PE-4076: Rsyslog and logrotate changes (#225)

* rsyslog logrotate installation * config update * conf changes * log duplicate issue fix and file permission and ownership fix * rsyslog conf in providers and adm group not in opensuse fix * group change
spectrocloud · Jul 26, 2024 · 769bfee · 769bfee
1 parent 4578a0c
commit 769bfee
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 3 deletions.
diff --git a/Earthfile b/Earthfile
@@ -290,6 +290,7 @@ uki-provider-image:
     RUN apt-get update && apt-get install -y rsync
 
     WORKDIR /
+    COPY overlay/files/etc/ /etc/
     COPY +luet/luet /usr/bin/luet
     COPY +kairos-agent/kairos-agent /usr/bin/kairos-agent
     COPY --platform=linux/${ARCH} +trust-boot-unpack/ /trusted-boot
@@ -589,6 +590,7 @@ provider-image:
         ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG
     END
 
+    COPY overlay/files/etc/ /etc/
     COPY  --platform=linux/${ARCH} +kairos-provider-image/ /
     COPY +stylus-image/etc/kairos/branding /etc/kairos/branding
     COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml
@@ -725,7 +727,7 @@ base-image:
         END
 
         RUN apt-get update && \
-            apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool -y
+            apt-get install --no-install-recommends kbd zstd vim iputils-ping bridge-utils curl tcpdump ethtool rsyslog logrotate -y
 
         IF [ "$UPDATE_KERNEL" = "false" ]
             RUN if dpkg -l "linux-image-generic-hwe-$OS_VERSION" > /dev/null; then apt-mark hold "linux-image-generic-hwe-$OS_VERSION" "linux-headers-generic-hwe-$OS_VERSION" "linux-generic-hwe-$OS_VERSION" ; fi && \
@@ -785,7 +787,7 @@ base-image:
     END
 
     IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ]
-        RUN zypper install -y apparmor-parser apparmor-profiles
+        RUN zypper install -y apparmor-parser apparmor-profiles rsyslog logrotate
         RUN zypper cc && \
             zypper clean
         RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi
@@ -804,7 +806,7 @@ base-image:
     RUN --no-cache luet repo update
 
     IF [ "$OS_DISTRIBUTION" = "rhel" ]
-        RUN yum install -y openssl
+        RUN yum install -y openssl rsyslog logrotate
     END
 
     IF [ "$OS_DISTRIBUTION" = "sles" ]

diff --git a/overlay/files/etc/logrotate.d/stylus.conf b/overlay/files/etc/logrotate.d/stylus.conf
@@ -0,0 +1,12 @@
+/var/log/stylus-audit.log {
+    yearly
+    rotate 2
+    missingok
+    notifempty
+    compress
+    delaycompress
+    dateext
+    dateformat -%m-%Y
+    size 100M
+    create 600 root root
+}
diff --git a/overlay/files/etc/rsyslog.d/49-stylus.conf b/overlay/files/etc/rsyslog.d/49-stylus.conf
@@ -0,0 +1,19 @@
+# Running rsyslog as root. 
+# TODO: should this be done or change acceptance criteria to about audit log file permissions accordingly 
+$PrivDropToUser root
+# default config has $Umask 0022 set. That breaks any config related to masks and modes.
+$Umask 0000
+
+# Mesage format as per rfc5424.
+$template ForwardFormat,"<%pri%>1 %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag% %procid% - - %msg%\n"
+
+# route messages with facility local7 and severity notice to /var/log/stylus-audit.log
+if ($syslogfacility-text == 'local7' and $syslogseverity-text == 'notice') then{
+    action(
+        type="omfile" 
+        file="/var/log/stylus-audit.log" 
+		FileCreateMode="0600"
+		fileowner="root"
+        template="ForwardFormat"
+	) & stop
+}
diff --git a/slem/Dockerfile b/slem/Dockerfile
@@ -22,6 +22,8 @@ RUN zypper in --force-resolution -y --no-allow-vendor-change \
     fail2ban \
     lldpd \
     nethogs \
+    rsyslog \
+    logrotate \
     && zypper cc
 # NOTE: removed dhcp-client
 RUN mkdir -p /run/lock