Can't add root to mysyslog with csf.syslogusers

9 posts Page 1 of 1
Chris_M
Junior Member
Posts: 5
Joined: 20 Mar 2017, 21:16


We have a CentOS 7 server where we are running CSF v10.04.

On this server we have Qmail as the MTA (part of Plesk 12.5) and it logs to rsyslog via the 'root' user.

I checked /etc/csf/csf.syslogusers and root is already included in the file by default. However, root does not get added to the mysyslog group as confirmed by the following command:
Code: Select all
[root@plesk12-test csf]# groups root
root : root
We have restarted CSF and LFD (csf --ra) but it never adds root to the group.

Other than adding root manually to the mysyslog group, how can we get CSF to do this automatically? I would rather CSF handled it as it sounds as if it should be adding root to the group automatically, especially as root is defined in csf.syslogusers by default.

Does anyone have any ideas?

Thanks,
Chris
ForumAdmin
Moderator
Posts: 1305
Joined: 01 Oct 2008, 09:24


root should not need to be added as it should be owner of the socket. It is only additional users that need access via the group permissions:
Code: Select all
# ls -la /dev/log
srw-rw---- 1 root mysyslog 0 Mar  7 17:12 /dev/log
Chris_M
Junior Member
Posts: 5
Joined: 20 Mar 2017, 21:16


20 Mar 2017, 21:40ForumAdmin wrote:
root should not need to be added as it should be owner of the socket. It is only additional users that need access via the group permissions:
Code: Select all
# ls -la /dev/log
srw-rw---- 1 root mysyslog 0 Mar  7 17:12 /dev/log
Thanks for your reply.

The permissions appear to be set correctly on the server:
Code: Select all
[root@plesk12-test ~]# ll /dev/log
srw-rw---- 1 root mysyslog 0 Mar 10 20:02 /dev/log
But qmail logging doesn't work until root is added to the mysyslog group - eg if I run "usermod -a -G mysyslog root" qmail starts logging correctly.

We have reproduced this on 2 servers, both running Plesk 12.5 so seems to be a Plesk/qmail specific issue.

Any idea why that would happen and/or how to fix it?

Thanks again.
ForumAdmin
Moderator
Posts: 1305
Joined: 01 Oct 2008, 09:24


For now you will have to add it manually. We'll look into ensuring that lfd does add root to the group in the next release, which it currently does not due to the way the checks are performed while performing the usermod loop.
ForumAdmin
Moderator
Posts: 1305
Joined: 01 Oct 2008, 09:24


If you find the following line in lfd.pl:
Code: Select all
if ($syslogusers{$name} and getpwnam($name)) {
you can fix it now by replacing it with:
Code: Select all
if ($syslogusers{$name} and getpwnam($name) ne "") {
Then restart csf and then lfd.
Chris_M
Junior Member
Posts: 5
Joined: 20 Mar 2017, 21:16


Just wanted to thank you for your reply.

If this can be fixed in a future update that would be great. In the meantime we'll add root to mysyslog manually with the following:
Code: Select all
usermod -a -G mysyslog root
Thanks again.
Chris_M
Junior Member
Posts: 5
Joined: 20 Mar 2017, 21:16


We just found another similar issue. Any usernames containing a hyphen/dash character in /etc/csf/csf.syslogusers don't get added to the mysyslog group.

For example, with Plesk and qmail it logs to syslog with the username "mhandlers-user". We have this configured in csf.syslogusers but it doesn't get added to the mysyslog group by CSF.

Does the regex for detecting usernames in csf.syslogusers omit hyphens and/or could this be modified to include them please?

Thanks in advance.
ForumAdmin
Moderator
Posts: 1305
Joined: 01 Oct 2008, 09:24


It doesn't at present. Here's a modified line 2022 from the latest lfd.pl which we will be in the next release which should include all possible linux usernames:
old:
Code: Select all
		if ($line =~ /^(\w+)$/) {$syslogusers{$1} = 1}
new:
Code: Select all
		if ($line =~ /^[a-zA-Z0-9]+([\_\s\-\.]?[a-zA-Z0-9])*$/) {$syslogusers{$line} = 1}
Chris_M
Junior Member
Posts: 5
Joined: 20 Mar 2017, 21:16


Thanks for the quick workaround/fix - much appreciated. Great work on CSF!
9 posts Page 1 of 1