Merge pull request #1 from sdslabs/logger

Completes core feature binaries

Author: fristonio

Cargo.lock

@@ -12,11 +12,21 @@ toml = "0.5.3"
 reqwest = "0.9.20"
 base64 = "0.10.1"
 rust-crypto = "0.2.36"
+simplelog = "^0.7.3"
+log = "^0.4.8"
 
 [[bin]]
 name = "pam_sudo"
 path = "src/sudo/main.rs"
 
+[[bin]]
+name = "pam_su"
+path = "src/su/main.rs"
+
+[[bin]]
+name = "pam_ssh"
+path = "src/ssh/main.rs"
+
 [[bin]]
 name = "auth_keys_cmd"
 path = "src/auth_keys_cmd/main.rs"

Cargo.toml

@@ -0,0 +1,75 @@
+
+watchdog_config = """
+# SDSLabs Watchdog configuration START
+
+UsePAM yes
+PasswordAuthentication no
+AuthorizedKeysCommand /opt/watchdog/bin/auth_keys_cmd %u %h %t %f %k
+AuthorizedKeysCommandUser root
+
+# SDSLabs Watchdog configuration END
+"""
+
+
+modified_keys = [
+	'AuthorizedKeysCommand',
+	'AuthorizedKeysCommandUser',
+	'PasswordAuthentication',
+	'UsePAM'
+]
+
+inside_watchdog_config = False
+
+def process_line(line):
+	global inside_watchdog_config
+
+	if inside_watchdog_config and line == "# SDSLabs Watchdog configuration END\n":
+		inside_watchdog_config = False
+		return ''
+
+	if inside_watchdog_config:
+		return ''
+
+	if line == "# SDSLabs Watchdog configuration START\n":
+		inside_watchdog_config = True
+		return ''
+
+	l = line.strip()
+	i = l.find('#')
+	if i != -1:
+		l = l[:i]
+	if len(l) == 0:
+		return line
+	i = l.find(' ')
+	j = l.find('\t')
+	if i == -1 and j != -1:
+		i = j
+	elif j == -1 and i != -1:
+		pass
+	elif j == -1 and i == -1:
+		return line
+	else:
+		i = min(i, j)
+	key = l[:i]
+	value = l[i+1:].strip()
+	if key in modified_keys:
+		# comment this line
+		return '# Watchdog: Commenting the line below out\n#' + line
+	else:
+		return line
+
+def main():
+	iput = open("/etc/ssh/sshd_config")
+	oput = open("tmp_sshd_config", "w")
+	lines = iput.readlines()
+	for l in lines:
+		oputline = process_line(l)
+		oput.write(oputline)
+
+	oput.write(watchdog_config)
+
+	iput.close()
+	oput.close()
+
+
+main()

install.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Install all the files at right place
+mkdir -p /opt/watchdog/bin
+
+cp ../target/debug/pam_ssh /opt/watchdog/bin/pam_ssh
+chown root /opt/watchdog/bin/pam_ssh
+chgrp root /opt/watchdog/bin/pam_ssh
+chmod  700 /opt/watchdog/bin/pam_ssh
+
+cp ../target/debug/pam_su /opt/watchdog/bin/pam_su
+chown root /opt/watchdog/bin/pam_su
+chgrp root /opt/watchdog/bin/pam_su
+chmod  700 /opt/watchdog/bin/pam_su
+
+cp ../target/debug/pam_sudo /opt/watchdog/bin/pam_sudo
+chown root /opt/watchdog/bin/pam_sudo
+chgrp root /opt/watchdog/bin/pam_sudo
+chmod  700 /opt/watchdog/bin/pam_sudo
+
+cp ../target/debug/auth_keys_cmd /opt/watchdog/bin/auth_keys_cmd
+chown root /opt/watchdog/bin/auth_keys_cmd
+chgrp root /opt/watchdog/bin/auth_keys_cmd
+chmod  700 /opt/watchdog/bin/auth_keys_cmd
+
+cp ../config.toml /opt/watchdog/config.toml
+
+# edit `sshd_config` file
+cp /etc/ssh/sshd_config /etc/ssh/sshd_config.watchdog.bak
+python3 edit-sshd-config.py
+cp tmp_sshd_config /etc/ssh/sshd_config
+rm tmp_sshd_config
+service sshd restart
+
+# installing pam_exec lines
+python3 pam-install-sudo.py
+python3 pam-install-su.py
+python3 pam-install-ssh.py
+
+cp tmp_sudo /etc/pam.d/sudo
+cp tmp_su /etc/pam.d/su
+cp tmp_ssh /etc/pam.d/sshd
+
+rm tmp_sudo
+rm tmp_su
+rm tmp_ssh

install/edit-sshd-config.py

@@ -0,0 +1,42 @@
+
+watchdog_config = """
+# SDSLabs Watchdog configuration START
+
+session optional pam_exec.so seteuid /opt/watchdog/bin/pam_ssh
+
+# SDSLabs Watchdog configuration END
+"""
+
+inside_watchdog_config = False
+
+def process_line(line):
+	global inside_watchdog_config
+
+	if inside_watchdog_config and line == "# SDSLabs Watchdog configuration END\n":
+		inside_watchdog_config = False
+		return ''
+
+	if inside_watchdog_config:
+		return ''
+
+	if line == "# SDSLabs Watchdog configuration START\n":
+		inside_watchdog_config = True
+		return ''
+
+	return line
+
+def main():
+	iput = open("/etc/pam.d/sshd")
+	oput = open("tmp_ssh", "w")
+	lines = iput.readlines()
+	for l in lines:
+		oputline = process_line(l)
+		oput.write(oputline)
+
+	oput.write(watchdog_config)
+
+	iput.close()
+	oput.close()
+
+
+main()

install/install.sh

@@ -0,0 +1,42 @@
+
+watchdog_config = """
+# SDSLabs Watchdog configuration START
+
+session optional pam_exec.so seteuid /opt/watchdog/bin/pam_su
+
+# SDSLabs Watchdog configuration END
+"""
+
+inside_watchdog_config = False
+
+def process_line(line):
+	global inside_watchdog_config
+
+	if inside_watchdog_config and line == "# SDSLabs Watchdog configuration END\n":
+		inside_watchdog_config = False
+		return ''
+
+	if inside_watchdog_config:
+		return ''
+
+	if line == "# SDSLabs Watchdog configuration START\n":
+		inside_watchdog_config = True
+		return ''
+
+	return line
+
+def main():
+	iput = open("/etc/pam.d/su")
+	oput = open("tmp_su", "w")
+	lines = iput.readlines()
+	for l in lines:
+		oputline = process_line(l)
+		oput.write(oputline)
+
+	oput.write(watchdog_config)
+
+	iput.close()
+	oput.close()
+
+
+main()

install/pam-install-ssh.py

@@ -0,0 +1,42 @@
+
+watchdog_config = """
+# SDSLabs Watchdog configuration START
+
+session optional pam_exec.so seteuid /opt/watchdog/bin/pam_sudo
+
+# SDSLabs Watchdog configuration END
+"""
+
+inside_watchdog_config = False
+
+def process_line(line):
+	global inside_watchdog_config
+
+	if inside_watchdog_config and line == "# SDSLabs Watchdog configuration END\n":
+		inside_watchdog_config = False
+		return ''
+
+	if inside_watchdog_config:
+		return ''
+
+	if line == "# SDSLabs Watchdog configuration START\n":
+		inside_watchdog_config = True
+		return ''
+
+	return line
+
+def main():
+	iput = open("/etc/pam.d/sudo")
+	oput = open("tmp_sudo", "w")
+	lines = iput.readlines()
+	for l in lines:
+		oputline = process_line(l)
+		oput.write(oputline)
+
+	oput.write(watchdog_config)
+
+	iput.close()
+	oput.close()
+
+
+main()

install/pam-install-su.py

@@ -1,11 +1,14 @@
+extern crate log;
+extern crate watchdog;
+
+use log::error;
 use std::env;
 use std::fs;
-// use std::io::prelude::*;
-
-extern crate watchdog;
 
 fn main() {
     let config = watchdog::config::read_config();
+    watchdog::init::init(&config);
+
     let args: Vec<_> = env::args().collect();
 
     let ssh_host_username = &args[1];
@@ -17,7 +20,14 @@ fn main() {
             ssh_host_username, ssh_key
         );
 
-        fs::write(&config.temp_env_file, data).expect("unable to write temp env file");
+        let res = fs::write(&config.temp_env_file, data);
+        match res {
+            Ok(b) => b,
+            Err(_) => {
+                error!("Cannot write temporary environment file. Please check if the watchdog `auth_keys_cmd` is run by the root user");
+                std::process::exit(1);
+            }
+        }
 
         println!("{}", ssh_key);
     } else {

install/pam-install-sudo.py

@@ -9,10 +9,11 @@ pub struct Config {
     pub keyhouse_base_url: String,
     pub temp_env_file: String,
     pub watchdog_base_url: String,
+    pub error_log_file: String,
 }
 
 pub fn read_config() -> Config {
-    let toml_str = fs::read_to_string("/home/kanav/projects/watchdog-rs/config.toml")
+    let toml_str = fs::read_to_string("/opt/watchdog/config.toml")
         .expect("Error reading the config.toml file.");
     let config: Config = toml::from_str(&toml_str).unwrap();
     return config;

src/auth_keys_cmd/main.rs

@@ -7,8 +7,8 @@ pub struct TempEnvirontment {
     pub ssh_key: String,
 }
 
-pub fn read_temp_env(path: String) -> TempEnvirontment {
-    let toml_str = fs::read_to_string(&path).expect("Error reading the environment toml file.");
+pub fn read_temp_env(path: &String) -> TempEnvirontment {
+    let toml_str = fs::read_to_string(path).expect("Error reading the environment toml file.");
     let env: TempEnvirontment = toml::from_str(&toml_str).unwrap();
     return env;
 }

src/config.rs

@@ -0,0 +1,34 @@
+extern crate simplelog;
+
+use crate::config;
+use log::error;
+use simplelog::*;
+use std::fs::OpenOptions;
+
+pub fn init(config: &config::Config) {
+    init_logger(&config);
+}
+
+pub fn init_logger(config: &config::Config) {
+    let log_file = match OpenOptions::new()
+        .create_new(true)
+        .read(true)
+        .append(true)
+        .open(&config.error_log_file)
+    {
+        Ok(f) => f,
+        Err(_) => {
+            error!("Watchdog: Couldn't open log file");
+            panic!("Watchdog: Couldn't open log file");
+        }
+    };
+
+    let _res = match CombinedLogger::init(vec![WriteLogger::new(
+        LevelFilter::Info,
+        Config::default(),
+        log_file,
+    )]) {
+        Ok(_) => {}
+        Err(_) => error!("Watchdog: Couldnt start logger for some reason"),
+    };
+}