Commit 8b0771e5 authored by bob walker's avatar bob walker Committed by bob walker
Browse files

Add default attributes to determine user and group for syslog and whether to...

Add default attributes to determine user and group for syslog and whether to use privlege seperation
parent 25972ad1
......@@ -25,3 +25,26 @@ default["rsyslog"]["server_ip"] = nil
default["rsyslog"]["server_search"] = "role:loghost"
default["rsyslog"]["remote_logs"] = true
default["rsyslog"]["per_host_dir"] = "%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%"
case platform
when "debian"
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = false
when "ubuntu"
# syslog user introduced with natty package
if node['platform_version'].to_f >= 10.10 then
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = false
else
default["rsyslog"]["user"] = "syslog"
default["rsyslog"]["group"] = "adm"
default["rsyslog"]["priv_seperation"] = true
end
else
#values for fedora at least
default["rsyslog"]["user"] = "root"
default["rsyslog"]["group"] = "root"
default["rsyslog"]["priv_seperation"] = false
end
......@@ -47,8 +47,8 @@ directory "/etc/rsyslog.d" do
end
directory "/var/spool/rsyslog" do
owner "syslog"
group "adm"
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode 0755
end
......
......@@ -30,8 +30,8 @@ directory ::File.dirname(node['rsyslog']['log_dir']) do
end
directory node['rsyslog']['log_dir'] do
owner "syslog"
group "adm"
owner node['rsyslog']['user']
group node['rsyslog']['group']
mode 0755
end
......
# Generated by Chef
# Local modifications will be overwritten
$DirGroup adm
$DirGroup <%= node['rsyslog']['group'] %>
$DirCreateMode 0755
$FileGroup adm
$FileGroup <%= node['rsyslog']['group'] %>
$template PerHostAuth,"<%= @log_dir %>/<%= @per_host_dir %>/auth.log"
$template PerHostCron,"<%= @log_dir %>/<%= @per_host_dir %>/cron.log"
......
......@@ -45,14 +45,15 @@ $WorkDirectory /var/spool/rsyslog
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileOwner <%= node['rsyslog']['user'] %>
$FileGroup <%= node['rsyslog']['group'] %>
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup adm
<% if node['rsyslog']['priv_seperation'] %>
$PrivDropToUser <%= node['rsyslog']['user'] %>
$PrivDropToGroup <%= node['rsyslog']['group'] %>
<% end %>
#
# Include all config files in /etc/rsyslog.d/
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment