Page 1 of 1

Can't add root to mysyslog with csf.syslogusers

Posted: 20 Mar 2017, 21:28
by Chris_M
We have a CentOS 7 server where we are running CSF v10.04.

On this server we have Qmail as the MTA (part of Plesk 12.5) and it logs to rsyslog via the 'root' user.

I checked /etc/csf/csf.syslogusers and root is already included in the file by default. However, root does not get added to the mysyslog group as confirmed by the following command:

Code: Select all

[root@plesk12-test csf]# groups root
root : root
We have restarted CSF and LFD (csf --ra) but it never adds root to the group.

Other than adding root manually to the mysyslog group, how can we get CSF to do this automatically? I would rather CSF handled it as it sounds as if it should be adding root to the group automatically, especially as root is defined in csf.syslogusers by default.

Does anyone have any ideas?

Thanks,
Chris

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 20 Mar 2017, 21:40
by ForumAdmin
root should not need to be added as it should be owner of the socket. It is only additional users that need access via the group permissions:

Code: Select all

# ls -la /dev/log
srw-rw---- 1 root mysyslog 0 Mar  7 17:12 /dev/log

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 20 Mar 2017, 21:50
by Chris_M
ForumAdmin wrote: 20 Mar 2017, 21:40 root should not need to be added as it should be owner of the socket. It is only additional users that need access via the group permissions:

Code: Select all

# ls -la /dev/log
srw-rw---- 1 root mysyslog 0 Mar  7 17:12 /dev/log
Thanks for your reply.

The permissions appear to be set correctly on the server:

Code: Select all

[root@plesk12-test ~]# ll /dev/log
srw-rw---- 1 root mysyslog 0 Mar 10 20:02 /dev/log
But qmail logging doesn't work until root is added to the mysyslog group - eg if I run "usermod -a -G mysyslog root" qmail starts logging correctly.

We have reproduced this on 2 servers, both running Plesk 12.5 so seems to be a Plesk/qmail specific issue.

Any idea why that would happen and/or how to fix it?

Thanks again.

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 20 Mar 2017, 22:02
by ForumAdmin
For now you will have to add it manually. We'll look into ensuring that lfd does add root to the group in the next release, which it currently does not due to the way the checks are performed while performing the usermod loop.

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 20 Mar 2017, 22:05
by ForumAdmin
If you find the following line in lfd.pl:

Code: Select all

if ($syslogusers{$name} and getpwnam($name)) {
you can fix it now by replacing it with:

Code: Select all

if ($syslogusers{$name} and getpwnam($name) ne "") {
Then restart csf and then lfd.

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 21 Mar 2017, 12:01
by Chris_M
Just wanted to thank you for your reply.

If this can be fixed in a future update that would be great. In the meantime we'll add root to mysyslog manually with the following:

Code: Select all

usermod -a -G mysyslog root
Thanks again.

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 01 Jun 2017, 17:44
by Chris_M
We just found another similar issue. Any usernames containing a hyphen/dash character in /etc/csf/csf.syslogusers don't get added to the mysyslog group.

For example, with Plesk and qmail it logs to syslog with the username "mhandlers-user". We have this configured in csf.syslogusers but it doesn't get added to the mysyslog group by CSF.

Does the regex for detecting usernames in csf.syslogusers omit hyphens and/or could this be modified to include them please?

Thanks in advance.

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 01 Jun 2017, 21:10
by ForumAdmin
It doesn't at present. Here's a modified line 2022 from the latest lfd.pl which we will be in the next release which should include all possible linux usernames:
old:

Code: Select all

		if ($line =~ /^(\w+)$/) {$syslogusers{$1} = 1}
new:

Code: Select all

		if ($line =~ /^[a-zA-Z0-9]+([\_\s\-\.]?[a-zA-Z0-9])*$/) {$syslogusers{$line} = 1}

Re: Can't add root to mysyslog with csf.syslogusers

Posted: 02 Jun 2017, 12:29
by Chris_M
Thanks for the quick workaround/fix - much appreciated. Great work on CSF!