Index: /trunk/host/debian/scripts-syslog-ng-config/d_zroot.pl =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/d_zroot.pl (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/d_zroot.pl (revision 1969) @@ -0,0 +1,134 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Sys::Hostname; +use Time::HiRes qw(ualarm); +use File::Temp; + +our $ZCLASS = "scripts-auto"; +our @USERS = qw/root logview/; +my $k5login; +open $k5login, '/root/.k5login'; +our @RECIPIENTS = map {chomp; m|([^/@]*)| && $1} <$k5login>; +close $k5login; + +our %USERS; +@USERS{@USERS} = undef; + +sub zwrite($;$$@) { + my ($message, $class, $instance, @recipients) = @_; + $class ||= $ZCLASS; + $instance ||= 'root.'.hostname; + open(ZWRITE, "|-", qw|/usr/bin/zwrite -d -n -O log -c|, $class, '-i', $instance, '-s', hostname, @recipients) or die "Couldn't open zwrite"; + print ZWRITE $message; + close(ZWRITE); +} + +my %toclass; + +my %sshkeys; + +sub buildKeyMap($) { + my ($file) = @_; + open (KEYS, $file) or (warn "Couldn't open $file: $!\n" and return); + while () { + chomp; + my ($fingerprint, $comment) = parseKey($_); + $sshkeys{$fingerprint} = $comment; + } + close(KEYS); +} + +sub parseKey($) { + my ($key) = @_; + my $tmp = new File::Temp; + print $tmp $key; + close $tmp; + open (KEYGEN, "-|", qw(/usr/bin/ssh-keygen -l -f), $tmp) or die "Couldn't call ssh-keygen: $!"; + my ($line) = ; + close(KEYGEN); + my (undef, $fingerprint, undef) = split(' ', $line, 3); + my (undef, undef, $comment) = split(' ', $key, 3); + #print "$fingerprint $comment"; + return ($fingerprint, $comment); +} + +buildKeyMap("/root/.ssh/authorized_keys"); +buildKeyMap("/root/.ssh/authorized_keys2"); + +my @message; + +while (my $line = <>) { + @message = $line; + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required + ualarm(500*1000); + while (<>) { push @message, $_; } + }; + chomp @message; + map { s/^(.*?): // } @message; + %toclass = (); + foreach my $message (@message) { + sub sendmsg ($;$) { + my ($message, $class) = @_; + $class ||= $ZCLASS; + $toclass{$class} .= $message."\n"; + } + if ($message =~ m|Accepted (\S+) for (\S+)|) { + sendmsg($message) if exists $USERS{$2} + } elsif ($message =~ m|Authorized to (\S+),|) { + sendmsg($message) if exists $USERS{$1}; + } elsif ($message =~ m|Root (\S+) shell|) { + sendmsg($message); + } elsif ($message =~ m|pam_unix\(([^:]+):session\): session \S+ for user (\S+)|) { + sendmsg($message) if $1 ne "cron" and exists $USERS{$2}; + } elsif ($message =~ m|^Found matching (\w+) key: (\S+)|) { + if ($sshkeys{$2}) { + sendmsg($message." (".$sshkeys{$2}.")"); + } else { + sendmsg($message." (UNKNOWN KEY)"); + } + } elsif ($message =~ m|^Out of memory:|) { + sendmsg($message); + } elsif ($message =~ m|^giving \S+ admin rights|) { + sendmsg($message); + } elsif ($message =~ m|^Connection closed|) { + # Do nothing + } elsif ($message =~ m|^Closing connection to |) { + } elsif ($message =~ m|^Connection from (\S+) port (\S+)|) { + } elsif ($message =~ m|^Invalid user|) { + } elsif ($message =~ m|^input_userauth_request: invalid user|) { + } elsif ($message =~ m|^Received disconnect from|) { + } elsif ($message =~ m|^Postponed keyboard-interactive|) { + } elsif ($message =~ m|^Failed keyboard-interactive/pam|) { + } elsif ($message =~ m|^fatal: Read from socket failed: Connection reset by peer$|) { + } elsif ($message =~ m|^reverse mapping checking getaddrinfo|) { + } elsif ($message =~ m|^pam_succeed_if\(sshd\:auth\)\:|) { + } elsif ($message =~ m|^error: PAM: Authentication failure|) { + } elsif ($message =~ m|^pam_unix\(sshd:auth\): authentication failure|) { + } elsif ($message =~ m|^pam_unix\(sshd:auth\): check pass; user unknown|) { + } elsif ($message =~ m|^Postponed keyboard-interactive for invalid user |) { + } elsif ($message =~ m|^Failed keyboard-interactive/pam for invalid user |) { + } elsif ($message =~ m|^Postponed gssapi-with-mic for |) { + } elsif ($message =~ m|^Address \S+ maps to \S+, but this does not map back to the address|) { + } elsif ($message =~ m|^Nasty PTR record .* is set up for .*, ignoring|) { + } elsif ($message =~ m|^User child is on pid \d+$|) { + } elsif ($message =~ m|^Transferred: sent \d+, received \d+ bytes$|) { + } elsif ($message =~ m|^Setting tty modes failed: Invalid argument$|) { + } elsif ($message =~ m|^ *nrpe .* COMMAND=/etc/nagios/check_ldap_mmr.real$|) { + } elsif ($message =~ m|^ *root : TTY=|) { + } elsif ($message =~ m|^Set /proc/self/oom_adj to |) { + } else { + sendmsg($message, "scripts-spew"); + } + } + + foreach my $class (keys %toclass) { + if ($class eq "scripts-auto") { + zwrite($toclass{$class}, $class); + } else { + zwrite($toclass{$class}, $class, undef, @RECIPIENTS); + } + } +} Index: /trunk/host/debian/scripts-syslog-ng-config/debian/changelog =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/changelog (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/changelog (revision 1969) @@ -0,0 +1,12 @@ +scripts-syslog-ng-config (0.2) unstable; urgency=low + + * Move d_zroot into /usr/lib + + -- Quentin Smith Mon, 05 Sep 2011 15:01:04 -0400 + +scripts-syslog-ng-config (0.1) stable; urgency=low + + * Initial release + + -- Alexander Chernyakhovsky Mon, 05 Sep 2011 14:45:27 -0400 + Index: /trunk/host/debian/scripts-syslog-ng-config/debian/compat =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/compat (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/compat (revision 1969) @@ -0,0 +1,1 @@ +7 Index: /trunk/host/debian/scripts-syslog-ng-config/debian/control =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/control (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/control (revision 1969) @@ -0,0 +1,14 @@ +Source: scripts-syslog-ng-config +Section: misc +Priority: extra +Maintainer: scripts team +Build-Depends: cdbs, debhelper (>= 7.0.50~), config-package-dev, syslog-ng, +Standards-Version: 3.9.1 +Homepage: http://scripts.mit.edu/ + +Package: scripts-syslog-ng-config +Architecture: all +Depends: ${misc:Depends}, + syslog-ng, +Description: Configures syslog-ng for zephyr logging + Configures a machine to log messages sent to syslog-ng to zephyr. Index: /trunk/host/debian/scripts-syslog-ng-config/debian/copyright =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/copyright (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/copyright (revision 1969) @@ -0,0 +1,22 @@ +This work was packaged for Debian by: + + Alexander Chernyakhovsky on Mon, 05 Sep 2011 14:42:37 -0400 + +It was downloaded from: + + http://scripts.mit.edu + +Copyright: + + Copyright (C) 2011 Alexander Chernyakhovsky + +License: + + GPLv2+ + +The Debian packaging is: + + Copyright (C) 2011 Alexander Chernyakhovsky + +and is licensed under the GPL version 2 +see "/usr/share/common-licenses/GPL-2". Index: /trunk/host/debian/scripts-syslog-ng-config/debian/rules =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/rules (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/rules (revision 1969) @@ -0,0 +1,7 @@ +#!/usr/bin/make -f + +DEB_TRANSFORM_FILES_scripts-syslog-ng-config = /etc/syslog-ng/syslog-ng.conf.divert + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/config-package.mk + Index: /trunk/host/debian/scripts-syslog-ng-config/debian/scripts-syslog-ng-config.install =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/scripts-syslog-ng-config.install (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/scripts-syslog-ng-config.install (revision 1969) @@ -0,0 +1,1 @@ +d_zroot.pl /usr/lib/scripts-syslog-ng-config/ Index: /trunk/host/debian/scripts-syslog-ng-config/debian/scripts-syslog-ng-config.postinst =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/scripts-syslog-ng-config.postinst (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/scripts-syslog-ng-config.postinst (revision 1969) @@ -0,0 +1,44 @@ +#!/bin/sh +# postinst script for scripts-syslog-ng-config +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + if hash invoke-rc.d > /dev/null 2>&1; then + invoke-rc.d syslog-ng restart || : + else + /etc/init.d/syslog-ng restart || : + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 Index: /trunk/host/debian/scripts-syslog-ng-config/debian/transform_syslog-ng.conf.divert =================================================================== --- /trunk/host/debian/scripts-syslog-ng-config/debian/transform_syslog-ng.conf.divert (revision 1969) +++ /trunk/host/debian/scripts-syslog-ng-config/debian/transform_syslog-ng.conf.divert (revision 1969) @@ -0,0 +1,11 @@ +#!/bin/sh + +cat +cat <