From ae177b41bbd22bf129a4f43f3363f18eac87c7a7 Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Thu, 19 Sep 2013 12:07:31 +0000 Subject: [PATCH] 2013-09-19 Ramon Novoa * Linux/pandora_agent.conf: The default user should not be pandora. * pandora_agent_installer: Removed some calls to chown that had the potential to damage a Linux system. * pandora_agent: Delay the parsing of include files to make sure that all variables that may affect a module's configuration have already been read. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8783 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_agents/unix/ChangeLog | 11 ++++++ pandora_agents/unix/Linux/pandora_agent.conf | 2 +- pandora_agents/unix/pandora_agent | 41 ++++++++++++-------- pandora_agents/unix/pandora_agent_installer | 30 +++----------- 4 files changed, 43 insertions(+), 41 deletions(-) diff --git a/pandora_agents/unix/ChangeLog b/pandora_agents/unix/ChangeLog index 59b7cf7c47..23df10f649 100644 --- a/pandora_agents/unix/ChangeLog +++ b/pandora_agents/unix/ChangeLog @@ -1,3 +1,14 @@ +2013-09-19 Ramon Novoa + + * Linux/pandora_agent.conf: The default user should not be pandora. + + * pandora_agent_installer: Removed some calls to chown that had the + potential to damage a Linux system. + + * pandora_agent: Delay the parsing of include files to make sure + that all variables that may affect a module's configuration + have already been read. + 2013-09-13 Ramon Novoa * pandora_agent: Added a missing parameter to a call to log_message. diff --git a/pandora_agents/unix/Linux/pandora_agent.conf b/pandora_agents/unix/Linux/pandora_agent.conf index 79a65a604b..9b924e04b8 100755 --- a/pandora_agents/unix/Linux/pandora_agent.conf +++ b/pandora_agents/unix/Linux/pandora_agent.conf @@ -125,7 +125,7 @@ remote_config 0 #agent_threads 1 # User the agent will run as -#pandora_user root +#pandora_user pandora # Enable or disable XML buffer. # If you are in a secured environment and want to enable the XML buffer you diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent index ed6f2b360b..9402c1f092 100755 --- a/pandora_agents/unix/pandora_agent +++ b/pandora_agents/unix/pandora_agent @@ -649,22 +649,6 @@ sub read_config (;$) { next; } next if ($line =~ /^module\s*\w*/); - - # Additional configuration file - if ($line =~ /^include\s+(.*)\s*/) { - log_message ('setup', "include is $1"); - $Conf{'include'} = $Conf{'include'} ? "$Conf{'include'} $1" : $1; - - foreach my $file_name (glob("$1")) { - open (FILE, "$file_name") or next; - - log_message ('setup', "reading $file_name"); - my @file_conf = ; - parse_conf_modules(\@file_conf); - close (FILE); - } - next; - } #Configuration token if ($line =~ /^\s*(\S+)\s+(.*)$/) { @@ -693,6 +677,31 @@ sub read_config (;$) { $Conf{'intensive_interval'} = $Conf{'interval'}; } + # Search for includes after all other variables have been set + foreach my $line (@file) { + + # Skip comments and empty lines + next if ($line =~ m/^\s*#/) or ($line =~ m/^\s*$/); + + # Replace CRLF with LF + $line =~ s/\r\n/\n/g; + + # Additional configuration file + if ($line =~ /^include\s+(.*)\s*/) { + $Conf{'include'} = $Conf{'include'} ? "$Conf{'include'} $1" : $1; + + foreach my $file_name (glob("$1")) { + open (FILE, "$file_name") or next; + + log_message ('setup', "reading $file_name"); + my @file_conf = ; + parse_conf_modules(\@file_conf); + close (FILE); + } + next; + } + } + # Module, plugin and collection definitions parse_conf_modules(\@file); diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer index f4fc9a1790..192b0bf260 100755 --- a/pandora_agents/unix/pandora_agent_installer +++ b/pandora_agents/unix/pandora_agent_installer @@ -32,6 +32,11 @@ PANDORA_BASE=`echo $2 | sed -e 's/\/$//'` if [ "$3" != "" ] then PANDORA_USER=$3 + if [ "$PANDORA_BASE" == "" ] + then + echo "When specifying a custom user the agent must be installed to a custom location where that user has write permissions!" + exit 1 + fi else PANDORA_USER="root" fi @@ -240,10 +245,6 @@ install () { # Alter dynamically the daemon launcher and setup the new path # if PANDORA_BASE is customized. - - AGENT_CFG=$OS_NAME/pandora_agent.conf - AGENT_CFG_TEMP=$OS_NAME/pandora_agent.conf.temp - if [ ! -z "$PANDORA_BASE" ] then if [ "$OS_NAME" = "FreeBSD" ] @@ -342,6 +343,7 @@ install () { sed -e "s/.*pandora_user .*/pandora_user $PANDORA_USER/" $AGENT_CFG > $AGENT_CFG_TEMP 2> /dev/null && \ mv $AGENT_CFG_TEMP $AGENT_CFG chmod 755 pandora_agent_daemon + chown -R $PANDORA_USER $PANDORA_BASE fi # Create logfile @@ -452,26 +454,6 @@ install () { chmod -R 770 $PANDORA_BASE$PANDORA_TEMP chmod 775 $PANDORA_BASE$PANDORA_TEMP fi - - #chown each directory one by one to avoid erros when no pandora_base and pandora_use is given - chown -R $PANDORA_USER $PANDORA_BASE/var/log - chown -R $PANDORA_USER $PANDORA_BASE/$PANDORA_MAN/man1 - - if [ "$OS_NAME" = "FreeBSD" ] - then - chown -R $PANDORA_USER $PANDORA_BASE/usr/local/bin - else - chown -R $PANDORA_USER $PANDORA_BASE/usr/bin - fi - - chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_HOME - - chown -R $PANDORA_USER $PANDORA_BASE/tmp - chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_TEMP/data_out - chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_CFG - chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_LOG_DIR - chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_HOME/collections - chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_HOME/plugins echo "Copying default agent configuration to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf"