Adding rsyslog cookbook and creating a new template for firewall monitor machine

Paulo Tada
1 parent 81a0701b
Showing 6 changed files with 142 additions and 0 deletions Show diff stats
cookbooks/firewall/templates/host-monitor/iptables-filter.erb
cookbooks/firewall/templates/host-monitor/iptables-nat.erb
cookbooks/rsyslog/recipes/node.rb
cookbooks/rsyslog/recipes/server.rb
cookbooks/rsyslog/templates/node/rsyslog.conf.erb
cookbooks/rsyslog/templates/server/rsyslog.conf.erb
@@ -0,0 +1,5 @@
+# Allow access to Rsyslog
+-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
+-A INPUT -s <%= node['peers']['social'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
+-A INPUT -s <%= node['peers']['email'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
+-A INPUT -s <%= node['peers']['database'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
 \ No newline at end of file
@@ -0,0 +1,16 @@
+# This cookbook installs a cliente rsyslog
+
+package 'rsyslog' do
+	action [:install, :upgrade]
+end
+
+template '/etc/rsyslog.conf' do
+	source "node/rsyslog.conf.erb"
+	owner 'root'
+	group 'root'
+	mode 0755
+end
+
+service 'rsyslog' do
+	action [:enable, :restart]
+end
 \ No newline at end of file
@@ -0,0 +1,16 @@
+# This cookbook installs a server rsyslog
+
+package 'rsyslog' do
+	action [:install, :upgrade]
+end
+
+template '/etc/rsyslog.conf' do
+	source 'server/rsyslog.conf.erb'
+	owner 'root'
+	group 'root'
+	mode 0755
+end
+
+service 'rsyslog' do
+	action [:enable, :restart]
+end
 \ No newline at end of file
@@ -0,0 +1,50 @@
+#### MODULES ####
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+
+#### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
+#### RULES ####
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 :omusrmsg:*
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+
+# Sending <%= node.name %> logs
+*.*                                                     @@<%= node['peers']['monitor'] %>
 \ No newline at end of file
@@ -0,0 +1,55 @@
+#### MODULES ####
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+
+# Provides TCP syslog reception
+$ModLoad imtcp
+$InputTCPServerRun 514
+
+#### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
+#### RULES ####
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 :omusrmsg:*
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+
+# SPB logs
+# Social
+if $fromhost-ip=='<%= node['peers']['social']%>' then /var/log/spb/social/social.log
 \ No newline at end of file
...	...	@@ -0,0 +1,5 @@
	1	+# Allow access to Rsyslog
	2	+-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
	3	+-A INPUT -s <%= node['peers']['social'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
	4	+-A INPUT -s <%= node['peers']['email'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
	5	+-A INPUT -s <%= node['peers']['database'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
0	6	\ No newline at end of file
...	...
...	...	@@ -0,0 +1,16 @@
	1	+# This cookbook installs a cliente rsyslog
	2	+
	3	+package 'rsyslog' do
	4	+ action [:install, :upgrade]
	5	+end
	6	+
	7	+template '/etc/rsyslog.conf' do
	8	+ source "node/rsyslog.conf.erb"
	9	+ owner 'root'
	10	+ group 'root'
	11	+ mode 0755
	12	+end
	13	+
	14	+service 'rsyslog' do
	15	+ action [:enable, :restart]
	16	+end
0	17	\ No newline at end of file
...	...
...	...	@@ -0,0 +1,16 @@
	1	+# This cookbook installs a server rsyslog
	2	+
	3	+package 'rsyslog' do
	4	+ action [:install, :upgrade]
	5	+end
	6	+
	7	+template '/etc/rsyslog.conf' do
	8	+ source 'server/rsyslog.conf.erb'
	9	+ owner 'root'
	10	+ group 'root'
	11	+ mode 0755
	12	+end
	13	+
	14	+service 'rsyslog' do
	15	+ action [:enable, :restart]
	16	+end
0	17	\ No newline at end of file
...	...
...	...	@@ -0,0 +1,50 @@
	1	+#### MODULES ####
	2	+
	3	+# The imjournal module bellow is now used as a message source instead of imuxsock.
	4	+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
	5	+$ModLoad imjournal # provides access to the systemd journal
	6	+
	7	+#### GLOBAL DIRECTIVES ####
	8	+
	9	+# Where to place auxiliary files
	10	+$WorkDirectory /var/lib/rsyslog
	11	+
	12	+# Use default timestamp format
	13	+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
	14	+
	15	+# Include all config files in /etc/rsyslog.d/
	16	+$IncludeConfig /etc/rsyslog.d/*.conf
	17	+
	18	+# Turn off message reception via local log socket;
	19	+# local messages are retrieved through imjournal now.
	20	+$OmitLocalLogging on
	21	+
	22	+# File to store the position in the journal
	23	+$IMJournalStateFile imjournal.state
	24	+
	25	+#### RULES ####
	26	+
	27	+# Log anything (except mail) of level info or higher.
	28	+# Don't log private authentication messages!
	29	+*.info;mail.none;authpriv.none;cron.none /var/log/messages
	30	+
	31	+# The authpriv file has restricted access.
	32	+authpriv.* /var/log/secure
	33	+
	34	+# Log all the mail messages in one place.
	35	+mail.* -/var/log/maillog
	36	+
	37	+# Log cron stuff
	38	+cron.* /var/log/cron
	39	+
	40	+# Everybody gets emergency messages
	41	+.emerg :omusrmsg:
	42	+
	43	+# Save news errors of level crit and higher in a special file.
	44	+uucp,news.crit /var/log/spooler
	45	+
	46	+# Save boot messages also to boot.log
	47	+local7.* /var/log/boot.log
	48	+
	49	+# Sending <%= node.name %> logs
	50	+. @@<%= node['peers']['monitor'] %>
0	51	\ No newline at end of file
...	...
...	...	@@ -0,0 +1,55 @@
	1	+#### MODULES ####
	2	+
	3	+# The imjournal module bellow is now used as a message source instead of imuxsock.
	4	+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
	5	+$ModLoad imjournal # provides access to the systemd journal
	6	+
	7	+# Provides TCP syslog reception
	8	+$ModLoad imtcp
	9	+$InputTCPServerRun 514
	10	+
	11	+#### GLOBAL DIRECTIVES ####
	12	+
	13	+# Where to place auxiliary files
	14	+$WorkDirectory /var/lib/rsyslog
	15	+
	16	+# Use default timestamp format
	17	+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
	18	+
	19	+# Include all config files in /etc/rsyslog.d/
	20	+$IncludeConfig /etc/rsyslog.d/*.conf
	21	+
	22	+# Turn off message reception via local log socket;
	23	+# local messages are retrieved through imjournal now.
	24	+$OmitLocalLogging on
	25	+
	26	+# File to store the position in the journal
	27	+$IMJournalStateFile imjournal.state
	28	+
	29	+#### RULES ####
	30	+
	31	+# Log anything (except mail) of level info or higher.
	32	+# Don't log private authentication messages!
	33	+*.info;mail.none;authpriv.none;cron.none /var/log/messages
	34	+
	35	+# The authpriv file has restricted access.
	36	+authpriv.* /var/log/secure
	37	+
	38	+# Log all the mail messages in one place.
	39	+mail.* -/var/log/maillog
	40	+
	41	+# Log cron stuff
	42	+cron.* /var/log/cron
	43	+
	44	+# Everybody gets emergency messages
	45	+.emerg :omusrmsg:
	46	+
	47	+# Save news errors of level crit and higher in a special file.
	48	+uucp,news.crit /var/log/spooler
	49	+
	50	+# Save boot messages also to boot.log
	51	+local7.* /var/log/boot.log
	52	+
	53	+# SPB logs
	54	+# Social
	55	+if $fromhost-ip=='<%= node['peers']['social']%>' then /var/log/spb/social/social.log
0	56	\ No newline at end of file
...	...