From d6d417df24f1bd30b827daaa4c9f58edefce0414 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 19 Jul 2017 22:36:40 +0200 Subject: [PATCH] Adding state for logwatch --- top.sls | 5 +- utils/files/logwatch.conf | 24 +++ utils/files/logwatch.logfile.cron.conf | 21 +++ utils/files/logwatch.logfile.daemon.conf | 18 +++ utils/files/logwatch.logfile.fail2ban.conf | 32 ++++ utils/files/logwatch.logfile.iptables.conf | 24 +++ utils/files/logwatch.logfile.maillog.conf | 23 +++ utils/files/logwatch.logfile.named.conf | 24 +++ utils/files/logwatch.logfile.secure.conf | 26 ++++ utils/files/logwatch.logfile.syslog.conf | 19 +++ utils/files/logwatch.service.iptables.conf | 41 +++++ utils/files/logwatch.service.named.conf | 37 +++++ utils/logwatch.sls | 168 +++++++++++++++++++++ 13 files changed, 461 insertions(+), 1 deletion(-) create mode 100644 utils/files/logwatch.conf create mode 100644 utils/files/logwatch.logfile.cron.conf create mode 100644 utils/files/logwatch.logfile.daemon.conf create mode 100644 utils/files/logwatch.logfile.fail2ban.conf create mode 100644 utils/files/logwatch.logfile.iptables.conf create mode 100644 utils/files/logwatch.logfile.maillog.conf create mode 100644 utils/files/logwatch.logfile.named.conf create mode 100644 utils/files/logwatch.logfile.secure.conf create mode 100644 utils/files/logwatch.logfile.syslog.conf create mode 100644 utils/files/logwatch.service.iptables.conf create mode 100644 utils/files/logwatch.service.named.conf create mode 100644 utils/logwatch.sls diff --git a/top.sls b/top.sls index 9c03a25..9b8d483 100644 --- a/top.sls +++ b/top.sls @@ -14,10 +14,11 @@ base: - basic.shells - basic.skel - basic.root + - fail2ban + - utils.logwatch - utils.root - postfix.common - apache2 - - fail2ban - bind '.*.nexunus.net': @@ -47,6 +48,8 @@ base: - basic.shells - basic.skel - basic.root + - fail2ban + - utils.logwatch - utils.root 'liz.nexunus.net': diff --git a/utils/files/logwatch.conf b/utils/files/logwatch.conf new file mode 100644 index 0000000..b382226 --- /dev/null +++ b/utils/files/logwatch.conf @@ -0,0 +1,24 @@ +# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf) + +#Output/Format Options +#By default Logwatch will print to stdout in text with no encoding. +#To make email Default set Output = mail to save to file set Output = file +Output = stdout +#To make Html the default formatting Format = html +Format = text +#To make Base64 [aka uuencode] Encode = base64 +Encode = none + +# Default person to mail reports to. Can be a local account or a +# complete email address. Variable Output should be set to mail, or +# --output mail should be passed on command line to enable mail feature. +MailTo = frank@brehm-online.com + + +# The default detail level for the report. +# This can either be Low, Med, High or a number. +# Low = 0 +# Med = 5 +# High = 10 +Detail = High + diff --git a/utils/files/logwatch.logfile.cron.conf b/utils/files/logwatch.logfile.cron.conf new file mode 100644 index 0000000..4549bbd --- /dev/null +++ b/utils/files/logwatch.logfile.cron.conf @@ -0,0 +1,21 @@ +########################################################################## +# $Id: cron.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +#Solaris is /var/cron/log -mgt +LogFile = syslog.d/cron.log +LogFile = syslog.d/.old/cron.log-*[0-9] + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = syslog.d/.old/cron.*.gz +Archive = syslog.d/.old/cron-*.gz + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.logfile.daemon.conf b/utils/files/logwatch.logfile.daemon.conf new file mode 100644 index 0000000..d5c34fe --- /dev/null +++ b/utils/files/logwatch.logfile.daemon.conf @@ -0,0 +1,18 @@ +########################################################################### +# $Id: daemon.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################### + +# daemon log file for debian-based systems + +LogFile = syslog.d/daemon.log +LogFile = syslog.d/.old/daemon.log-*[0-9] +Archive = syslog.d/.old/daemon.log.*.gz +Archive = syslog.d/.old/daemon.log-*.gz + +*ExpandRepeats +*ApplyStdDate + +########################################################################### +# Please send all comments, suggestions, bug reports, +# etc, to logwatch-devel@lists.sourceforge.net +########################################################################### diff --git a/utils/files/logwatch.logfile.fail2ban.conf b/utils/files/logwatch.logfile.fail2ban.conf new file mode 100644 index 0000000..377e264 --- /dev/null +++ b/utils/files/logwatch.logfile.fail2ban.conf @@ -0,0 +1,32 @@ +########################################################################### +# $Id: fail2ban.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################### +# $Log: fail2ban.conf,v $ +# Revision 1.2 2006/12/15 04:53:39 bjorn +# Now using ApplyEuroDate, by Willi Mann. +# +# Revision 1.1 2006/05/30 19:04:26 bjorn +# Added fail2ban service, written by Yaroslav Halchenko. +# +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + + +*ApplyEuroDate + + +LogFile = fail2ban.log +LogFile = .old/fail2ban.log-*[0-9] + +Archive = .old/fail2ban.*.gz +Archive = .old/fail2ban-*.gz + diff --git a/utils/files/logwatch.logfile.iptables.conf b/utils/files/logwatch.logfile.iptables.conf new file mode 100644 index 0000000..3826d98 --- /dev/null +++ b/utils/files/logwatch.logfile.iptables.conf @@ -0,0 +1,24 @@ +########################################################################## +# $Id$ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = ulog/syslogemu.log + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = ulog/syslogemu.log.* +Archive = ulog/syslogemu.log-* + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.logfile.maillog.conf b/utils/files/logwatch.logfile.maillog.conf new file mode 100644 index 0000000..eff8d51 --- /dev/null +++ b/utils/files/logwatch.logfile.maillog.conf @@ -0,0 +1,23 @@ +########################################################################## +# $Id: maillog.conf,v 1.14 2007/10/01 16:55:18 mike Exp $ +########################################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = syslog.d/mail.log +LogFile = syslog.d/.old/mail.log-*[0-9] + + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +#If you use a "-" in naming add that as well -mgt +Archive = syslog.d/.old/mail.*.gz +Archive = syslog.d/.old/mail-*.gz + + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.logfile.named.conf b/utils/files/logwatch.logfile.named.conf new file mode 100644 index 0000000..90bbd17 --- /dev/null +++ b/utils/files/logwatch.logfile.named.conf @@ -0,0 +1,24 @@ +########################################################################## +# $Id$ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Frank Brehm +######################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = bind/named.log +LogFile = bind/security.log + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = bind/named.log.* +Archive = bind/named.log-* +Archive = bind/.old/named.log.* +Archive = bind/.old/named.log-* + +# Keep only the lines in the proper date range... +*ApplyBindDate + +# vi: filetype=conf shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.logfile.secure.conf b/utils/files/logwatch.logfile.secure.conf new file mode 100644 index 0000000..5e9bf27 --- /dev/null +++ b/utils/files/logwatch.logfile.secure.conf @@ -0,0 +1,26 @@ +########################################################################## +# $Id: secure.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = syslog.d/auth.log +LogFile = syslog.d/authpriv.log +LogFile = syslog.d/.old/auth.log-*[0-9] +LogFile = syslog.d/.old/authpriv.log-*[0-9] + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +#If you use a "-" in naming add that as well -mgt +Archive = syslog.d/.old/auth.*.gz +Archive = syslog.d/.old/auth-*.gz +Archive = syslog.d/.old/authpriv.*.gz +Archive = syslog.d/.old/authpriv-*.gz + + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.logfile.syslog.conf b/utils/files/logwatch.logfile.syslog.conf new file mode 100644 index 0000000..89a8570 --- /dev/null +++ b/utils/files/logwatch.logfile.syslog.conf @@ -0,0 +1,19 @@ +########################################################################### +# $Id: syslog.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################### + +# Syslog file for debian-based systems + +Logfile = +Archive = +LogFile = syslog +LogFile = .old/syslog-*[0-9] +Archive = .old/syslog.*.gz +Archive = .old/syslog-*.gz +*ExpandRepeats +#Comma separated list works best -mgt +*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty +*applystddate +# *ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.service.iptables.conf b/utils/files/logwatch.service.iptables.conf new file mode 100644 index 0000000..854e310 --- /dev/null +++ b/utils/files/logwatch.service.iptables.conf @@ -0,0 +1,41 @@ +########################################################################### +# $Id$ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "iptables firewall" + +# Which logfile group... +#LogFile = messages +LogFile = iptables + +# Set this to yes to lookup IPs in kernel firewall report +$iptables_ip_lookup = Yes + +# Set this to enable a filter on iptables/ipchains displays +# This will block out hosts who have less than the specified +# number of hits between all ports. Defaults to 0. +$iptables_host_min_count = 0 + +# If both of the following settings are enabled, two output lists +# will be produced. If none is set, the old style output is prduced. +# Set this to generate old style output (sorted by source hosts) +#$iptables_list_by_host = 0 +# Set this to generate new style output (sorted by targeted service) +$iptables_list_by_service = 1 + +######################################################## +# Please send all comments, suggestions, bug reports, +# etc, to logwatch-devel@lists.sourceforge.net +######################################################## + +# vi: shiftwidth=3 tabstop=3 et diff --git a/utils/files/logwatch.service.named.conf b/utils/files/logwatch.service.named.conf new file mode 100644 index 0000000..5e7b27b --- /dev/null +++ b/utils/files/logwatch.service.named.conf @@ -0,0 +1,37 @@ +########################################################################### +# $Id$ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Named" + +# Which logfile group... +#LogFile = messages +LogFile = named + +# Whether or not to lookup the IPs into hostnames... +# Setting this to Yes will significantly increase runtime +$named_ip_lookup = No + +# Only give lines pertaining to the named service... +#*OnlyService = named +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# vi: filetype=conf shiftwidth=3 tabstop=3 et diff --git a/utils/logwatch.sls b/utils/logwatch.sls new file mode 100644 index 0000000..ac53129 --- /dev/null +++ b/utils/logwatch.sls @@ -0,0 +1,168 @@ + +logwatch: + pkg: + - installed + +/etc/logwatch: + file.directory: + - user: root + - group: root + - dir_mode: 755 + +/etc/logwatch/conf: + file.directory: + - user: root + - group: root + - dir_mode: 755 + - require: + - file: /etc/logwatch + +/etc/logwatch/conf/logwatch.conf: + file.managed: + - source: salt://utils/files/logwatch.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf + +/etc/logwatch/conf/logfiles: + file.directory: + - user: root + - group: root + - dir_mode: 755 + - require: + - file: /etc/logwatch/conf + +/etc/logwatch/conf/logfiles/cron.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.cron.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/daemon.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.daemon.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/fail2ban.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.fail2ban.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/iptables.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.iptables.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/maillog.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.maillog.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/named.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.named.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/secure.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.secure.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/logfiles/syslog.conf: + file.managed: + - source: salt://utils/files/logwatch.logfile.syslog.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/logfiles + +/etc/logwatch/conf/services: + file.directory: + - user: root + - group: root + - dir_mode: 755 + - require: + - file: /etc/logwatch/conf + +/etc/logwatch/conf/services/iptables.conf: + file.managed: + - source: salt://utils/files/logwatch.service.iptables.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/services + +/etc/logwatch/conf/services/named.conf: + file.managed: + - source: salt://utils/files/logwatch.service.named.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - backup: minion + - require: + - pkg: logwatch + - file: /etc/logwatch/conf/services + + -- 2.39.5