From 72cd56fe4ee7219cb43a03e05a8e2e51509f8fe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Bj=C3=B6rklund?= Date: Fri, 21 Feb 2025 12:48:34 +0100 Subject: [PATCH] Rewrite of soc::rsyslog::server. --- .../modules/soc/manifests/rsyslog/server.pp | 81 +++++++------------ 1 file changed, 31 insertions(+), 50 deletions(-) diff --git a/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp b/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp index b019589..369227e 100644 --- a/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp +++ b/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp @@ -3,7 +3,6 @@ class soc::rsyslog::server( $daily_rotation = true, $syslog_servers = lookup(syslog_servers, undef, undef, []), $relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []), - $single_log_file = false, $syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'), $udp_port = lookup(udp_port, undef, undef, undef), $udp_client = lookup('udp_client', undef, undef, 'any'), @@ -13,54 +12,48 @@ class soc::rsyslog::server( $relp_client = lookup('relp_client', undef, undef, 'any'), $traditional_file_format = false, ) { - ensure_resource('package', 'rsyslog', { - ensure => 'installed' - }) - - file { '/etc/rsyslog.conf': - ensure => file, - mode => '0644', - content => template('soc/rsyslog/rsyslog.conf.erb'), - require => Package['rsyslog'], - notify => Service['rsyslog'] - } - - $default_template = $single_log_file ? - { - true => 'rsyslog-default-single-logfile.conf.erb', - false => 'rsyslog-default.conf.erb', - } - file { '/etc/rsyslog.d/50-default.conf': - ensure => file, - mode => '0644', - content => template("soc/rsyslog/${default_template}"), - require => Package['rsyslog'], - notify => Service['rsyslog'] + # Install rsyslog packages + [ 'rsyslog', 'rsyslog-relp', 'rsyslog-openssl' ].each |String $package| { + package { $package: + ensure => latest, + } } $do_remote = str2bool($syslog_enable_remote) - file { '/etc/rsyslog.d/60-remote.conf': - ensure => file, - mode => '0644', - content => template('soc/rsyslog/rsyslog-remote.conf.erb'), - require => Package['rsyslog'], + file { + '/var/log/remote': + ensure => directory, + ; + '/etc/rsyslog.conf': + ensure => file, + mode => '0644', + content => template('soc/rsyslog/rsyslog.conf.erb'), + require => Package['rsyslog'], + notify => Service['rsyslog'], + ; + '/etc/rsyslog.d/50-default.conf': + ensure => file, + mode => '0644', + content => template('soc/rsyslog/rsyslog-default.conf.erb'), + require => Package['rsyslog'], + notify => Service['rsyslog'], + ; + '/etc/rsyslog.d/60-remote.conf': + ensure => file, + mode => '0644', + content => template('soc/rsyslog/rsyslog-remote.conf.erb'), + require => Package['rsyslog'], + ; } - ensure_resource('service', 'rsyslog', { + service { 'rsyslog': ensure => 'running', - enable => true, + enabled => true, subscribe => File['/etc/rsyslog.d/60-remote.conf'], - }) - - if $relp_syslog_servers != [] { - ensure_resource('package', 'rsyslog-relp', { - ensure => 'installed' - }) } if ($tcp_port or $udp_port or $relp_port) { - if ($udp_port) { sunet::nftables::allow { "allow-syslog-udp-${udp_port}": from => $udp_client, @@ -69,7 +62,6 @@ class soc::rsyslog::server( port => $udp_port } } - if ($tcp_port) { sunet::nftables::allow { "allow-syslog-tcp-${tcp_port}": from => $tcp_client, @@ -78,7 +70,6 @@ class soc::rsyslog::server( port => $tcp_port } } - if ($relp_port) { sunet::nftables::allow { "allow-syslog-relp-${relp_port}": from => $relp_client, @@ -95,7 +86,6 @@ class soc::rsyslog::server( require => Package['rsyslog'], notify => Service['rsyslog'] } - } if ($daily_rotation == true) @@ -106,13 +96,4 @@ class soc::rsyslog::server( content => template('soc/rsyslog/rsyslog.logrotate.erb'), } } - if ($single_log_file == true and $facts['fail2ban_is_enabled'] == 'yes') { - file { '/etc/fail2ban/jail.d/sshd-rsyslog-single-logfile.conf': - ensure => file, - mode => '0644', - content => template('soc/rsyslog/fail2ban-ssh-syslog.conf.erb'), - notify => Service['fail2ban'], - } - - } }