logwatch: mdadm status missing - Fix for Bug 12080

- Addition of mdadm module to logwatch
- Addition of logwatch to sudoers list to run mdadm commands
- patch to change logwatch mdadm.conf to allow scan for raid drives, change mdadm script
   to run mdadm scan commands with sudo, allow clean but degraded drives to be listed
   in the output.

Fixes: 12080
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/config/logwatch/sudoers/logwatch-mdadm b/config/logwatch/sudoers/logwatch-mdadm
new file mode 100644 (file)
index 0000000..cdc524d
--- /dev/null
+++ b/config/logwatch/sudoers/logwatch-mdadm
@@ -0,0 +1,2 @@
+# The following commands need to be executed by logwatch in case there's an MD Raid
+logwatch ALL=(root) NOPASSWD: /sbin/mdadm --misc --detail /dev/md*, /sbin/mdadm --detail --scan

diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch
index c47fb41993b45435b4ce92f72247ed21d516a765..1e4a0a81bc0e058fee9be54f96a3b7810188aaa4 100644 (file)
--- a/config/rootfiles/common/logwatch
+++ b/config/rootfiles/common/logwatch
@@ -3,6 +3,8 @@ etc/logwatch/conf
 #etc/logwatch/logwatch.cron
 etc/logwatch/scripts
 etc/logwatch/scripts/services
+#etc/sudoers.d
+etc/sudoers.d/logwatch-mdadm
 usr/sbin/logwatch
 #usr/share/logwatch
 #usr/share/logwatch/HOWTO-Customize-LogWatch
@@ -117,7 +119,7 @@ usr/share/logwatch/default.conf/services/kernel.conf
 #usr/share/logwatch/default.conf/services/knockd.conf
 #usr/share/logwatch/default.conf/services/lvm.conf
 #usr/share/logwatch/default.conf/services/mailscanner.conf
-#usr/share/logwatch/default.conf/services/mdadm.conf
+usr/share/logwatch/default.conf/services/mdadm.conf
 #usr/share/logwatch/default.conf/services/mod_security2.conf
 usr/share/logwatch/default.conf/services/modprobe.conf
 #usr/share/logwatch/default.conf/services/mountd.conf
@@ -262,7 +264,7 @@ usr/share/logwatch/scripts/services/kernel
 #usr/share/logwatch/scripts/services/knockd
 #usr/share/logwatch/scripts/services/lvm
 #usr/share/logwatch/scripts/services/mailscanner
-#usr/share/logwatch/scripts/services/mdadm
+usr/share/logwatch/scripts/services/mdadm
 #usr/share/logwatch/scripts/services/mod_security2
 usr/share/logwatch/scripts/services/modprobe
 #usr/share/logwatch/scripts/services/mountd

diff --git a/lfs/logwatch b/lfs/logwatch
index 8baaef2ce4c830aec4bfe0727056fdd540dfe2cd..628dafe6fdefb16c05484f18391a904ec1200c88 100644 (file)
--- a/lfs/logwatch
+++ b/lfs/logwatch
@@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.5.4-disable_iptables.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
 
        @cd $(DIR_APP) && chmod 755 install_logwatch.sh
        cd $(DIR_APP) && yes "" | ./install_logwatch.sh
@@ -103,6 +104,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        chmod -v 755 /var/log/logwatch
        -rm -rf /etc/logwatch/conf
        ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf
-       
+
+       -mkdir -p /etc/sudoers.d
+       chmod -v 755 /etc/sudoers.d
+       install -v -m 644 $(DIR_SRC)/config/logwatch/sudoers/logwatch-mdadm \
+                /etc/sudoers.d/logwatch-mdadm
+
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
new file mode 100644 (file)
index 0000000..b703407
--- /dev/null
+++ b/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
@@ -0,0 +1,46 @@
+diff -Naur logwatch-7.5.5-orig/conf/services/mdadm.conf logwatch-7.5.5/conf/services/mdadm.conf
+--- logwatch-7.5.5-orig/conf/services/mdadm.conf       2021-01-22 21:59:40.000000000 +0100
++++ logwatch-7.5.5/conf/services/mdadm.conf    2021-10-04 13:52:30.850057355 +0200
+@@ -13,7 +13,7 @@
+ # Logwatch will try to find md devices in /etc/mdadm.conf or 
+ # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively
+ # for md devices. Set to 'Yes' to enable active scanning:
+-$mdadm_enable_scan = No
++$mdadm_enable_scan = Yes
+ 
+ # Logwatch will emit an error for md devices listed in /etc/mdadm.conf
+ # that are not present.  If you do not want this (e.g. raid devices may come
+diff -Naur logwatch-7.5.5-orig/scripts/services/mdadm logwatch-7.5.5/scripts/services/mdadm
+--- logwatch-7.5.5-orig/scripts/services/mdadm 2021-01-22 21:59:40.000000000 +0100
++++ logwatch-7.5.5/scripts/services/mdadm      2021-10-06 11:41:14.800307603 +0200
+@@ -35,7 +35,7 @@
+ } elsif ( -f "/etc/mdadm/mdadm.conf" ) {
+   open(MDADM,"< /etc/mdadm/mdadm.conf");
+ } elsif ($enable_scan) {
+-  open(MDADM,"mdadm --detail --scan 2>/dev/null|");
++  open(MDADM,"sudo mdadm --detail --scan 2>/dev/null|");
+ }
+ while (<MDADM>) {
+   if (/^ARRAY/) {
+@@ -51,7 +51,7 @@
+     next;
+   }
+ 
+-  open(MDADM,"mdadm --misc --detail $dev 2>&1 |");
++  open(MDADM,"sudo mdadm --misc --detail $dev 2>&1 |");
+   while (<MDADM>) {
+     if ($_ =~ /cannot open .*: No such file or directory/) {
+       print $_ unless $ignore_missing;
+@@ -74,7 +74,11 @@
+ 
+   if ($Detail <= 4) {
+     if (lc($mdhash{'state'}) =~ /clean|active/) {
+-      print "$dev : $mdhash{'state'}\n" if $Detail;
++      if (lc($mdhash{'state'}) =~ /degraded/) {
++        print "$dev : $mdhash{'state'}\n";
++      } else {
++        print "$dev : $mdhash{'state'}\n" if $Detail;
++      }
+     } else {
+       print "$dev : $mdhash{'state'}\n";
+       if (defined($mdhash{'middle devices'})) {