diff options
author | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2008-09-03 03:50:43 +0000 |
---|---|---|
committer | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2008-09-03 03:50:43 +0000 |
commit | dda36349496e0987f0ccf4f23929f7870ba11813 (patch) | |
tree | 1b469ee961c93e7f3565a52a6c50a0caba9afa9c /app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff | |
parent | b1c576dfbc932afc7c1ecc09348df2dcc5ac3fc7 (diff) | |
download | slackbuilds-dda36349496e0987f0ccf4f23929f7870ba11813.tar.gz slackbuilds-dda36349496e0987f0ccf4f23929f7870ba11813.tar.bz2 |
merging with changes made since 21th May
git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@1903 370017ae-e619-0410-ac65-c121f96126d4
Diffstat (limited to 'app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff')
-rw-r--r-- | app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff | 277 |
1 files changed, 277 insertions, 0 deletions
diff --git a/app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff b/app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff new file mode 100644 index 00000000..5b0a2309 --- /dev/null +++ b/app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff @@ -0,0 +1,277 @@ +diff -Naur syslog-ng-2.0.5.orig/doc/Makefile.am syslog-ng-2.0.5/doc/Makefile.am +--- syslog-ng-2.0.5.orig/doc/Makefile.am 2007-04-19 21:37:16.000000000 +0200 ++++ syslog-ng-2.0.5/doc/Makefile.am 2007-11-03 00:28:59.000000000 +0100 +@@ -6,6 +6,7 @@ + reference/syslog-ng.xml \ + reference/syslog-ng.txt \ + reference/syslog-ng.xsl \ ++ reference/README.syslog-ng-anon \ + examples/syslog-ng.conf.sample \ + examples/syslog-ng.conf.solaris + +diff -Naur syslog-ng-2.0.5.orig/doc/Makefile.in syslog-ng-2.0.5/doc/Makefile.in +--- syslog-ng-2.0.5.orig/doc/Makefile.in 2007-07-22 15:40:04.000000000 +0200 ++++ syslog-ng-2.0.5/doc/Makefile.in 2007-11-03 00:28:59.000000000 +0100 +@@ -135,6 +135,7 @@ + reference/syslog-ng.xml \ + reference/syslog-ng.txt \ + reference/syslog-ng.xsl \ ++ reference/README/syslog-ng-anon \ + examples/syslog-ng.conf.sample \ + examples/syslog-ng.conf.solaris + +diff -Naur syslog-ng-2.0.5.orig/doc/reference/README.syslog-ng-anon syslog-ng-2.0.5/doc/reference/README.syslog-ng-anon +--- syslog-ng-2.0.5.orig/doc/reference/README.syslog-ng-anon 1970-01-01 01:00:00.000000000 +0100 ++++ syslog-ng-2.0.5/doc/reference/README.syslog-ng-anon 2007-11-03 00:42:04.000000000 +0100 +@@ -0,0 +1,88 @@ ++syslog-ng-anon ++ ++ This patch adds the capability to syslog-ng that allows you to strip ++ out any given regexp or all IP addresses from log messages before ++ they are written to disk. The goal is to give the system administrator ++ the means to implement site logging policies, by allowing them easy ++ control over exactly what data they retain in their logfiles, ++ regardless of what a particular daemon might think is best. ++ ++Background: ++ ++ Data retention has become a hot legal topic for ISPs and other Online ++ Service Providers (OSPs). There are many instances where it is preferable ++ to keep less information on users than is collected by default on many ++ systems. In the United States it is not currently required to retain ++ data on users of a server, but you may be required to provide all data ++ on a user which you have retained. OSPs can protect themselves from legal ++ hassles and added work by choosing what data they wish to retain. ++ ++ From "Best Practices for Online Service Providers" ++ (http://www.eff.org/osp): ++ ++ As an intermediary, the OSP [Online Service Provider] finds itself in ++ a position to collect and store detailed information about its users ++ and their online activities that may be of great interest to third ++ parties. The USA PATRIOT Act also provides the government with ++ expanded powers to request this information. As a result, OSP owners ++ must deal with requests from law enforcement and lawyers to hand over ++ private user information and logs. Yet, compliance with these demands ++ takes away from an OSP's goal of providing users with reliable, ++ secure network services. In this paper, EFF offers some suggestions, ++ both legal and technical, for best practices that balance the needs ++ of OSPs and their users' privacy and civil liberties. ++ ++ Rather than scrubbing the information you don't want in logs, this patch ++ ensures that the information is never written to disk. Also, for those ++ daemons which log through syslog facilities, this patch provides a ++ convenient single configuration to limit what you wish to log. ++ ++ Here are some related links: ++ ++ Best Practices for Online Service Providers ++ http://www.eff.org/osp ++ http://www.eff.org/osp/20040819_OSPBestPractices.pdf ++ ++ EPIC International Data Retention Page ++ http://www.epic.org/privacy/intl/data_retention.html ++ ++ Working Paper on Usage Log Data Management (from Computer, Freedom, and ++ Privacy conference) http://cryptome.org/usage-logs.htm ++ ++ ++Installing syslog-ng-anon ++ ++ Applying the patch ++ ++ This patch has been tested against the following versions of syslog-ng: ++ . Debian package syslog-ng_2.0.5-2 ++ ++ To use this patch, obtain the source for syslog-ng ++ (apt-get source syslog-ng) and the ++ syslog-ng-anon patch (http://dev.riseup.net/patches/syslog-ng/). ++ Apply the patch the patch: ++ ++ % cd syslog-ng-2.0.5 ++ % patch -p1 < ../syslog-ng-anon.diff ++ ++ Then compile and install syslog-ng: ++ ++ % dpkg-buildpackage -rfakeroot -b ++ % dpkg -i ../syslog-ng_2.0.5-2_i386.deb ++ ++ How to use it ++ ++ This patch adds the filter "strip". For example: ++ ++ filter f_strip {strip(<regexp>);}; ++ ++ This will strip out all matches of the regular expression on logs to ++ which the filter is applied and replaces all matches with the fixed length ++ four dashes ("----"). ++ ++ In place of a regular expression, you can put "ips", which will replace all ++ internet addresses with 0.0.0.0. For example: ++ ++ filter f_strip {strip(ips);}; ++ ++ You can alter what the replacement strings are by using replace: +diff -Naur syslog-ng-2.0.5.orig/src/cfg-grammar.y syslog-ng-2.0.5/src/cfg-grammar.y +--- syslog-ng-2.0.5.orig/src/cfg-grammar.y 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/cfg-grammar.y 2007-11-03 00:28:59.000000000 +0100 +@@ -107,7 +107,7 @@ + %token KW_USE_TIME_RECVD + + /* filter items*/ +-%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK ++%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK KW_STRIP KW_REPLACE + + /* yes/no switches */ + %token KW_YES KW_NO +@@ -802,6 +802,8 @@ + | KW_PROGRAM '(' string ')' { $$ = filter_prog_new($3); free($3); } + | KW_HOST '(' string ')' { $$ = filter_host_new($3); free($3); } + | KW_MATCH '(' string ')' { $$ = filter_match_new($3); free($3); } ++ | KW_STRIP '(' string ')' { $$ = filter_strip_new($3); free($3); } ++ | KW_REPLACE '(' string string ')' { $$ = filter_replace_new($3, $4); free($3); free($4); } + | KW_FILTER '(' string ')' { $$ = filter_call_new($3, configuration); free($3); } + | KW_NETMASK '(' string ')' { $$ = filter_netmask_new($3); free($3); } + ; +@@ -907,4 +909,4 @@ + last_reader_options = NULL; + last_writer_options = NULL; + last_template = NULL; +-} +\ No newline at end of file ++} +diff -Naur syslog-ng-2.0.5.orig/src/cfg-lex.l syslog-ng-2.0.5/src/cfg-lex.l +--- syslog-ng-2.0.5.orig/src/cfg-lex.l 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/cfg-lex.l 2007-11-03 00:28:59.000000000 +0100 +@@ -165,6 +165,8 @@ + { "host", KW_HOST }, + { "match", KW_MATCH }, + { "netmask", KW_NETMASK }, ++ { "strip", KW_STRIP }, ++ { "replace", KW_REPLACE }, + + /* on/off switches */ + { "yes", KW_YES }, +diff -Naur syslog-ng-2.0.5.orig/src/filter.c syslog-ng-2.0.5/src/filter.c +--- syslog-ng-2.0.5.orig/src/filter.c 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/filter.c 2007-11-03 00:30:22.000000000 +0100 +@@ -226,6 +226,7 @@ + typedef struct _FilterRE + { + FilterExprNode super; ++ GString *replace; + regex_t regex; + } FilterRE; + +@@ -310,6 +311,9 @@ + filter_re_free(FilterExprNode *s) + { + FilterRE *self = (FilterRE *) s; ++ ++ if (self->replace != NULL) ++ g_string_free(self->replace, TRUE); + + regfree(&self->regex); + g_free(s); +@@ -494,3 +498,89 @@ + self->super.eval = filter_netmask_eval; + return &self->super; + } ++ ++FilterExprNode * ++filter_strip_new(const gchar *re) ++{ ++ if (g_ascii_strcasecmp(re, "ips") == 0) ++ return filter_replace_new(re, "0.0.0.0"); ++ return filter_replace_new(re, "----"); ++} ++ ++#define FMIN(a, b) (a) < (b) ? (a) : (b) ++#define NEW_MSG_SIZE 2048 ++ ++static gboolean ++filter_replace_eval(FilterExprNode *s, LogMessage *log) ++{ ++ FilterRE *self = (FilterRE *) s; ++ gchar *buffer = log->msg.str; ++ gint snippet_size; ++ regmatch_t pmatch; ++ gchar new_msg[NEW_MSG_SIZE]; ++ gchar *new_msg_max = new_msg + NEW_MSG_SIZE; ++ gchar *new_msg_ptr = new_msg; ++ gint replace_length = self->replace->len; ++ gint error; ++ ++ error = regexec(&self->regex, buffer, 1, &pmatch, 0); ++ if (error) ++ return TRUE; ++ while (!error) ++ { ++ /* copy string snippet which preceeds matched text */ ++ snippet_size = FMIN(pmatch.rm_so, new_msg_max - new_msg_ptr); ++ memcpy(new_msg_ptr, buffer, snippet_size); ++ new_msg_ptr += snippet_size; ++ ++ /* copy replacement */ ++ snippet_size = FMIN(replace_length, new_msg_max - new_msg_ptr); ++ memcpy(new_msg_ptr, self->replace->str, snippet_size); ++ new_msg_ptr += snippet_size; ++ ++ /* search for next match */ ++ buffer += pmatch.rm_eo; ++ error = regexec(&self->regex, buffer, 1, &pmatch, REG_NOTBOL); ++ } ++ ++ /* copy the rest of the old message */ ++ snippet_size = log->msg.len - (buffer - log->msg.str) + 1; ++ snippet_size = FMIN(snippet_size, new_msg_max - new_msg_ptr); ++ memcpy(new_msg_ptr, buffer, snippet_size); ++ new_msg[NEW_MSG_SIZE-1] = '\0'; ++ ++ g_string_erase(&(log->msg), 0, -1); ++ g_string_append(&(log->msg), new_msg); ++ ++ return TRUE; ++} ++ ++FilterExprNode * ++filter_replace_new(const gchar *re, const gchar *replacement) ++{ ++ FilterRE *self = g_new0(FilterRE, 1); ++ gint regerr; ++ ++ if (!g_ascii_strcasecmp(re, "ips")) ++ re = "(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}"; ++ ++ regerr = regcomp(&self->regex, re, REG_ICASE | REG_EXTENDED); ++ if (regerr) ++ { ++ gchar errorbuf[256]; ++ regerror(regerr, &self->regex, errorbuf, sizeof(errorbuf)); ++ msg_error("Error compiling regular expression:", ++ evt_tag_str("re", re), ++ evt_tag_str("error", errorbuf), ++ NULL); ++ g_free(self); ++ return NULL; ++ } ++ ++ self->replace = g_string_new(replacement); ++ self->super.eval = filter_replace_eval; ++ self->super.free_fn = filter_re_free; ++ ++ return &self->super; ++} ++ +diff -Naur syslog-ng-2.0.5.orig/src/filter.h syslog-ng-2.0.5/src/filter.h +--- syslog-ng-2.0.5.orig/src/filter.h 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/filter.h 2007-11-03 00:28:59.000000000 +0100 +@@ -54,6 +54,8 @@ + FilterExprNode *filter_match_new(gchar *re); + FilterExprNode *filter_call_new(gchar *rule, struct _GlobalConfig *cfg); + FilterExprNode *filter_netmask_new(gchar *cidr); ++FilterExprNode *filter_strip_new(const gchar *re); ++FilterExprNode *filter_replace_new(const gchar *re, const gchar *replacement); + + typedef struct _LogFilterRule + { |