From 25847d30f9663736f0a9bd141055377b6fe06c0b Mon Sep 17 00:00:00 2001
From: Paulo Tada <paulohtfs@gmail.com>
Date: Thu, 20 Aug 2015 16:27:43 -0300
Subject: [PATCH] Adding rsyslog cookbook and creating a new template for firewall monitor machine

---
 cookbooks/firewall/templates/host-monitor/iptables-filter.erb |  5 +++++
 cookbooks/firewall/templates/host-monitor/iptables-nat.erb    |  0
 cookbooks/rsyslog/recipes/node.rb                             | 16 ++++++++++++++++
 cookbooks/rsyslog/recipes/server.rb                           | 16 ++++++++++++++++
 cookbooks/rsyslog/templates/node/rsyslog.conf.erb             | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 cookbooks/rsyslog/templates/server/rsyslog.conf.erb           | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 142 insertions(+), 0 deletions(-)
 create mode 100644 cookbooks/firewall/templates/host-monitor/iptables-filter.erb
 create mode 100644 cookbooks/firewall/templates/host-monitor/iptables-nat.erb
 create mode 100644 cookbooks/rsyslog/recipes/node.rb
 create mode 100644 cookbooks/rsyslog/recipes/server.rb
 create mode 100644 cookbooks/rsyslog/templates/node/rsyslog.conf.erb
 create mode 100644 cookbooks/rsyslog/templates/server/rsyslog.conf.erb

diff --git a/cookbooks/firewall/templates/host-monitor/iptables-filter.erb b/cookbooks/firewall/templates/host-monitor/iptables-filter.erb
new file mode 100644
index 0000000..4e72d4d
--- /dev/null
+++ b/cookbooks/firewall/templates/host-monitor/iptables-filter.erb
@@ -0,0 +1,5 @@
+# Allow access to Rsyslog
+-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
+-A INPUT -s <%= node['peers']['social'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
+-A INPUT -s <%= node['peers']['email'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
+-A INPUT -s <%= node['peers']['database'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
\ No newline at end of file
diff --git a/cookbooks/firewall/templates/host-monitor/iptables-nat.erb b/cookbooks/firewall/templates/host-monitor/iptables-nat.erb
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/cookbooks/firewall/templates/host-monitor/iptables-nat.erb
diff --git a/cookbooks/rsyslog/recipes/node.rb b/cookbooks/rsyslog/recipes/node.rb
new file mode 100644
index 0000000..bae4bdb
--- /dev/null
+++ b/cookbooks/rsyslog/recipes/node.rb
@@ -0,0 +1,16 @@
+# This cookbook installs a cliente rsyslog
+
+package 'rsyslog' do
+	action [:install, :upgrade]
+end
+
+template '/etc/rsyslog.conf' do
+	source "node/rsyslog.conf.erb"
+	owner 'root'
+	group 'root'
+	mode 0755
+end
+
+service 'rsyslog' do
+	action [:enable, :restart]
+end
\ No newline at end of file
diff --git a/cookbooks/rsyslog/recipes/server.rb b/cookbooks/rsyslog/recipes/server.rb
new file mode 100644
index 0000000..babdfa6
--- /dev/null
+++ b/cookbooks/rsyslog/recipes/server.rb
@@ -0,0 +1,16 @@
+# This cookbook installs a server rsyslog
+
+package 'rsyslog' do
+	action [:install, :upgrade]
+end
+
+template '/etc/rsyslog.conf' do
+	source 'server/rsyslog.conf.erb'
+	owner 'root'
+	group 'root'
+	mode 0755
+end
+
+service 'rsyslog' do
+	action [:enable, :restart]
+end
\ No newline at end of file
diff --git a/cookbooks/rsyslog/templates/node/rsyslog.conf.erb b/cookbooks/rsyslog/templates/node/rsyslog.conf.erb
new file mode 100644
index 0000000..1fbbd02
--- /dev/null
+++ b/cookbooks/rsyslog/templates/node/rsyslog.conf.erb
@@ -0,0 +1,50 @@
+#### MODULES ####
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+
+#### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
+#### RULES ####
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 :omusrmsg:*
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+
+# Sending <%= node.name %> logs
+*.*                                                     @@<%= node['peers']['monitor'] %>
\ No newline at end of file
diff --git a/cookbooks/rsyslog/templates/server/rsyslog.conf.erb b/cookbooks/rsyslog/templates/server/rsyslog.conf.erb
new file mode 100644
index 0000000..4c4c3dd
--- /dev/null
+++ b/cookbooks/rsyslog/templates/server/rsyslog.conf.erb
@@ -0,0 +1,55 @@
+#### MODULES ####
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+
+# Provides TCP syslog reception
+$ModLoad imtcp
+$InputTCPServerRun 514
+
+#### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
+#### RULES ####
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 :omusrmsg:*
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+
+# SPB logs
+# Social
+if $fromhost-ip=='<%= node['peers']['social']%>' then /var/log/spb/social/social.log
\ No newline at end of file
--
libgit2 0.21.2