[PATCH 1/3] apply logging settings for OpenSSH correctly

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH 1/3] apply logging settings for OpenSSH correctly
@ 2018-05-01 12:40 Peter Müller
  2018-05-30 11:29 ` Michael Tremer
  0 siblings, 1 reply; 3+ messages in thread
From: Peter Müller @ 2018-05-01 12:40 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1729 bytes --]

The logging settings for OpenSSH (log to syslog with "AUTH"
facility at "INFO" level) were not applied correctly. This
patch fixes that for both installed systems and the LFS file.

Partially addresses #11538.

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
 config/rootfiles/core/121/update.sh | 6 ++++++
 lfs/openssh                         | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh
index 87d5f6ebd..5b8f2c86e 100644
--- a/config/rootfiles/core/121/update.sh
+++ b/config/rootfiles/core/121/update.sh
@@ -56,7 +56,13 @@ rm -rvf \
 	/usr/share/nagios/ \
 	/var/nagios/
 
+# Update SSH configuration
+sed -i /etc/ssh/sshd_config \
+	-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
+	-e 's/^#LogLevel INFO$/LogLevel INFO/'
+
 # Start services
+/etc/init.d/sshd restart
 /etc/init.d/apache restart
 
 # This update needs a reboot...
diff --git a/lfs/openssh b/lfs/openssh
index 203446370..46561953d 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -91,8 +91,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		-e 's/^#\?IgnoreUserKnownHosts .*$$/IgnoreUserKnownHosts yes/' \
 		-e 's/^#\?UsePAM .*$$//' \
 		-e 's/^#\?X11Forwarding .*$$/X11Forwarding no/' \
-		-e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/' \
-		-e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
+		-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
+		-e 's/^#LogLevel INFO$/LogLevel INFO/' \
 		-e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
 		-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
 		-e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \
-- 
2.13.6


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/3] apply logging settings for OpenSSH correctly
  2018-05-01 12:40 [PATCH 1/3] apply logging settings for OpenSSH correctly Peter Müller
@ 2018-05-30 11:29 ` Michael Tremer
  2018-05-30 19:47   ` Peter Müller
  0 siblings, 1 reply; 3+ messages in thread
From: Michael Tremer @ 2018-05-30 11:29 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 3135 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I guess this looks good.

The problem here certainly was that editing a file that comes from upstream with
sed is not a good idea. One line changed can cause the sed to do nothing and we
won't even notice it. Therefore, in the future, I will only accept patches for
changes like this. Those won't apply and then we can investigate why.

Best,
- -Michael

On Tue, 2018-05-01 at 14:40 +0200, Peter Müller wrote:
> The logging settings for OpenSSH (log to syslog with "AUTH"
> facility at "INFO" level) were not applied correctly. This
> patch fixes that for both installed systems and the LFS file.
> 
> Partially addresses #11538.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> ---
>  config/rootfiles/core/121/update.sh | 6 ++++++
>  lfs/openssh                         | 4 ++--
>  2 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/config/rootfiles/core/121/update.sh
> b/config/rootfiles/core/121/update.sh
> index 87d5f6ebd..5b8f2c86e 100644
> --- a/config/rootfiles/core/121/update.sh
> +++ b/config/rootfiles/core/121/update.sh
> @@ -56,7 +56,13 @@ rm -rvf \
>  	/usr/share/nagios/ \
>  	/var/nagios/
>  
> +# Update SSH configuration
> +sed -i /etc/ssh/sshd_config \
> +	-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
> +	-e 's/^#LogLevel INFO$/LogLevel INFO/'
> +
>  # Start services
> +/etc/init.d/sshd restart
>  /etc/init.d/apache restart
>  
>  # This update needs a reboot...
> diff --git a/lfs/openssh b/lfs/openssh
> index 203446370..46561953d 100644
> --- a/lfs/openssh
> +++ b/lfs/openssh
> @@ -91,8 +91,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  		-e 's/^#\?IgnoreUserKnownHosts .*$$/IgnoreUserKnownHosts
> yes/' \
>  		-e 's/^#\?UsePAM .*$$//' \
>  		-e 's/^#\?X11Forwarding .*$$/X11Forwarding no/' \
> -		-e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/' \
> -		-e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
> +		-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
> +		-e 's/^#LogLevel INFO$/LogLevel INFO/' \
>  		-e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
>  		-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
>  		-e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5/rW5l3GGe2ypktxgHnw/2+QCQcFAlsOiw4ACgkQgHnw/2+Q
CQdTEw//YlhxZ+tWo9FosukgobdG6nh2bSc9dNm2VDu7e3mXiYp4jjKipW06cBzT
53X0CNDyLLlCxMoU+KX4UzMVsGLi0MIQDXc6cFYxnnjM32r4/yvVEuKN1QcdHXXG
aZcdDgQvpoN2Ao0wIWBAmyY6GkKmXBhdM0PMy7367xpKnGfyr/9uucW25j8vo8Lp
qmGbai52/Eg0lCBgWHNh3P9EqMS8ddjop90a/MKVY+CCQY0DsxN/z4Ijqgx1GApn
39C/mosCE+Wt0rOdJiomVLEvV7bR0SBe3S3j6J2/0er4RVnTb3X74JvBsIsn1RNl
rU5UY35eaBSNGDLrGrpYsJ/0L5NVzqMFFxZnKAy150Ge3Gc/fjZ94q4gV+j2R8SH
FNbsEXCMkX06SnLK1WaMpvbCu0SivS7DCphE1SWcX3rGHrcPrQh2bqTEw62sgGQM
IeSTKlO+1ZSODQbP8byYCgqnjRmsP2xLQLbkcgkMPExkXaLqG/sK+mWaJPGr/Rjf
y9rOlWgWliv6jDbfDjQjHI+VINuPJNm0qn7ZVTQC9EB+/Xt/D33Z7zbmfATTmHHg
wgPbIyTULlRjo9aulpPCx2hEp7lVWH5OMkFtBI5u9PwDnlmxHCQLdb/kV+gLOX2+
C42G09Ils+8rvkiQZUFN2pHNake3URdRu0SYwuPJROO8pvjGHjs=
=9jb+
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/3] apply logging settings for OpenSSH correctly
  2018-05-30 11:29 ` Michael Tremer
@ 2018-05-30 19:47   ` Peter Müller
  0 siblings, 0 replies; 3+ messages in thread
From: Peter Müller @ 2018-05-30 19:47 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2960 bytes --]

Hello Michael,

since we edit a lot of settings in the sshd_config file (and perhaps in
the ssh_config file, too, when it comes to cipher selection), should we
introduce a completely own config file? If so, how do I do so?

We still need to manipulate it via sed for existing installations (via
the update.sh script), but we could omit the procedure during building
the package.

As most of the config file is commented out by default, it could
also be made much smaller and easier to read, only containing settings
different than the defaults.

Best regards,
Peter Müller

> I guess this looks good.
> 
> The problem here certainly was that editing a file that comes from upstream with
> sed is not a good idea. One line changed can cause the sed to do nothing and we
> won't even notice it. Therefore, in the future, I will only accept patches for
> changes like this. Those won't apply and then we can investigate why.
> 
> Best,
> -Michael
> 
> On Tue, 2018-05-01 at 14:40 +0200, Peter Müller wrote:
>> The logging settings for OpenSSH (log to syslog with "AUTH"
>> facility at "INFO" level) were not applied correctly. This
>> patch fixes that for both installed systems and the LFS file.
> 
>> Partially addresses #11538.
> 
>> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
>> ---
>>  config/rootfiles/core/121/update.sh | 6 ++++++
>>  lfs/openssh                         | 4 ++--
>>  2 files changed, 8 insertions(+), 2 deletions(-)
> 
>> diff --git a/config/rootfiles/core/121/update.sh
>> b/config/rootfiles/core/121/update.sh
>> index 87d5f6ebd..5b8f2c86e 100644
>> --- a/config/rootfiles/core/121/update.sh
>> +++ b/config/rootfiles/core/121/update.sh
>> @@ -56,7 +56,13 @@ rm -rvf \
>>  	/usr/share/nagios/ \
>>  	/var/nagios/
> 
>> +# Update SSH configuration
>> +sed -i /etc/ssh/sshd_config \
>> +	-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
>> +	-e 's/^#LogLevel INFO$/LogLevel INFO/'
>> +
>>  # Start services
>> +/etc/init.d/sshd restart
>>  /etc/init.d/apache restart
> 
>>  # This update needs a reboot...
>> diff --git a/lfs/openssh b/lfs/openssh
>> index 203446370..46561953d 100644
>> --- a/lfs/openssh
>> +++ b/lfs/openssh
>> @@ -91,8 +91,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>  		-e 's/^#\?IgnoreUserKnownHosts .*$$/IgnoreUserKnownHosts
>> yes/' \
>>  		-e 's/^#\?UsePAM .*$$//' \
>>  		-e 's/^#\?X11Forwarding .*$$/X11Forwarding no/' \
>> -		-e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/' \
>> -		-e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
>> +		-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
>> +		-e 's/^#LogLevel INFO$/LogLevel INFO/' \
>>  		-e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
>>  		-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
>>  		-e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \
> 

-- 
"We don't care.  We don't have to.  We're the Phone Company."


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-05-30 19:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-01 12:40 [PATCH 1/3] apply logging settings for OpenSSH correctly Peter Müller
2018-05-30 11:29 ` Michael Tremer
2018-05-30 19:47   ` Peter Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox