Fix [SME: 12257]

2024-04-12 13:50:48 +02:00 · 2024-04-12 13:50:48 +02:00 · d24edca890
commit d24edca890
parent 65a899e526
6 changed files with 98 additions and 16 deletions
--- a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog
+++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog
@ -9,7 +9,7 @@
    elsif ($logging eq "all")
    {
        $OUT .= <<"HERE";
-    /sbin/iptables --replace denylog 1 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
    /sbin/iptables --replace denylog 2 --jump $target
    /sbin/iptables --replace denylog 3 --jump $target
    /sbin/iptables --replace denylog 4 --jump $target
@ -22,7 +22,7 @@ HERE
    /sbin/iptables --replace denylog 1 -p udp --dport 520 --jump $target
    /sbin/iptables --replace denylog 2 -p udp --dport 137:139 --jump $target
    /sbin/iptables --replace denylog 3 -p tcp --dport 137:139 --jump $target
-    /sbin/iptables --replace denylog 4 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
    /sbin/iptables --replace denylog 5 --jump $target
 HERE
    }
--- a/root/etc/e-smith/templates/etc/ulogd.conf/10global
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/10global
@ -1,7 +1,9 @@
 [global]
+# Not necessarily required 
 nlgroup=1
+
 logfile=/var/log/ulogd/ulogd.log
-loglevel=5
+loglevel=1
 rmem=131071
 bufsize=150000

--- a/root/etc/e-smith/templates/etc/ulogd.conf/20plugins
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/20plugins
@ -9,11 +9,11 @@
 # 1. load the plugins _first_ from the global section
 # 2. options for each plugin in seperate section below

-#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
-plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
-#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
+plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
 #plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
-#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
 #plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
 #plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"
--- a/root/etc/e-smith/templates/etc/ulogd.conf/30stacks
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/30stacks
@ -1,4 +1,16 @@

-#our base stack ULOG to LOGEMU
-stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+# reetp which one of these do we need?
+# I think log2

+# this is a stack for logging packet send by system via LOGEMU
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU
+stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for ULOG packet-based logging via LOGEMU
+# reetp - non functioning
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK
+#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
--- a/root/etc/e-smith/templates/etc/ulogd.conf/40configs
+++ b/root/etc/e-smith/templates/etc/ulogd.conf/40configs
@ -1,10 +1,75 @@
+# Logging of system packet through NFLOG
+[log1]
+# netlink multicast group (the same as the iptables --nflog-group param)
+# Group O is used by the kernel to log connection tracking invalid message
+group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# set number of packet to queue inside kernel
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in 10ms)
+#netlink_qtimeout=100
+
+# packet logging through NFLOG for group 1
+[log2]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=1 # Group has to be different from the one use in log1
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
+
+# packet logging through NFLOG for group 2, numeric_label is
+# set to 1
+[log3]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=2 # Group has to be different from the one use in log1/log2
+numeric_label=1 # you can label the log info based on the packet verdict
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#bind=1
+
 [ulog1]
-# denylog:
 # netlink multicast group (the same as the iptables --ulog-nlgroup param)
 nlgroup=1
-
+#numeric_label=0 # optional argument

 [emu1]
-file="/var/log/iptables/denylog.log"
+file="/var/log/ulogd/syslogemu.log"
 sync=1

+[json1]
+sync=1
+#file="/var/log/ulogd.json"
+#timestamp=0
+# device name to be used in JSON message
+#device="My awesome Netfilter firewall"
+# If boolean_label is set to 1 then the numeric_label put on packet
+# by the input plugin is coding the action on packet: if 0, then
+# packet has been blocked and if non null it has been accepted.
+#boolean_label=1
+# Uncomment the following line to use JSON v1 event format that
+# can provide better compatility with some JSON file reader.
+#eventv1=1
+# Uncomment the following lines to send the JSON logs to a remote host via UDP
+#mode="udp"
+#host="192.0.2.10"
+#port="10210"
+# Uncomment the following lines to send the JSON logs to a remote host via TCP
+#mode="tcp"
+#host="192.0.2.10"
+#port="10210"
+# Uncomment the following lines to send the JSON logs to a local unix socket
+#mode="unix"
+#file="/var/run/ulogd.socket"
+
+[pcap1]
+#default file is /var/log/ulogd.pcap
+#file="/var/log/ulogd.pcap"
+sync=1
+
+[mark1]
+mark = 1
--- a/smeserver-packetfilter.spec
+++ b/smeserver-packetfilter.spec
@ -4,7 +4,7 @@ Summary: smeserver server and gateway - packetfilter add-on
 %define name smeserver-packetfilter
 Name: %{name}
 %define version 11.0.0
-%define release 4
+%define release 5
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@ -27,8 +27,11 @@ Provides: e-smith-packetfilter
 smeserver server and gateway software - packetfilter add-on

 %changelog
+* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-5.sme
+- Migrate from ULOG to NFLOG  [SME: 12557]
+
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
- Update createlinks to create smeserver-package-update event[SME: 12579]
+- Update createlinks to create smeserver-package-update event  [SME: 12579]

 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-3.sme
 - Set license file to GPL2.0  [SME: 12577]
@ -53,7 +56,7 @@ smeserver server and gateway software - packetfilter add-on
  Fri Apr 09 2007 --> Fri Apr 06 2007 or Mon Apr 09 2007 or Fri Apr 13 2007 or ....

 * Mon Nov 15 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-8.sme
- restrict VPN networks to their interface [SME: 11640]
+- restrict VPN networks to their interface  [SME: 11640]
  remove remoteVPNSubnet property added VPNif property

 * Wed Apr 07 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-7.sme
@ -99,7 +102,7 @@ smeserver server and gateway software - packetfilter add-on
 * Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
 - Clean up spec so package can be built by koji/plague

-* Fri Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
+* Mon Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
 - Fix masq error in server only mode (cannot open UDPPort) [SME: 2812] 

 * Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.18.0-4