrotate \
"$pkgdir"/etc/logrotate.d/sysklogd
install -D -m755 ../sysklogd.initd "$pkgdir"/etc/init.d/sysklogd
install -D -m644 ../sysklogd.confd "$pkgdir"/etc/conf.d/sysklogd
install -D -m644 ../LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
md5sums="e053094e8103165f98ddafe828f6ae4b sysklogd-1.5.tar.gz
40304e92b2f6a92e252de24c5e3ca88e sysklogd.logrotate
9332657663a9f4286e5c61d22c46378f sysklogd.initd
e25d7b583b7e4bd8be503b89e1771e90 sysklogd.confd
3b7ba3aa6519f96f11165a7d5900a8b1 sysklogd-1.4.2-caen-owl-klogd-drop-root.diff
4715e1dd2deb7a9ac137e004210e3154 sysklogd-1.4.2-caen-owl-syslogd-bind.diff
6c0a416e40a678cf99c454b0e98185c9 sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff
c71826d1a4f3f7e8ffa57adbfc24f1ce sysklogd-1.5-build.patch
7930f7ff5038e1318511624e348581cc LICENSE"
/*
* Copyright (c) 1983, 1988 Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the University of California, Berkeley. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain
diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8
--- sysklogd-1.4.2.orig/klogd.8 2005-03-11 16:12:09 +0000
+++ sysklogd-1.4.2/klogd.8 2005-08-18 14:37:47 +0000
@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon
.RB [ " \-f "
.I fname
]
+.RB [ " \-u "
+.I username
+]
+.RB [ " \-j "
+.I chroot_dir
+]
.RB [ " \-iI " ]
.RB [ " \-n " ]
.RB [ " \-o " ]
@@ -53,6 +60,20 @@ stderr.
.BI "\-f " file
Log messages to the specified filename rather than to the syslog facility.
.TP
+.BI "\-u " username
+Tells klogd to become the specified user and drop root privileges before
+starting logging.
+.TP
+.BI "\-j " chroot_dir
+Tells klogd to
+.BR chroot (2)
+into this directory after initializing.
+This option is only valid if the \-u option is also used to run klogd
+without root privileges.
+Note that the use of this option will prevent \-i and \-I from working
+unless you set up the chroot directory in such a way that klogd can still
+read the kernel module symbols.
+.TP
.BI "\-i \-I"
Signal the currently executing klogd daemon. Both of these switches control
the loading/reloading of symbol information. The \-i switch signals the
diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c
--- sysklogd-1.4.2.orig/klogd.c 2005-08-18 12:29:52 +0000
+++ sysklogd-1.4.2/klogd.c 2005-08-18 14:37:47 +0000
@@ -261,6 +261,8 @@
#include <stdarg.h>
#include <paths.h>
#include <stdlib.h>
+#include <pwd.h>
+#include <grp.h>
#include "klogd.h"
#include "ksyms.h"
#ifndef TESTING
@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel}
int debugging = 0;
int symbols_twice = 0;
+char *server_user = NULL;
+char *chroot_dir = NULL;
+int log_flags = 0;
/* Function prototypes. */
extern int ksyslog(int type, char *buf, int len);
@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void)
* First do a stat to determine whether or not the proc based
* file system is available to get kernel messages from.
*/
- if ( use_syscall ||
- ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
+ if (!server_user &&
+ (use_syscall ||
+ ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT))))
{
/* Initialize kernel logging. */
ksyslog(1, NULL, 0);
@@ -983,6 +989,27 @@ static void LogProcLine(void)
}
+static int drop_root(void)
+{
+ struct passwd *pw;
+
+ if (!(pw = getpwnam(server_user))) return -1;
+
+ if (!pw->pw_uid) return -1;
+
+ if (chroot_dir) {
+ if (chdir(chroot_dir)) return -1;
+ if (chroot(".")) return -1;
+ }
+
+ if (setgroups(0, NULL)) return -1;
+ if (setgid(pw->pw_gid)) return -1;
+ if (setuid(pw->pw_uid)) return -1;
+
+ return 0;
+}
+
+
int main(argc, argv)
int argc;
@@ -1000,7 +1027,7 @@ int main(argc, argv)
chdir ("/");
#endif
/* Parse the command-line. */
- while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
+ while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF)
switch((char)ch)
{
case '2': /* Print lines with symbols twice. */
@@ -1022,6 +1049,10 @@ int main(argc, argv)
case 'I':
SignalDaemon(SIGUSR2);
return(0);
+ case 'j': /* chroot 'j'ail */
+ chroot_dir = optarg;
+ log_flags |= LOG_NDELAY;
+ break;
case 'k': /* Kernel symbol file. */
symfile = optarg;
break;
@@ -1037,6 +1068,9 @@ int main(argc, argv)
case 's': /* Use syscall interface. */
use_syscall = 1;
break;
+ case 'u': /* Run as this user */
+ server_user = optarg;
+ break;
case 'v':
printf("klogd %s.%s\n", VERSION, PATCHLEVEL);
exit (1);
@@ -1045,6 +1079,10 @@ int main(argc, argv)
break;
}
+ if (chroot_dir && !server_user) {
+ fputs("'-j' is only valid with '-u'\n", stderr);
+ exit(1);
+ }
/* Set console logging level. */
if ( log_level != (char *) 0 )
@@ -1158,7 +1196,7 @@ int main(argc, argv)
}
}
else
- openlog("kernel", 0, LOG_KERN);
+ openlog("kernel", log_flags, LOG_KERN);
/* Handle one-shot logging. */
@@ -1191,6 +1229,11 @@ int main(argc, argv)
}
}
+ if (server_user && drop_root()) {
+ syslog(LOG_ALERT, "klogd: failed to drop root");
+ Terminate();
+ }
+
/* The main loop. */
while (1)
{
http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain
diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8
--- sysklogd-1.4.2.orig/sysklogd.8 2004-07-09 17:33:32 +0000
+++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:40:25 +0000
@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti
.I config file
]
.RB [ " \-h " ]
+.RB [ " \-i "
+.I IP address
+]
.RB [ " \-l "
.I hostlist
]
@@ -104,6 +107,13 @@ Specifying this switch on the command li
This can cause syslog loops that fill up hard disks quite fast and
thus needs to be used with caution.
.TP
+.BI "\-i " "IP address"
+If
+.B syslogd
+is configured to accept log input from a UDP port, specify an IP address
+to bind to, rather than the default of INADDR_ANY. The address must be in
+dotted quad notation, DNS host names are not allowed.
+.TP
.BI "\-l " "hostlist"
Specify a hostname that should be logged only with its simple hostname
and not the fqdn. Multiple hosts may be specified using the colon
diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c
--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:33:22 +0000
+++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:40:25 +0000
@@ -774,6 +774,8 @@ char **LocalHosts = NULL; /* these hosts
int NoHops = 1; /* Can we bounce syslog messages through an
intermediate host. */
+char *bind_addr = NULL; /* bind UDP port to this interface only */
+
extern int errno;
/* Function prototypes. */
@@ -878,7 +880,7 @@ int main(argc, argv)
funix[i] = -1;
}
- while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF)
+ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF)
switch((char)ch) {
case 'a':
if (nfunix < MAXFUNIX)
@@ -895,9 +897,17 @@ int main(argc, argv)
case 'h':
NoHops = 0;
break;
+ case 'i':
+ if (bind_addr) {
+ fprintf(stderr, "Only one -i argument allowed, "
+ "the first one is taken.\n");
+ break;
+ }
+ bind_addr = optarg;
+ break;
case 'l':
if (LocalHosts) {
- fprintf (stderr, "Only one -l argument allowed," \
+ fprintf(stderr, "Only one -l argument allowed, "
"the first one is taken.\n");
break;
}
@@ -1244,7 +1254,7 @@ int main(argc, argv)
int usage()
{
fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
- " [-s domainlist] [-f conffile]\n");
+ " [-s domainlist] [-f conffile] [-i IP address]\n");
exit(1);
}
@@ -1286,15 +1296,22 @@ static int create_inet_socket()
int fd, on = 1;
struct sockaddr_in sin;
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_family = AF_INET;
+ sin.sin_port = LogPort;
+ if (bind_addr) {
+ if (!inet_aton(bind_addr, &sin.sin_addr)) {
+ logerror("syslog: not a valid IP address to bind to.");
+ return -1;
+ }
+ }
+
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd < 0) {
logerror("syslog: Unknown protocol, suspending inet service.");
return fd;
}
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_port = LogPort;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \
(char *) &on, sizeof(on)) < 0 ) {
logerror("setsockopt(REUSEADDR), suspending inet");
http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain
diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8
--- sysklogd-1.4.2.orig/sysklogd.8 2005-08-18 14:40:25 +0000
+++ sysklogd-1.4.2/sysklogd.8 2005-08-18 14:41:26 +0000
@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti
.RB [ " \-s "
.I domainlist
]
+.RB [ " \-u"
+.IB username
+]
.RB [ " \-v " ]
.LP
.SH DESCRIPTION
@@ -161,6 +164,19 @@ is specified and the host logging resolv
no domain would be cut, you will have to specify two domains like:
.BR "\-s north.de:infodrom.north.de" .
.TP
+.BI "\-u " "username"
+This causes the
+.B syslogd
+daemon to become the named user before starting up logging.
+
+Note that when this option is in use,
+.B syslogd
+will open all log files as root when the daemon is first started;
+however, after a
+.B SIGHUP
+the files will be reopened as the non-privileged user. You should
+take this into account when deciding the ownership of the log files.
+.TP
.B "\-v"
Print version and exit.
.LP
diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c
--- sysklogd-1.4.2.orig/syslogd.c 2005-08-18 14:40:25 +0000
+++ sysklogd-1.4.2/syslogd.c 2005-08-18 14:41:26 +0000
@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c 5.
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <resolv.h>
+
+#include <pwd.h>
+#include <grp.h>
+
#ifndef TESTING
#include "pidfile.h"
#endif
@@ -775,6 +779,7 @@ int NoHops = 1; /* Can we bounce syslog
intermediate host. */
char *bind_addr = NULL; /* bind UDP port to this interface only */
+char *server_user = NULL; /* user name to run server as */
extern int errno;
@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc)
return fcntl(desc, F_SETFL, flags | O_NONBLOCK);
}
+static int drop_root(void)
+{
+ struct passwd *pw;
+
+ if (!(pw = getpwnam(server_user))) return -1;
+
+ if (!pw->pw_uid) return -1;
+
+ if (initgroups(server_user, pw->pw_gid)) return -1;
+ if (setgid(pw->pw_gid)) return -1;
+ if (setuid(pw->pw_uid)) return -1;
+
+ return 0;
+}
+
int main(argc, argv)
int argc;
char **argv;
@@ -880,7 +900,7 @@ int main(argc, argv)
funix[i] = -1;
}
- while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF)
+ while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF)
switch((char)ch) {
case 'a':
if (nfunix < MAXFUNIX)
@@ -933,6 +953,9 @@ int main(argc, argv)
}
StripDomains = crunch_list(optarg);
break;
+ case 'u':
+ server_user = optarg;
+ break;
case 'v':
printf("syslogd %s.%s\n", VERSION, PATCHLEVEL);
exit (0);
@@ -1100,6 +1123,11 @@ int main(argc, argv)
kill (ppid, SIGTERM);
#endif
+ if (server_user && drop_root()) {
+ dprintf("syslogd: failed to drop root\n");
+ exit(1);
+ }
+
/* Main loop begins here. */
for (;;) {
int nfds;
@@ -1254,7 +1282,7 @@ int main(argc, argv)
int usage()
{
fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
- " [-s domainlist] [-f conffile] [-i IP address]\n");
+ " [-s domainlist] [-f conffile] [-i IP address] [-u username]\n");
exit(1);
}
respect env CC/CFLAGS/CPPFLAGS/LDFLAGS
--- a/Makefile
+++ b/Makefile
@@ -17,14 +17,12 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-CC= gcc
#SKFLAGS= -g -DSYSV -Wall
#LDFLAGS= -g
-SKFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce
+SKFLAGS= $(CFLAGS) $(CPPFLAGS) -DSYSV -Wall -fno-strength-reduce
# -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
# -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
# $(shell getconf LFS_SKFLAGS)
-LDFLAGS= -s
# Look where your install program is.
INSTALL = /usr/bin/install
# Config file for /etc/init.d/sysklogd
SYSLOGD="-m 0"
# send warnings and above to the console
KLOGD="-c 3 -2"
#!/sbin/runscript
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License, v2 or later
# $Header: /var/cvsroot/gentoo-x86/app-admin/sysklogd/files/sysklogd.rc6,v 1.12 2007/05/01 12:49:04 uberlord Exp $
opts="reload"
depend() {
need clock hostname cron
provide logger
}
start_daemon() {
local retval=0
local daemon="$1"
local options="$2"
[ -z "${daemon}" ] && return 1
ebegin "sysklogd -> start: ${daemon}"
start-stop-daemon --start --exec /usr/sbin/"${daemon}" \
--pidfile /var/run/"${daemon}".pid -- ${options}
retval=$?
eend ${retval} "Failed to start ${daemon}"
return ${retval}
}
stop_daemon() {
local retval=0
local daemon="$1"
[ -z "${daemon}" ] && return 1
ebegin "sysklogd -> stop: ${daemon}"
# syslogd can be stubborn some times (--retry 15)...
start-stop-daemon --stop --retry 15 --quiet --pidfile /var/run/"${daemon}".pid
retval=$?
eend ${retval} "Failed to stop ${daemon}"
return ${retval}
}
start() {
start_daemon "syslogd" "${SYSLOGD}" || return 1
# vservers should not start klogd
[ "$RC_SYS" = "VSERVER" ] && return 0
# klogd do not always start proper if started too early
sleep 1
if ! start_daemon "klogd" "${KLOGD}" ; then
stop_daemon "syslogd"
return 1
fi
return 0
}
stop() {
if [ "$RC_SYS" != "VSERVER" ]; then
stop_daemon "klogd" || return 1
fi
stop_daemon "syslogd" || return 1
return 0
}
reload() {
local ret=0
ebegin "Reloading configuration"
start-stop-daemon --stop --oknodo --signal HUP --pidfile /var/run/syslogd.pid
ret=$((${ret} + $?))
start-stop-daemon --stop --oknodo --signal USR1 --pidfile /var/run/klogd.pid
ret=$((${ret} + $?))
eend ${ret}
}
/var/log/messages /var/log/auth /var/log/mail /var/log/errors /var/log/kernel {
sharedscripts
postrotate
/etc/init.d/sysklogd --quiet reload
endscript
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment