/[smecontribs]/rpms/smeserver-libreswan/contribs9/smeserver-libreswan-ikev2-logrotate.patch
ViewVC logotype

Contents of /rpms/smeserver-libreswan/contribs9/smeserver-libreswan-ikev2-logrotate.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Dec 22 23:26:28 2016 UTC (7 years, 10 months ago) by reetspetit
Branch: MAIN
CVS Tags: smeserver-libreswan-0_5-26_el6_sme, smeserver-libreswan-0_5-23_el6_sme, smeserver-libreswan-0_5-22_el6_sme, smeserver-libreswan-0_5-31_el6_sme, smeserver-libreswan-0_5-33_el6_sme, smeserver-libreswan-0_5-25_el6_sme, smeserver-libreswan-0_5-30_el6_sme, smeserver-libreswan-0_5-32_el6_sme, smeserver-libreswan-0_5-28_el6_sme, smeserver-libreswan-0_5-27_el6_sme, smeserver-libreswan-0_5-24_el6_sme, smeserver-libreswan-0_5-29_el6_sme, smeserver-libreswan-0_5-34_el6_sme, HEAD
Error occurred while calculating annotation data.
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
- update logrotate completely now I realise it is symlinked
- remove UPDPort and add UPDPorts due to ipsec v2

1 diff -ruN smeserver-libreswan-0.5.old/createlinks smeserver-libreswan-0.5/createlinks
2 --- smeserver-libreswan-0.5.old/createlinks 2016-12-22 11:34:27.074000958 +0100
3 +++ smeserver-libreswan-0.5/createlinks 2016-12-22 11:34:39.047000957 +0100
4 @@ -38,3 +38,20 @@
5 service_link_enhanced("ipsec", "K21", "1");
6
7 safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
8 +
9 +# Set up generic logfile timestamp renaming/symlinking
10 +
11 +foreach (qw(
12 + /var/log/pluto/pluto.log
13 + ))
14 +{
15 + safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
16 +}
17 +
18 +#--------------------------------------------------
19 +# actions for logrotate event
20 +#--------------------------------------------------
21 +
22 +$event = "logrotate";
23 +
24 +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ipsec");
25 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion
26 --- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 1970-01-01 01:00:00.000000000 +0100
27 +++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 2016-12-22 11:34:39.030000959 +0100
28 @@ -0,0 +1 @@
29 +yes
30 \ No newline at end of file
31 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort
32 --- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 2016-02-17 14:19:42.000000000 +0100
33 +++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 1970-01-01 01:00:00.000000000 +0100
34 @@ -1 +0,0 @@
35 -500
36 \ No newline at end of file
37 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts
38 --- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 1970-01-01 01:00:00.000000000 +0100
39 +++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 2016-12-22 11:34:39.018000956 +0100
40 @@ -0,0 +1 @@
41 +500,4500
42 \ No newline at end of file
43 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
44 --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:27.070000958 +0100
45 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:39.047000957 +0100
46 @@ -1,77 +1,79 @@
47 #!/usr/bin/perl -w
48
49 {
50 - use strict;
51 - use warnings;
52 - use esmith::ConfigDB;
53 + use strict;
54 + use warnings;
55 + use esmith::ConfigDB;
56
57 - my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
58 + my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
59 + my $dbKey = 'ipsec';
60 + my $systemMode = $configDB->get("SystemMode")->value;
61 + my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
62
63 - my $systemMode = $configDB->get("SystemMode")->value;
64 + if ( $systemMode ne 'servergateway' ) {
65 + $OUT .= "# System not in Server Gateway mode\n";
66 + }
67
68 - if ( $systemMode ne 'servergateway' )
69 - {
70 - $OUT .= "# System not in Server Gateway mode\n";
71 - }
72 + elsif ( $ipsecStatus ne 'enabled' ) {
73 + $OUT .= "# Ipsec not enabled\n";
74 + }
75
76 - else
77 - {
78 + else {
79 + my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
80 + or die("cant connect to ipsec database");
81
82 - my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
83 - or die("cant connect to ipsec database");
84 + my $dbKey = 'ipsec';
85
86 - my $dbKey = 'ipsec';
87 + # Generic setup file
88 + my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none';
89
90 - # Generic setup file
91 - my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none';
92 -
93 -# A standard config is included in the RPM but we need to generate a new one so we can modify settings
94 + # A standard config is included in the RPM but we need to generate a new one so we can modify settings
95
96 - $OUT .= "config setup\n";
97 - $OUT .= " protostack=netkey\n";
98 - $OUT .= " plutodebug=$debugstatus\n";
99 - $OUT .= " #klipsdebug=none\n";
100 - $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n";
101 - $OUT .= " dumpdir=/var/run/pluto/\n";
102 - $OUT .= " nat_traversal=yes\n";
103 + $OUT .= "config setup\n";
104 + $OUT .= " protostack=netkey\n";
105 + $OUT .= " plutodebug=$debugstatus\n";
106 + $OUT .= " #klipsdebug=none\n";
107 + $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n";
108 + $OUT .= " dumpdir=/var/run/pluto/\n";
109 + $OUT .= " nat_traversal=yes\n";
110
111 - # This should get all the connections in an array
112 + # This should get all the connections in an array
113
114 - my @connections = $ipsecDB->keys;
115 + my @connections = $ipsecDB->keys;
116
117 - $OUT .= " virtual_private=";
118 + $OUT .= " virtual_private=";
119
120 - my $virtual_private = '';
121 + my $virtual_private = '';
122
123 - foreach my $ipsecprop (@connections) {
124 + foreach my $ipsecprop (@connections) {
125
126 - my $type = $ipsecDB->get_prop("$ipsecprop",'type');
127 - print "Connection: $ipsecprop Type: $type\n";
128 + my $type = $ipsecDB->get_prop( "$ipsecprop", 'type' );
129 + print "Connection: $ipsecprop Type: $type\n";
130
131 - if ( $type eq "ipsec") {
132 - print "Connection: $ipsecprop\n";
133 - my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled";
134 + if ( $type eq "ipsec" ) {
135 + print "Connection: $ipsecprop\n";
136 + my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled";
137
138 - if ( $ipsecstatus eq "enabled" ) {
139 - my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
140 - $virtual_private .= "%v4:$subnet,";
141 - }
142 + if ( $ipsecstatus eq "enabled" ) {
143 + my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
144 + $virtual_private .= "%v4:$subnet,";
145 + }
146
147 - # End if
148 - }
149 + # End if
150 + }
151
152 - # End foreach
153 - }
154 + # End foreach
155 + }
156
157 - # Remove last character ','
158 - chop($virtual_private);
159 - $OUT .= "$virtual_private\n";
160 - $OUT .= "\n";
161 - $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
162 + # Remove last character ','
163 + chop($virtual_private);
164 + $OUT .= "$virtual_private\n";
165 + $OUT .= "\n";
166 + $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
167
168 - # End else
169 - }
170 + # End else
171 + }
172
173 -# End
174 + # End
175 }
176
177 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
178 --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-02-17 14:19:42.000000000 +0100
179 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-12-22 11:34:39.036000959 +0100
180 @@ -5,21 +5,23 @@
181 use warnings;
182 use esmith::ConfigDB;
183
184 - my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
185 -
186 - my $systemMode = $configDB->get("SystemMode")->value;
187 + my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
188 + my $dbKey = 'ipsec';
189 + my $systemMode = $configDB->get("SystemMode")->value;
190 + my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
191
192 if ( $systemMode ne 'servergateway' ) {
193 $OUT .= "# System not in Server Gateway mode\n";
194 }
195
196 - else {
197 + elsif ( $ipsecStatus ne 'enabled' ) {
198 + $OUT .= "# Ipsec not enabled\n";
199 + }
200
201 + else {
202 my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
203 or die("cant connect to ipsec database");
204
205 - my $dbKey = 'ipsec';
206 -
207 # This should get all the connections in an array
208
209 my @connections = $ipsecDB->keys;
210 @@ -108,10 +110,13 @@
211 $OUT .= " auto=$auto\n";
212 }
213
214 - my $ipsecversion = $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) || '';
215 - if ( $ipsecversion eq 'v2' ) {
216 - $OUT .= " ikev2=insist\n";
217 - }
218 + # We should change ipsecversion to ikev2status
219 + my $ipsecversion =
220 + $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' )
221 + || $configDB->get_prop( $dbKey, 'ipsecversion' )
222 + || 'permit';
223 +
224 + $OUT .= " ikev2=$ipsecversion\n";
225
226 # Set the Phase one and Phase two default strengths - these are set to aes
227 my $ike =
228 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords
229 --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:27.073000958 +0100
230 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:39.036000959 +0100
231 @@ -5,20 +5,23 @@
232 use warnings;
233 use esmith::ConfigDB;
234
235 - my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
236 -
237 - my $systemMode = $configDB->get("SystemMode")->value;
238 + my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
239 + my $dbKey = 'ipsec';
240 + my $systemMode = $configDB->get("SystemMode")->value;
241 + my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
242
243 if ( $systemMode ne 'servergateway' ) {
244 $OUT .= "# System not in Server Gateway mode\n";
245 }
246
247 + elsif ( $ipsecStatus ne 'enabled' ) {
248 + $OUT .= "# Ipsec not enabled\n";
249 + }
250 +
251 else {
252 my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
253 or die("cant connect to ipsec database");
254
255 - my $dbKey = 'ipsec';
256 -
257 my $ExternalIP = $configDB->get_prop( "ExternalInterface", "IPAddress" );
258
259 # This should get all the connections in an array
260 @@ -79,8 +82,8 @@
261 $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
262 }
263 }
264 -
265 - elsif (( $leftid ne '' ) && ( $rightid ne '' )) {
266 +
267 + elsif ( ( $leftid ne '' ) && ( $rightid ne '' ) ) {
268 $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
269 }
270
271 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto
272 --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 2016-12-22 11:34:27.065000961 +0100
273 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 1970-01-01 01:00:00.000000000 +0100
274 @@ -1,8 +0,0 @@
275 -/var/log/pluto/pluto.log \{
276 - missingok
277 - notifempty
278 - compress
279 - daily
280 - rotate 10
281 - create 0600 root root
282 -\}

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed