mirror of https://git.yoctoproject.org/poky synced 2026-03-11 17:59:39 +01:00

Files

Diego Santa Cruz 910b09c4bc sysklogd: do not open any network sockets by default

The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.

This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.

(From OE-Core rev: 103688fd349338520c147d5bde07429951925141)

Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2021-02-26 15:21:21 +00:00

3.1 KiB

Executable File

Raw Blame History

#! /bin/sh

/etc/init.d/sysklogd: start the system log daemon.

BEGIN INIT INFO

Provides: sysklogd

Required-Start: $remote_fs $time

Required-Stop: $remote_fs $time

Should-Start: $network

Should-Stop: $network

Default-Start: 2 3 4 5

Default-Stop: 0 1 6

Short-Description: System logger

END INIT INFO

Source function library.

. /etc/init.d/functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile_syslogd=/var/run/syslogd.pid binpath_syslogd=/usr/sbin/syslogd

test -x $binpath || exit 0

run secure by default

SYSLOGD="-ss"

test ! -r /etc/default/syslogd || . /etc/default/syslogd

create_xconsole() { # Only proceed if /dev/xconsole is used at all if ! grep -q '^[^#].*/dev/xconsole' /etc/syslog.conf then return fi

if [ ! -e /dev/xconsole ]; then
mknod -m 640 /dev/xconsole p
else
chmod 0640 /dev/xconsole
fi
chown root:adm /dev/xconsole
test ! -x /sbin/restorecon || /sbin/restorecon /dev/xconsole

}

log_begin_msg () { echo -n $1 }

log_end_msg () { echo $1 }

log_success_msg () { echo $1 }

running() { # No pidfile, probably no daemon present # if [ ! -f $pidfile ] then return 1 fi

pid=`cat $pidfile_syslogd`

# No pid, probably no daemon present
#
if [ -z "$pid" ]
then
return 1
fi

if [ ! -d /proc/$pid ]
then
return 1
fi

cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`

# No syslogd?
#
if [ "$cmd" != "$binpath" ]
then
return 1
fi

return 0

}

waitpid () { pid=$1

Give pid a chance to exit before we restart with a 5s timeout in 1s intervals

if [ -z "$pid" ]; then return fi timeout=5; while [ $timeout -gt 0 ] do timeout=$(( $timeout-1 )) kill -0 $pid 2> /dev/null || break sleep 1 done }

case "$1" in start) log_begin_msg "Starting system log daemon..." create_xconsole start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD log_end_msg $? ;; stop) log_begin_msg "Stopping system log daemon..." start-stop-daemon --stop --quiet --pidfile $pidfile_syslogd --name syslogd log_end_msg $? ;; reload|force-reload) log_begin_msg "Reloading system log daemon..." start-stop-daemon --stop --quiet --signal 1 --pidfile $pidfile_syslogd --name syslogd log_end_msg $? ;; restart) log_begin_msg "Restarting system log daemon..." pid=cat $pidfile_syslogd 2> /dev/null start-stop-daemon --stop --retry 5 --quiet --pidfile $pidfile_syslogd --name syslogd waitpid $pid start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD log_end_msg $? ;; reload-or-restart) if running then $0 reload else $0 start fi ;; status) status syslogd RETVAL=$? [ $RETVAL -eq 0 ] && exit $rval exit $RETVAL ;; *) log_success_msg "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart|status}" exit 1 esac

exit 0

3.1 KiB Executable File Raw Blame History