diff --git a/management/status_checks.py b/management/status_checks.py index 4b0eca4a..2716152b 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -961,6 +961,16 @@ def run_and_output_changes(env, pool): if os.path.exists(cache_fn): prev = json.load(open(cache_fn)) + # execute hooks + hook_data = { + 'op':'output_changes_begin', + 'env':env, + 'cur': cur, + 'prev': prev, + 'output':out + } + hooks.exec_hooks('status_checks', hook_data) + # Group the serial output into categories by the headings. def group_by_heading(lines): from collections import OrderedDict @@ -1051,7 +1061,10 @@ class FileOutput: self.print_block(message, first_line="✖ ") def print_warning(self, message): - self.print_block(message, first_line="? ") + self.print_block(message, first_line="⚠ ") + + def print_info(self, message): + self.print_block(message, first_line="ℹ ") def print_block(self, message, first_line=" "): print(first_line, end='', file=self.buf) @@ -1097,7 +1110,7 @@ class BufferedOutput: def __init__(self, with_lines=None): self.buf = [] if not with_lines else with_lines def __getattr__(self, attr): - if attr not in ("add_heading", "print_ok", "print_error", "print_warning", "print_block", "print_line"): + if attr not in ("add_heading", "print_ok", "print_error", "print_warning", "print_info", "print_block", "print_line"): raise AttributeError # Return a function that just records the call & arguments to our buffer. def w(*args, **kwargs): diff --git a/setup/mods.available/hooks/logwatch-hooks.py b/setup/mods.available/hooks/logwatch-hooks.py new file mode 100644 index 00000000..7dcd0446 --- /dev/null +++ b/setup/mods.available/hooks/logwatch-hooks.py @@ -0,0 +1,114 @@ +##### +##### This file is part of Mail-in-a-Box-LDAP which is released under the +##### terms of the GNU Affero General Public License as published by the +##### Free Software Foundation, either version 3 of the License, or (at +##### your option) any later version. See file LICENSE or go to +##### https://github.com/downtownallday/mailinabox-ldap for full license +##### details. +##### + + +# +# This is a status_checks management hook for the logwatch setup mod. +# +# It adds logwatch output to status checks. In most circumstances it +# will cause a "status checks change notice" email to be sent every +# day when daily_tasks.sh runs status checks around 3 am. +# +# The hook is enabled by placing the file in directory +# LOCAL_MODS_DIR/managment_hooks_d. +# + +import os, time +import logging +from utils import shell + +log = logging.getLogger(__name__) + +def do_hook(hook_name, hook_data, mods_env): + if hook_name != 'status_checks': + # we only care about hooking status_checks + log.debug('hook - ignoring hook %s', hook_name) + return False + + if hook_data['op'] != 'output_changes_end': + # we only want to append for --show-changes + log.debug('hook - ignoring hook op %s:%s', hook_name, hook_data['op']) + return False + + output = hook_data['output'] + + if not os.path.exists("/usr/sbin/logwatch"): + output.print_error("logwatch is not installed") + return True + + # determine scope and period of the logwatch log file scan + since_mtime = hook_data['since'] if 'since' in hook_data else 0 + if since_mtime <= 0: + since = 'since 24 hours ago for that hour' + since_desc = 'since 24 hours ago' + else: + local_str = time.strftime( + "%Y-%m-%d %H:%M:%S", + time.localtime(since_mtime) + ) + since = 'since %s for that second' % local_str + since_desc = 'since %s' % local_str + + # run logwatch + report = shell( + 'check_output', + [ + '/usr/sbin/logwatch', + '--range', since, + '--output', 'stdout', + '--format', 'text', + '--service', 'all', + '--service', '-zz-disk_space', + '--service', '-zz-network', + '--service', '-zz-sys', + ], + capture_stderr=True, + trap=False + ) + + # defer outputting the heading text because if there is no + # logwatch output we care about, we don't want any output at all + # (which could avoid a status check email) + heading_done = False + def try_output_heading(): + nonlocal heading_done + if heading_done: return + output.add_heading('System Log Watch (%s)' % since_desc); + heading_done=True + + in_summary = False # true if we're currently processing the logwatch summary text, which is the text output by logwatch that is surrounded by lines containing hashes. we ignore the summary text + blank_line_count = 1 # keep track of the count of adjacent blank lines + output_info = False # true if we've called output.print_info at least once + + for line in report.split('\n'): + line = line.strip(); + if line == '': + blank_line_count += 1 + if blank_line_count == 1 and output_info: + output.print_line('') + + elif line.startswith('##'): + in_summary = '## Logwatch' in line + + elif line.startswith('--'): + if ' Begin --' in line: + start = line.find(' ') + end = line.rfind(' Begin --') + try_output_heading() + output.print_info("%s" % line[start+1:end]) + output_info = True + blank_line_count = 0 + + else: + if not in_summary: + try_output_heading() + output.print_line(line) + blank_line_count = 0 + + return True diff --git a/setup/mods.available/logwatch.sh b/setup/mods.available/logwatch.sh new file mode 100755 index 00000000..6b06a615 --- /dev/null +++ b/setup/mods.available/logwatch.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# +# this adds the logwatch tool to the system (see, +# https://ubuntu.com/server/docs/logwatch) and executes it as part of +# normal status checks with it's output attached to daily status +# checks emails +# +# created: 2022-11-03 +# author: downtownallday +# removal: run `local/logwatch.sh remove`, then delete symbolic link +# (`rm local/logwatch.sh`) + +. /etc/mailinabox.conf +. setup/functions.sh + +logwatch_remove() { + remove_hook_handler "logwatch-hooks.py" + hide_output apt-get purge logwatch -y +} + +logwatch_install() { + echo "Installing logwatch" + apt_install logwatch + # remove cron entry added by logwatch installer, which emails daily + rm -f /etc/cron.daily/00logwatch + mkdir -p /var/cache/logwatch + + # settings in the logwatch.conf file become defaults when running + # the cli /usr/sbin/logwatch (cli arguments override the conf + # file) + local settings=( + "MailTo=administrator@$PRIMARY_HOSTNAME" + "MailFrom=\"$PRIMARY_HOSTNAME\" " + ) + + if [ ! -e /etc/logwatch/conf/logwatch.conf ]; then + cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ + settings+=( + "Output=mail" + "Format=html" + "Service=All" + "Detail=Low" + ) + fi + + tools/editconf.py /etc/logwatch/conf/logwatch.conf -case-insensitive "${settings[@]}" + install_hook_handler "setup/mods.available/hooks/logwatch-hooks.py" +} + + +if [ "${1:-}" = "remove" ]; then + logwatch_remove +else + logwatch_install +fi + diff --git a/tools/editconf.py b/tools/editconf.py index 5ad9403e..ba566dc3 100755 --- a/tools/editconf.py +++ b/tools/editconf.py @@ -54,6 +54,8 @@ comment_char = "#" folded_lines = False testing = False ini_section = None +case_insensitive_names = False +case_insensitive_values = False while settings[0][0] == "-" and settings[0] != "--": opt = settings.pop(0) if opt == "-s": @@ -75,19 +77,34 @@ while settings[0][0] == "-" and settings[0] != "--": comment_char = settings.pop(0) elif opt == "-ini-section": ini_section = settings.pop(0) + elif opt == "-case-insensitive": + case_insensitive_names = True + case_insensitive_values = True elif opt == "-t": testing = True else: print("Invalid option.") sys.exit(1) +class Setting(object): + def __init__(self, setting): + self.name, self.val = setting.split("=", 1) + # add_only: do not modify existing value + self.add_only = self.name.startswith("+") + if self.add_only: self.name=self.name[1:] + def val_eq(self, other_val, case_insensitive): + if not case_insensitive: + r = self.val == other_val + else: + r = self.val.lower() == other_val.lower() + return r # sanity check command line -for setting in settings: - try: - name, value = setting.split("=", 1) - except: - import subprocess - print("Invalid command line: ", subprocess.list2cmdline(sys.argv)) +try: + settings = [ Setting(x) for x in settings ] +except: + import subprocess + print("Invalid command line: ", subprocess.list2cmdline(sys.argv)) + # create the new config file in memory @@ -111,7 +128,7 @@ while len(input_lines) > 0: # Put any settings we didn't see at the end of the section. for i in range(len(settings)): if i not in found: - name, val = settings[i].split("=", 1) + name, val = (settings[i].name, settings[i].val) if not (not val and erase_setting): buf += name + delimiter + val + "\n" cur_section = line.strip()[1:-1].strip().lower() @@ -126,19 +143,26 @@ while len(input_lines) > 0: # See if this line is for any settings passed on the command line. for i in range(len(settings)): # Check if this line contain this setting from the command-line arguments. - name, val = settings[i].split("=", 1) + name, val = (settings[i].name, settings[i].val) + flags = re.S | (re.I if case_insensitive_names else 0) m = re.match( "(\s*)" + "(" + re.escape(comment_char) + "\s*)?" + re.escape(name) + delimiter_re + "(.*?)\s*$", - line, re.S) + line, flags) if not m: continue indent, is_comment, existing_val = m.groups() + # With + before the name, don't modify the existing value + if settings[i].add_only: + found.add(i) + buf += line + break + # If this is already the setting, keep it in the file, except: # * If we've already seen it before, then remove this duplicate line. # * If val is empty and erase_setting is on, then comment it out. - if is_comment is None and existing_val == val and not (not val and erase_setting): + if is_comment is None and settings[i].val_eq(existing_val, case_insensitive_values) and not (not val and erase_setting): # It may be that we've already inserted this setting higher # in the file so check for that first. if i in found: break @@ -173,11 +197,11 @@ while len(input_lines) > 0: # Put any settings we didn't see at the end of the file, # except settings being cleared. if not ini_section or cur_section == ini_section.lower(): - for i in range(len(settings)): - if (i not in found): - name, val = settings[i].split("=", 1) - if not (not val and erase_setting): - buf += name + delimiter + val + "\n" + for i in range(len(settings)): + if (i not in found): + name, val = (settings[i].name, settings[i].val) + if not (not val and erase_setting): + buf += name + delimiter + val + "\n" if not testing: # Write out the new file.