From 7b8acecd7393deba2411192d3f04778a2a4325c5 Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Mon, 14 Jun 2021 11:38:21 -0400

Subject: [PATCH] Add log files to the set of files checked for

 owner/group/mode

Extend the list of files to be checked to include most IPA service

log files.

https://bugzilla.redhat.com/show_bug.cgi?id=1780020

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

---

 src/ipahealthcheck/ipa/files.py | 62 +++++++++++++++++++++++++++++++++

 1 file changed, 62 insertions(+)

diff --git a/src/ipahealthcheck/ipa/files.py b/src/ipahealthcheck/ipa/files.py

index ae74c38..abfa52f 100644

--- a/src/ipahealthcheck/ipa/files.py

+++ b/src/ipahealthcheck/ipa/files.py

@@ -2,6 +2,7 @@

 # Copyright (C) 2019 FreeIPA Contributors see COPYING for license

 #

+import glob

 import logging

 import os

@@ -95,6 +96,67 @@ class IPAFileCheck(IPAPlugin, FileCheck):

         self.files.append((paths.RESOLV_CONF, 'root', 'root', '0644'))

         self.files.append((paths.HOSTS, 'root', 'root', '0644'))

+        # IPA log files that may vary by installation. Only verify

+        # those that exist

+        for filename in (

+            paths.IPABACKUP_LOG,

+            paths.IPARESTORE_LOG,

+            paths.IPACLIENT_INSTALL_LOG,

+            paths.IPACLIENT_UNINSTALL_LOG,

+            paths.IPAREPLICA_CA_INSTALL_LOG,

+            paths.IPAREPLICA_CONNCHECK_LOG,

+            paths.IPAREPLICA_INSTALL_LOG,

+            paths.IPASERVER_INSTALL_LOG,

+            paths.IPASERVER_KRA_INSTALL_LOG,

+            paths.IPASERVER_UNINSTALL_LOG,

+            paths.IPAUPGRADE_LOG,

+            paths.IPATRUSTENABLEAGENT_LOG,

+        ):

+            if os.path.exists(filename):

+                self.files.append((filename, 'root', 'root', '0600'))

+

+        self.files.append((paths.IPA_CUSTODIA_AUDIT_LOG,

+                          'root', 'root', '0644'))

+

+        self.files.append((paths.KADMIND_LOG, 'root', 'root', '0600'))

+        self.files.append((paths.KRB5KDC_LOG, 'root', 'root', '0640'))

+

+        inst = api.env.realm.replace('.', '-')

+        self.files.append((paths.SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE % inst,

+                           'dirsrv', 'dirsrv', '0600'))

+        self.files.append((paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst,

+                           'dirsrv', 'dirsrv', '0600'))

+

+        self.files.append((paths.VAR_LOG_HTTPD_ERROR, 'root', 'root', '0644'))

+

+        for globpath in glob.glob("%s/debug*.log" % paths.TOMCAT_CA_DIR):

+            self.files.append((globpath, "pkiuser", "pkiuser", "0644"))

+

+        for globpath in glob.glob(

+            "%s/ca_audit*" % paths.TOMCAT_SIGNEDAUDIT_DIR

+        ):

+            self.files.append((globpath, 'pkiuser', 'pkiuser', '0640'))

+

+        for filename in ('selftests.log', 'system', 'transactions'):

+            self.files.append((

+                os.path.join(paths.TOMCAT_CA_DIR, filename),

+                'pkiuser', 'pkiuser', '0640'

+            ))

+

+        for globpath in glob.glob("%s/debug*.log" % paths.TOMCAT_KRA_DIR):

+            self.files.append((globpath, "pkiuser", "pkiuser", "0644"))

+

+        for globpath in glob.glob(

+            "%s/ca_audit*" % paths.TOMCAT_KRA_SIGNEDAUDIT_DIR

+        ):

+            self.files.append((globpath, 'pkiuser', 'pkiuser', '0640'))

+

+        for filename in ('selftests.log', 'system', 'transactions'):

+            self.files.append((

+                os.path.join(paths.TOMCAT_KRA_DIR, filename),

+                'pkiuser', 'pkiuser', '0640'

+            ))

+

         return FileCheck.check(self)

-- 

2.26.3