From patchwork Tue May  1 22:40:11 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
X-Patchwork-Id: 1738
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.ipfire.org
	[IPv6:2001:470:7183:25::1])
	by web02.i.ipfire.org (Postfix) with ESMTP id 4042160366
	for <patchwork@web02.i.ipfire.org>;
	Tue,  1 May 2018 14:55:35 +0200 (CEST)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 73150110933F;
	Tue,  1 May 2018 13:55:34 +0100 (BST)
Authentication-Results: dkim=pass header.d=link38.eu;
	dmarc=pass (policy=none) header.from=link38.eu;
	spf=pass smtp.mailfrom=peter.mueller@link38.eu
Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client CN "mx-nbg.link38.eu",
	Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 3DA6C110933F
	for <development@lists.ipfire.org>;
	Tue,  1 May 2018 13:40:13 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803;
	t=1525178412;
	h=from:from:sender:reply-to:subject:subject:date:date:
	message-id:message-id:to:to:cc:mime-version:mime-version:
	content-type:content-type:content-transfer-encoding:in-reply-to:
	references; bh=InTyX8je+5P4liwBHiDPijUtTL+naY5FonOJDFUSJG4=;
	b=+JddozpHVc63Bx8VMQSHZ/CN/X2kLc0XlwXLhIF987CrJwp5PiEOVI7YhUc02C3cnDiZY5
	hsolGXIma+oR+x6INm0MonvpCZo1Jsbc8vv7oX36wxojJB1p42AyxlzxVirD75Sg5gI01v
	ssZ+9N1wPeJ582tXpE0kESZMpqipv2TplhsyrO9KswlwWAh9MsDAqJLP8ENz9QHmk5h2v/
	x1QntKC1O/lM2byT+MbqoDlYTPfwZxvQalOIMRyF4pXU4l1bUx2JEZ4oFR+Y9V4W/FR1+M
	1igHn2wLxu6AzshlyJ8J4Y8UjFhLi92RZ7X0QSqAMTwYduLBjHcF5Jzm0ZD2ZQ==
To: "IPFire: Development-List" <development@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
Subject: [PATCH 1/3] apply logging settings for OpenSSH correctly
Openpgp: preference=signencrypt
Message-ID: <6d69e16d-e93b-6c91-a7c1-7731f821e537@link38.eu>
Date: Tue, 1 May 2018 14:40:11 +0200
MIME-Version: 1.0
X-Spamd-Result: default: False [-9.64 / 11.00];
	IP_SCORE(-3.78)[ip: (-9.90), ipnet: 37.120.160.0/19(-4.95), asn:
	197540(-3.96), country: DE(-0.09)];
	RCVD_IN_DNSWL_MED(-2.00)[53.167.120.37.list.dnswl.org : 127.0.6.2];
	RCVD_COUNT_ZERO(0.00)[0]; FROM_HAS_DN(0.00)[];
	MX_GOOD(-0.01)[cached: mx-nbg.link38.eu];
	HAS_ATTACHMENT(0.00)[]; BAYES_HAM(-3.00)[100.00%];
	DKIM_TRACE(0.00)[link38.eu:+]; TO_DN_ALL(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	R_SPF_ALLOW(-0.20)[+ip4:37.120.167.53];
	RCPT_COUNT_ONE(0.00)[1];
	DMARC_POLICY_ALLOW(-0.25)[link38.eu,none];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
	ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[link38.eu];
	ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE];
	MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]
X-Spam-Status: No, score=-9.64
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

The logging settings for OpenSSH (log to syslog with "AUTH"
facility at "INFO" level) were not applied correctly. This
patch fixes that for both installed systems and the LFS file.

Partially addresses #11538.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
 config/rootfiles/core/121/update.sh | 6 ++++++
 lfs/openssh                         | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/core/121/update.sh b/config/rootfiles/core/121/update.sh
index 87d5f6ebd..5b8f2c86e 100644
--- a/config/rootfiles/core/121/update.sh
+++ b/config/rootfiles/core/121/update.sh
@@ -56,7 +56,13 @@ rm -rvf \
 	/usr/share/nagios/ \
 	/var/nagios/
 
+# Update SSH configuration
+sed -i /etc/ssh/sshd_config \
+	-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
+	-e 's/^#LogLevel INFO$/LogLevel INFO/'
+
 # Start services
+/etc/init.d/sshd restart
 /etc/init.d/apache restart
 
 # This update needs a reboot...
diff --git a/lfs/openssh b/lfs/openssh
index 203446370..46561953d 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -91,8 +91,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		-e 's/^#\?IgnoreUserKnownHosts .*$$/IgnoreUserKnownHosts yes/' \
 		-e 's/^#\?UsePAM .*$$//' \
 		-e 's/^#\?X11Forwarding .*$$/X11Forwarding no/' \
-		-e 's/^#\?SyslogFacility AUTH .*$$/SyslogFacility AUTH/' \
-		-e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
+		-e 's/^#SyslogFacility AUTH$/SyslogFacility AUTH/' \
+		-e 's/^#LogLevel INFO$/LogLevel INFO/' \
 		-e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
 		-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
 		-e 's|^#\?HostKey /etc/ssh/ssh_host_dsa_key$$||' \