| 1 |
diff -Nur e-smith-packetfilter-2.6.0.old/createlinks e-smith-packetfilter-2.6.0/createlinks |
| 2 |
--- e-smith-packetfilter-2.6.0.old/createlinks 2021-03-04 16:01:39.921000000 -0500 |
| 3 |
+++ e-smith-packetfilter-2.6.0/createlinks 2021-03-04 16:52:55.378000000 -0500 |
| 4 |
@@ -21,18 +21,10 @@ |
| 5 |
safe_symlink("reload", "root/etc/e-smith/events/$_/services2adjust/masq"); |
| 6 |
} |
| 7 |
|
| 8 |
-my %service2order = |
| 9 |
-( |
| 10 |
- # Set up the packet filter rules before bringing up networks. |
| 11 |
- # But, after the bootstrap-console has had a chance to configure masq |
| 12 |
- masq => "36", |
| 13 |
-); |
| 14 |
- |
| 15 |
-foreach my $service (keys %service2order) |
| 16 |
-{ |
| 17 |
-# removed for systemd |
| 18 |
-# service_link_enhanced($service, $service2order{$service}, 7); |
| 19 |
-} |
| 20 |
+my $event ="e-smith-packetfilter-update"; |
| 21 |
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ulogd"); |
| 22 |
+event_link("systemd-reload", $event, "89"); |
| 23 |
+event_link("systemd-default", $event, "88"); |
| 24 |
|
| 25 |
#systemd |
| 26 |
foreach my $target (qw(multi-user sme-server)) |
| 27 |
@@ -41,6 +33,7 @@ |
| 28 |
|
| 29 |
foreach my $unit (qw( |
| 30 |
masq.service |
| 31 |
+ ulogd.service |
| 32 |
)) |
| 33 |
{ |
| 34 |
symlink("../$unit", |
| 35 |
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/status e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/status |
| 36 |
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/status 1969-12-31 19:00:00.000000000 -0500 |
| 37 |
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/status 2021-03-04 16:38:38.292000000 -0500 |
| 38 |
@@ -0,0 +1 @@ |
| 39 |
+enabled |
| 40 |
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/type e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/type |
| 41 |
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/type 1969-12-31 19:00:00.000000000 -0500 |
| 42 |
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/type 2021-03-04 16:38:26.949000000 -0500 |
| 43 |
@@ -0,0 +1 @@ |
| 44 |
+service |
| 45 |
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/force/ulogd/status e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/force/ulogd/status |
| 46 |
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/force/ulogd/status 1969-12-31 19:00:00.000000000 -0500 |
| 47 |
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/force/ulogd/status 2021-03-04 16:39:04.280000000 -0500 |
| 48 |
@@ -0,0 +1 @@ |
| 49 |
+enabled |
| 50 |
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/templates/etc/ulogd.conf/basic e-smith-packetfilter-2.6.0/root/etc/e-smith/templates/etc/ulogd.conf/basic |
| 51 |
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/templates/etc/ulogd.conf/basic 2008-10-07 13:36:41.000000000 -0400 |
| 52 |
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/templates/etc/ulogd.conf/basic 2021-03-04 23:22:10.840000000 -0500 |
| 53 |
@@ -1,12 +1,125 @@ |
| 54 |
[global] |
| 55 |
nlgroup=1 |
| 56 |
-logfile=/dev/stdout |
| 57 |
+logfile=/var/log/iptables/ulogd.log |
| 58 |
loglevel=5 |
| 59 |
rmem=131071 |
| 60 |
bufsize=150000 |
| 61 |
+ |
| 62 |
+###################################################################### |
| 63 |
+# PLUGIN OPTIONS |
| 64 |
+###################################################################### |
| 65 |
+# We have to configure and load all the plugins we want to use |
| 66 |
+# general rules: |
| 67 |
+# |
| 68 |
+# 0. don't specify any plugin for ulogd to load them all |
| 69 |
+# 1. load the plugins _first_ from the global section |
| 70 |
+# 2. options for each plugin in seperate section below |
| 71 |
plugin={ -f "/usr/lib64/ulogd/ulogd_BASE.so" ? "/usr/lib64/ulogd/ulogd_BASE.so" : "/usr/lib/ulogd/ulogd_BASE.so" } |
| 72 |
plugin={ -f "/usr/lib64/ulogd/ulogd_LOGEMU.so" ? "/usr/lib64/ulogd/ulogd_LOGEMU.so" : "/usr/lib/ulogd/ulogd_LOGEMU.so" } |
| 73 |
|
| 74 |
+{ |
| 75 |
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" |
| 76 |
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" |
| 77 |
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so" |
| 78 |
+#plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" |
| 79 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" |
| 80 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" |
| 81 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" |
| 82 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so" |
| 83 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" |
| 84 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" |
| 85 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" |
| 86 |
+#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" |
| 87 |
+#plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" |
| 88 |
+#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" |
| 89 |
+#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" |
| 90 |
+#plugin="/usr/lib64/ulogd/ulogd_output_SQLITE3.so" |
| 91 |
+#plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" |
| 92 |
+#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" |
| 93 |
+#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" |
| 94 |
+#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" |
| 95 |
+#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" |
| 96 |
+#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" |
| 97 |
+#plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" |
| 98 |
+#plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" |
| 99 |
+#plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" |
| 100 |
+#plugin="/usr/lib64/ulogd/ulogd_output_JSON.so" |
| 101 |
+ |
| 102 |
+# this is a stack for logging packet send by system via LOGEMU |
| 103 |
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU |
| 104 |
+ |
| 105 |
+# this is a stack for packet-based logging via LOGEMU |
| 106 |
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU |
| 107 |
+ |
| 108 |
+# this is a stack for ULOG packet-based logging via LOGEMU |
| 109 |
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU |
| 110 |
+ |
| 111 |
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK |
| 112 |
+#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU |
| 113 |
+ |
| 114 |
+# this is a stack for packet-based logging via GPRINT |
| 115 |
+#stack=log1:NFLOG,gp1:GPRINT |
| 116 |
+ |
| 117 |
+# this is a stack for flow-based logging via LOGEMU |
| 118 |
+#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU |
| 119 |
+ |
| 120 |
+# this is a stack for flow-based logging via GPRINT |
| 121 |
+#stack=ct1:NFCT,gp1:GPRINT |
| 122 |
+ |
| 123 |
+# this is a stack for flow-based logging via XML |
| 124 |
+#stack=ct1:NFCT,xml1:XML |
| 125 |
+ |
| 126 |
+# this is a stack for logging in XML |
| 127 |
+#stack=log1:NFLOG,xml1:XML |
| 128 |
+ |
| 129 |
+# this is a stack for accounting-based logging via XML |
| 130 |
+#stack=acct1:NFACCT,xml1:XML |
| 131 |
+ |
| 132 |
+# this is a stack for accounting-based logging to a Graphite server |
| 133 |
+#stack=acct1:NFACCT,graphite1:GRAPHITE |
| 134 |
+ |
| 135 |
+# this is a stack for NFLOG packet-based logging to PCAP |
| 136 |
+#stack=log2:NFLOG,base1:BASE,pcap1:PCAP |
| 137 |
+ |
| 138 |
+# this is a stack for logging packet to MySQL |
| 139 |
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL |
| 140 |
+ |
| 141 |
+# this is a stack for logging packet to PGsql after a collect via NFLOG |
| 142 |
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL |
| 143 |
+ |
| 144 |
+# this is a stack for logging packet to JSON formatted file after a collect via NFLOG |
| 145 |
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON |
| 146 |
+ |
| 147 |
+# this is a stack for logging packets to syslog after a collect via NFLOG |
| 148 |
+#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG |
| 149 |
+ |
| 150 |
+# this is a stack for logging packets to syslog after a collect via NuFW |
| 151 |
+#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG |
| 152 |
+ |
| 153 |
+# this is a stack for flow-based logging to MySQL |
| 154 |
+#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL |
| 155 |
+ |
| 156 |
+# this is a stack for flow-based logging to PGSQL |
| 157 |
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL |
| 158 |
+ |
| 159 |
+# this is a stack for flow-based logging to PGSQL without local hash |
| 160 |
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL |
| 161 |
+ |
| 162 |
+# this is a stack for flow-based logging to SQLITE3 |
| 163 |
+#stack=ct1:NFCT,sqlite3_ct:SQLITE3 |
| 164 |
+ |
| 165 |
+# this is a stack for logging packet to SQLITE3 |
| 166 |
+#stack=log1:NFLOG,sqlite3_pkt:SQLITE3 |
| 167 |
+ |
| 168 |
+# this is a stack for flow-based logging in NACCT compatible format |
| 169 |
+#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT |
| 170 |
+ |
| 171 |
+# this is a stack for accounting-based logging via GPRINT |
| 172 |
+#stack=acct1:NFACCT,gp1:GPRINT |
| 173 |
+ |
| 174 |
+ $OUT=""; |
| 175 |
+ |
| 176 |
+} |
| 177 |
[LOGEMU] |
| 178 |
-file="/dev/stdout" |
| 179 |
+file="/var/log/iptables/ulogd.syslogemu" |
| 180 |
sync=1 |
| 181 |
diff -Nur e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf |
| 182 |
--- e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf 1969-12-31 19:00:00.000000000 -0500 |
| 183 |
+++ e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf 2021-03-04 16:36:47.274000000 -0500 |
| 184 |
@@ -0,0 +1,3 @@ |
| 185 |
+[Unit] |
| 186 |
+Wants=ulogd.service |
| 187 |
+ |
| 188 |
diff -Nur e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/ulogd.service e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/ulogd.service |
| 189 |
--- e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/ulogd.service 1969-12-31 19:00:00.000000000 -0500 |
| 190 |
+++ e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/ulogd.service 2021-03-04 23:58:38.429000000 -0500 |
| 191 |
@@ -0,0 +1,18 @@ |
| 192 |
+[Unit] |
| 193 |
+Description=Netfilter Userspace Logging Daemon |
| 194 |
+Before=masq.service |
| 195 |
+ |
| 196 |
+[Service] |
| 197 |
+User=root |
| 198 |
+Group=root |
| 199 |
+Restart=always |
| 200 |
+TimeoutSec=0 |
| 201 |
+Type=forking |
| 202 |
+ |
| 203 |
+PIDFile=/run/ulog/ulogd.pid |
| 204 |
+#ExecStart=/usr/sbin/ulogd --daemon --uid ulog --pidfile /run/ulog/ulogd.pid |
| 205 |
+ExecStart=/usr/sbin/ulogd --daemon --pidfile /run/ulog/ulogd.pid |
| 206 |
+#ExecStart=/usr/sbin/ulogd --daemon |
| 207 |
+ |
| 208 |
+[Install] |
| 209 |
+WantedBy=sme-server.target multi-user.target |
Parent Directory
| 
Revision Log
| 
Revision Graph
