Add default attributes to determine user and group for syslog and whether to...

Add default attributes to determine user and group for syslog and whether to use privlege seperation

Add default attributes to determine user and group for syslog and whether to...
Add default attributes to determine user and group for syslog and whether to use privlege seperation
8b0771e5 · bob walker · bob walker · 25972ad1 · 8b0771e5 · 8b0771e5
Commit 8b0771e5 authored Sep 04, 2012 by bob walker Committed by bob walker Sep 09, 2012
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -25,3 +25,26 @@ default["rsyslog"]["server_ip"]     = nil
 default["rsyslog"]["server_search"] = "role:loghost"
 default["rsyslog"]["remote_logs"]   = true
 default["rsyslog"]["per_host_dir"]  = "%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%"
+
+case platform
+    when "debian"
+        default["rsyslog"]["user"] = "root"
+        default["rsyslog"]["group"] = "adm"
+        default["rsyslog"]["priv_seperation"] = false
+    when "ubuntu"
+        # syslog user introduced with natty package
+        if  node['platform_version'].to_f >= 10.10 then
+            default["rsyslog"]["user"] = "root"
+            default["rsyslog"]["group"] = "adm"
+            default["rsyslog"]["priv_seperation"] = false
+        else
+            default["rsyslog"]["user"] = "syslog"
+            default["rsyslog"]["group"] = "adm"
+            default["rsyslog"]["priv_seperation"] = true
+        end
+    else
+    #values for fedora at least
+        default["rsyslog"]["user"] = "root"
+        default["rsyslog"]["group"] = "root"
+        default["rsyslog"]["priv_seperation"] = false
+end
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -47,8 +47,8 @@ directory "/etc/rsyslog.d" do
 end

 directory "/var/spool/rsyslog" do
-  owner "syslog"
-  group "adm"
+  owner node['rsyslog']['user']
+  group node['rsyslog']['group']
  mode 0755
 end


--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -30,8 +30,8 @@ directory ::File.dirname(node['rsyslog']['log_dir']) do
 end

 directory node['rsyslog']['log_dir'] do
-  owner "syslog"
-  group "adm"
+  owner node['rsyslog']['user']
+  group node['rsyslog']['group']
  mode 0755
 end


--- a/templates/default/35-server-per-host.conf.erb
+++ b/templates/default/35-server-per-host.conf.erb
 # Generated by Chef
 # Local modifications will be overwritten

-$DirGroup adm
+$DirGroup <%= node['rsyslog']['group'] %> 
 $DirCreateMode 0755
-$FileGroup adm
+$FileGroup <%= node['rsyslog']['group'] %>

 $template PerHostAuth,"<%= @log_dir %>/<%= @per_host_dir %>/auth.log"
 $template PerHostCron,"<%= @log_dir %>/<%= @per_host_dir %>/cron.log"

--- a/templates/default/rsyslog.conf.erb
+++ b/templates/default/rsyslog.conf.erb
@@ -45,14 +45,15 @@ $WorkDirectory /var/spool/rsyslog
 #
 # Set the default permissions for all log files.
 #
-$FileOwner syslog
-$FileGroup adm
+$FileOwner <%= node['rsyslog']['user'] %>
+$FileGroup <%= node['rsyslog']['group'] %>
 $FileCreateMode 0640
 $DirCreateMode 0755
 $Umask 0022
-$PrivDropToUser syslog
-$PrivDropToGroup adm
-
+<% if node['rsyslog']['priv_seperation'] %>
+$PrivDropToUser <%= node['rsyslog']['user'] %>
+$PrivDropToGroup <%= node['rsyslog']['group'] %>
+<% end %>
 #
 # Include all config files in /etc/rsyslog.d/
 #