d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
90ea9c0dcd
freebsd-dev/libexec/rc/rc.d/accounting

81 lines
1.6 KiB
Plaintext
Raw Normal View History

Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
#!/bin/sh
#
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
# $FreeBSD$
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
#
# PROVIDE: accounting
Remove scripts we don't use from requirement lines. These were hold-overs from the initial NetBSD import.
2004-03-05 07:43:38 +00:00
# REQUIRE: mountcritremote
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
# BEFORE: DAEMON
Remove the requirement for the FreeBSD keyword as it no longer makes any sense. Discussed with: dougb, brooks MFC after: 3 days
2004-10-07 13:55:26 +00:00
# KEYWORD: nojail
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
. /etc/rc.subr
name="accounting"
Prepare for the removal of set_rcvar() by changing the rcvar= assignments to the literal values it would have returned. The concept of set_rcvar() was nice in theory, but the forks it creates are a drag on the startup process, which is especially noticeable on slower systems, such as embedded ones. During the discussion on freebsd-rc@ a preference was expressed for using ${name}_enable instead of the literal values. However the code portability concept doesn't really apply since there are so many other places where the literal name has to be searched for and replaced. Also, using the literal value is also a tiny bit faster than dereferencing the variables, and every little bit helps.
2012-01-14 02:18:41 +00:00
rcvar="accounting_enable"
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
accounting_command="/usr/sbin/accton"
accounting_file="/var/account/acct"
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
extra_commands="rotate_log"
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
start_cmd="accounting_start"
stop_cmd="accounting_stop"
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
rotate_log_cmd="accounting_rotate_log"
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
create_accounting_file()
{
install -o root -g wheel -m 0640 /dev/null "${accounting_file}"
}
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
accounting_start()
{
Eliminate global symbols starting with an underscore from rc.d scripts, except for mdconfig* and jail. Such symbols are reserved for the rc.subr internals. Most scripts can be fixed by just declaring _foo symbols as local: few scripts actually need them to be global. Discussed with: dougb in freebsd-rc
2006-12-30 22:53:20 +00:00
local _dir
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
_dir="${accounting_file%/*}"
if [ ! -d "$_dir" ]; then
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
if ! mkdir -p -m 0750 "$_dir"; then
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
err 1 "Could not create $_dir."
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
fi
Remove checks for the FreeBSD OS.
2004-01-17 11:25:16 +00:00
fi
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
Remove checks for the FreeBSD OS.
2004-01-17 11:25:16 +00:00
if [ ! -e "$accounting_file" ]; then
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
echo -n "Creating accounting file ${accounting_file}"
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
create_accounting_file
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
echo '.'
Remove checks for the FreeBSD OS.
2004-01-17 11:25:16 +00:00
fi
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
echo "Turning on accounting."
${accounting_command} ${accounting_file}
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
}
accounting_stop()
{
echo "Turning off accounting."
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
2002-06-13 22:14:37 +00:00
${accounting_command}
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
}
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
accounting_rotate_log()
{
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
# Note that this function must handle being called as "onerotate_log"
# (by the periodic scripts) when accounting is disabled, and handle
# being called multiple times (by an admin making mistakes) without
# anything having actually rotated the old .0 file out of the way.
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
if [ -e "${accounting_file}.0" ]; then
err 1 "Cannot rotate accounting log, ${accounting_file}.0 already exists."
fi
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
if [ ! -e "${accounting_file}" ]; then
err 1 "Cannot rotate accounting log, ${accounting_file} does not exist."
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
fi
mv ${accounting_file} ${accounting_file}.0
if checkyesno accounting_enable; then
Limit access to system accounting files. In 2013 the security chapter of the Handbook was updated in r42501 to suggest limiting access to the system accounting file [*1] by creating the initial file with a mode of 0600. This was in part based on a discussion in the forums [*2]. Unfortunately, this advice is overridden by the fact that a new file is created as part of periodic daily processing, and the file mode is set by the rc.d/accounting script. These changes update the accounting script to create the directory with mode 0750 if it doesn't already exist, and to create the daily file with mode 0640. This limits write access to root only, read access to root and members of wheel, and eliminates world access completely. For admins who want to prevent even members of wheel from accessing the files, the mode of the /var/account directory can be manually changed to 0700, because the script never creates or changes that directory if it already exists. The accounting_rotate_log() function now also handles the error cases of no existing log file to rotate, and attempting to rotate the file multiple times (.0 file already exists). Another small change here eliminates the complexity of the mktemp/chmod/mv sequence for creating a new acct file by using install(1) with the flags needed to directly create the file with the desired ownership and modes. That allows coalescing two separate if checkyesno accounting_enable blocks into one. These changes were inspired by my investigation of PR 202203. [1] https://www.freebsd.org/doc/handbook/security-accounting.html [2] http://forums.freebsd.org/showthread.php?t=41059 PR: 202203 Differential Revision: https://reviews.freebsd.org/D20876
2019-07-13 16:07:38 +00:00
create_accounting_file
${accounting_command} "${accounting_file}"
Update how accounting log files are rotated. The old version had a race between the time that the old file was cp'ed to acct.0 and the time that 'sa -s' was run that prevented the commands that occurred in the meantime from being backed up. It's also arguable that the old version was inefficient in using cp which can be a problem on a space-constrained system. This version avoids both problems, albeit it's considerably more complicated. The advantage of putting the log rotation in the rc.d script is that it can handle the _enable and _file questions without having to do gymnastics to discover either value in the periodic script. As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
fi
}
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
2001-06-16 07:16:14 +00:00
load_rc_config $name
run_rc_command "$1"
Reference in New Issue Copy Permalink