Reviewed-by: Michael Tremer Thank you! > On 6 Oct 2021, at 14:48, Adolf Belka wrote: > > - Addition of mdadm module to logwatch > - Addition of logwatch to sudoers list to run mdadm commands > - patch to change logwatch mdadm.conf to allow scan for raid drives, change mdadm script > to run mdadm scan commands with sudo, allow clean but degraded drives to be listed > in the output. > > Fixes: 12080 > Tested-by: Adolf Belka > Signed-off-by: Adolf Belka > --- > config/logwatch/sudoers/logwatch-mdadm | 2 + > config/rootfiles/common/logwatch | 6 ++- > lfs/logwatch | 8 +++- > .../logwatch-7.5.5-enable-mdadm-sudo.patch | 46 +++++++++++++++++++ > 4 files changed, 59 insertions(+), 3 deletions(-) > create mode 100644 config/logwatch/sudoers/logwatch-mdadm > create mode 100644 src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch > > diff --git a/config/logwatch/sudoers/logwatch-mdadm b/config/logwatch/sudoers/logwatch-mdadm > new file mode 100644 > index 000000000..cdc524def > --- /dev/null > +++ b/config/logwatch/sudoers/logwatch-mdadm > @@ -0,0 +1,2 @@ > +# The following commands need to be executed by logwatch in case there's an MD Raid > +logwatch ALL=(root) NOPASSWD: /sbin/mdadm --misc --detail /dev/md*, /sbin/mdadm --detail --scan > diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch > index c47fb4199..1e4a0a81b 100644 > --- a/config/rootfiles/common/logwatch > +++ b/config/rootfiles/common/logwatch > @@ -3,6 +3,8 @@ etc/logwatch/conf > #etc/logwatch/logwatch.cron > etc/logwatch/scripts > etc/logwatch/scripts/services > +#etc/sudoers.d > +etc/sudoers.d/logwatch-mdadm > usr/sbin/logwatch > #usr/share/logwatch > #usr/share/logwatch/HOWTO-Customize-LogWatch > @@ -117,7 +119,7 @@ usr/share/logwatch/default.conf/services/kernel.conf > #usr/share/logwatch/default.conf/services/knockd.conf > #usr/share/logwatch/default.conf/services/lvm.conf > #usr/share/logwatch/default.conf/services/mailscanner.conf > -#usr/share/logwatch/default.conf/services/mdadm.conf > +usr/share/logwatch/default.conf/services/mdadm.conf > #usr/share/logwatch/default.conf/services/mod_security2.conf > usr/share/logwatch/default.conf/services/modprobe.conf > #usr/share/logwatch/default.conf/services/mountd.conf > @@ -262,7 +264,7 @@ usr/share/logwatch/scripts/services/kernel > #usr/share/logwatch/scripts/services/knockd > #usr/share/logwatch/scripts/services/lvm > #usr/share/logwatch/scripts/services/mailscanner > -#usr/share/logwatch/scripts/services/mdadm > +usr/share/logwatch/scripts/services/mdadm > #usr/share/logwatch/scripts/services/mod_security2 > usr/share/logwatch/scripts/services/modprobe > #usr/share/logwatch/scripts/services/mountd > diff --git a/lfs/logwatch b/lfs/logwatch > index 8baaef2ce..628dafe6f 100644 > --- a/lfs/logwatch > +++ b/lfs/logwatch > @@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > > cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch > cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.5.4-disable_iptables.patch > + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch > > @cd $(DIR_APP) && chmod 755 install_logwatch.sh > cd $(DIR_APP) && yes "" | ./install_logwatch.sh > @@ -103,6 +104,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > chmod -v 755 /var/log/logwatch > -rm -rf /etc/logwatch/conf > ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf > - > + > + -mkdir -p /etc/sudoers.d > + chmod -v 755 /etc/sudoers.d > + install -v -m 644 $(DIR_SRC)/config/logwatch/sudoers/logwatch-mdadm \ > + /etc/sudoers.d/logwatch-mdadm > + > @rm -rf $(DIR_APP) > @$(POSTBUILD) > diff --git a/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch > new file mode 100644 > index 000000000..b7034077b > --- /dev/null > +++ b/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch > @@ -0,0 +1,46 @@ > +diff -Naur logwatch-7.5.5-orig/conf/services/mdadm.conf logwatch-7.5.5/conf/services/mdadm.conf > +--- logwatch-7.5.5-orig/conf/services/mdadm.conf 2021-01-22 21:59:40.000000000 +0100 > ++++ logwatch-7.5.5/conf/services/mdadm.conf 2021-10-04 13:52:30.850057355 +0200 > +@@ -13,7 +13,7 @@ > + # Logwatch will try to find md devices in /etc/mdadm.conf or > + # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively > + # for md devices. Set to 'Yes' to enable active scanning: > +-$mdadm_enable_scan = No > ++$mdadm_enable_scan = Yes > + > + # Logwatch will emit an error for md devices listed in /etc/mdadm.conf > + # that are not present. If you do not want this (e.g. raid devices may come > +diff -Naur logwatch-7.5.5-orig/scripts/services/mdadm logwatch-7.5.5/scripts/services/mdadm > +--- logwatch-7.5.5-orig/scripts/services/mdadm 2021-01-22 21:59:40.000000000 +0100 > ++++ logwatch-7.5.5/scripts/services/mdadm 2021-10-06 11:41:14.800307603 +0200 > +@@ -35,7 +35,7 @@ > + } elsif ( -f "/etc/mdadm/mdadm.conf" ) { > + open(MDADM,"< /etc/mdadm/mdadm.conf"); > + } elsif ($enable_scan) { > +- open(MDADM,"mdadm --detail --scan 2>/dev/null|"); > ++ open(MDADM,"sudo mdadm --detail --scan 2>/dev/null|"); > + } > + while () { > + if (/^ARRAY/) { > +@@ -51,7 +51,7 @@ > + next; > + } > + > +- open(MDADM,"mdadm --misc --detail $dev 2>&1 |"); > ++ open(MDADM,"sudo mdadm --misc --detail $dev 2>&1 |"); > + while () { > + if ($_ =~ /cannot open .*: No such file or directory/) { > + print $_ unless $ignore_missing; > +@@ -74,7 +74,11 @@ > + > + if ($Detail <= 4) { > + if (lc($mdhash{'state'}) =~ /clean|active/) { > +- print "$dev : $mdhash{'state'}\n" if $Detail; > ++ if (lc($mdhash{'state'}) =~ /degraded/) { > ++ print "$dev : $mdhash{'state'}\n"; > ++ } else { > ++ print "$dev : $mdhash{'state'}\n" if $Detail; > ++ } > + } else { > + print "$dev : $mdhash{'state'}\n"; > + if (defined($mdhash{'middle devices'})) { > -- > 2.33.0 >