From 655547b8c76fc7439b61029de475e19273b76df4 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 23 May 2018 17:27:50 +0200
Subject: [PATCH] Add extended Log file controls for apache.
---
install/lib/install.lib.php | 22 +++++++++++++++++
install/lib/installer_base.lib.php | 5 ++++
install/tpl/apache_ispconfig.conf.master | 5 ++++
install/tpl/server.ini.master | 2 ++
.../web/admin/form/server_config.tform.php | 17 +++++++++++++
.../web/admin/lib/lang/en_server_config.lng | 4 ++++
.../templates/server_config_server_edit.htm | 4 ++++
.../templates/server_config_web_edit.htm | 8 +++++++
.../client/form/message_template.tform.php | 2 +-
interface/web/client/lib/module.conf.php | 16 +++++++++++++
.../web/sites/form/web_vhost_domain.tform.php | 24 +++++++++----------
interface/web/sites/web_vhost_domain_edit.php | 16 +++++++++----
server/conf/apache_ispconfig.conf.master | 5 ++++
server/conf/vhost.conf.master | 5 ++++
.../lib/classes/cron.d/200-logfiles.inc.php | 9 ++++++-
.../plugins-available/apache2_plugin.inc.php | 7 +++++-
16 files changed, 132 insertions(+), 19 deletions(-)
diff --git a/install/lib/install.lib.php b/install/lib/install.lib.php
index 06b10cbcbc..9e2afe76c4 100644
--- a/install/lib/install.lib.php
+++ b/install/lib/install.lib.php
@@ -859,6 +859,28 @@ function is_ispconfig_ssl_enabled() {
}
}
+/*
+* Is anonymization enabled in ispconfig.conf file
+*/
+
+function get_logging_state() {
+ global $conf;
+ $ispconfig_conf_file = $conf['apache']['vhost_conf_dir'].'/ispconfig.conf';
+
+ if(is_file($ispconfig_conf_file)) {
+ $tmp = file_get_contents($ispconfig_conf_file);
+ if(stristr($tmp, '/usr/local/ispconfig/server/scripts/vlogger -p -s access.log')) {
+ return 'anon';
+ } elseif(stristr($tmp, '/usr/local/ispconfig/server/scripts/vlogger -s access.log')) {
+ return 'yes';
+ } else {
+ return 'no';
+ }
+ } else {
+ return 'yes';
+ }
+}
+
/**
Function to find the hash file for timezone detection
(c) 2012 Marius Cramer, pixcept KG, m.cramer@pixcept.de
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 771f17c813..1417a971b7 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2010,6 +2010,11 @@ class installer_base {
$tpl->setVar('apps_vhost_basedir',$conf['web']['website_basedir']);
$tpl->setVar('apps_vhost_servername',$apps_vhost_servername);
$tpl->setVar('apache_version',getapacheversion());
+ if($this->is_update == true) {
+ $tpl->setVar('logging',get_logging_state());
+ } else {
+ $tpl->setVar('logging','yes');
+ }
// comment out the listen directive if port is 80 or 443
diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
index 3ce1ebb1c9..84eec5c554 100644
--- a/install/tpl/apache_ispconfig.conf.master
+++ b/install/tpl/apache_ispconfig.conf.master
@@ -6,7 +6,12 @@
SetEnvIf Request_URI "^/datalogstatus.php$" dontlog
LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
+<tmpl_if name='logging' op='==' value='anon'>
+CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -p -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog
+</tmpl_if>
+<tmpl_if name='logging' op='==' value='yes'>
CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog
+</tmpl_if>
<Directory /var/www/clients>
AllowOverride None
diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 41cb03c4ff..39c24bc702 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -29,6 +29,7 @@ munin_user=
munin_password=
monitor_system_updates=y
migration_mode=n
+log_retention=10
[mail]
module=postfix_mysql
@@ -113,6 +114,7 @@ overquota_notify_freq=7
overquota_db_notify_admin=y
overquota_db_notify_client=y
overquota_notify_onok=n
+logging=yes
[dns]
bind_user=root
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 4ee8da8eed..f939c97b37 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -395,6 +395,17 @@ $form["tabs"]['server'] = array(
'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'log_retention' => array (
+ 'datatype' => 'INTEGER',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'ISPOSITIVE',
+ 'errmsg'=> 'log_retention_error_ispositive'),
+ ),
+ 'default' => '30',
+ 'value' => '',
+ 'width' => '4',
+ 'maxlength' => '4'
+ ),
'migration_mode' => array(
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
@@ -910,6 +921,12 @@ $form["tabs"]['web'] = array(
'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'logging' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => 'yes',
+ 'value' => array('yes' => 'Yes', 'anon' => 'Anonymize IP', 'no' => 'No')
+ ),
'overtraffic_notify_admin' => array(
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 1783293e60..4393a5255d 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -288,4 +288,8 @@ $wb["apps_vhost_enabled_txt"] = "Apps-vhost enabled";
$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
$wb['migration_mode_txt'] = 'Server Migration Mode';
$wb['nginx_enable_pagespeed_txt'] = 'Makes Pagespeed available';
+$wb['logging_txt'] = 'Store website access and error logs';
+$wb['logging_desc_txt'] = 'Use Tools > Resync to apply changes to existing sites.';
+$wb['log_retention_txt'] = 'Log retention (days)';
+$wb['log_retention_error_ispositive'] = 'Log retention must be a number > 0';
?>
diff --git a/interface/web/admin/templates/server_config_server_edit.htm b/interface/web/admin/templates/server_config_server_edit.htm
index e034fa53b9..be44a85551 100644
--- a/interface/web/admin/templates/server_config_server_edit.htm
+++ b/interface/web/admin/templates/server_config_server_edit.htm
@@ -80,6 +80,10 @@
</div>
</div>
<div class="form-group">
+ <label for="log_retention" class="col-sm-3 control-label">{tmpl_var name='log_retention_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="log_retention" id="log_retention" value="{tmpl_var name='log_retention'}" class="form-control" /></div>
+ </div>
+ <div class="form-group">
<label for="monit_url" class="col-sm-3 control-label">{tmpl_var name='monit_url_txt'}</label>
<div class="col-sm-6"><input type="text" name="monit_url" id="monit_url" value="{tmpl_var name='monit_url'}" class="form-control" /> {tmpl_var name='monit_url_note_txt'} <a href="javascript:void(0);" class="addPlaceholder">[SERVERNAME]</a></div>
</div>
diff --git a/interface/web/admin/templates/server_config_web_edit.htm b/interface/web/admin/templates/server_config_web_edit.htm
index ed58a558da..5a28ffc58d 100644
--- a/interface/web/admin/templates/server_config_web_edit.htm
+++ b/interface/web/admin/templates/server_config_web_edit.htm
@@ -104,6 +104,14 @@
<div class="col-sm-9">
{tmpl_var name='enable_ip_wildcard'}
</div>
+ </div>
+ <div class="form-group">
+ <label class="col-sm-3 control-label">{tmpl_var name='logging_txt'}</label>
+ <div class="col-sm-9">
+ <select name="logging" id="logging" class="form-control">
+ {tmpl_var name='logging'}
+ </select>
+ </div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label">{tmpl_var name='overtraffic_notify_admin_txt'}</label>
diff --git a/interface/web/client/form/message_template.tform.php b/interface/web/client/form/message_template.tform.php
index ab2d191340..7231e0e068 100644
--- a/interface/web/client/form/message_template.tform.php
+++ b/interface/web/client/form/message_template.tform.php
@@ -62,7 +62,7 @@ $form["tabs"]['template'] = array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '',
- 'value' => array('welcome' => 'Default welcome email', 'other' => 'Other')
+ 'value' => array('welcome' => 'Default welcome email', 'gdpr' => 'GDPR data send', 'other' => 'Other')
),
'template_name' => array (
'datatype' => 'VARCHAR',
diff --git a/interface/web/client/lib/module.conf.php b/interface/web/client/lib/module.conf.php
index 7d6f1b34e8..2603550c9b 100644
--- a/interface/web/client/lib/module.conf.php
+++ b/interface/web/client/lib/module.conf.php
@@ -94,6 +94,22 @@ if ($settings['use_domain_module'] == 'y') {
unset($items);
}
+/*
+// GDPR functions for admin only, might be extended for resellers later
+if($_SESSION["s"]["user"]["typ"] == 'admin'){
+ $items = array();
+ $items[] = array( 'title' => 'Send Personal Data',
+ 'target' => 'content',
+ 'link' => 'client/gdpr_send.php');
+
+ $module['nav'][] = array( 'title' => 'GDPR',
+ 'open' => 1,
+ 'items' => $items);
+
+ unset($items);
+}
+*/
+
/*
if($_SESSION["s"]["user"]["typ"] == 'admin'){
$items[] = array( 'title' => "Interface Settings",
diff --git a/interface/web/sites/form/web_vhost_domain.tform.php b/interface/web/sites/form/web_vhost_domain.tform.php
index 11132f5469..fc3859ebff 100644
--- a/interface/web/sites/form/web_vhost_domain.tform.php
+++ b/interface/web/sites/form/web_vhost_domain.tform.php
@@ -947,18 +947,18 @@ if($_SESSION["s"]["user"]["typ"] == 'admin'
'width' => '3',
'maxlength' => '6'
),
- 'log_retention' => array (
- 'datatype' => 'INTEGER',
- 'formtype' => 'TEXT',
- 'validators' => array ( 0 => array ( 'type' => 'REGEX',
- 'regex' => '/^([0-9]{1,4})$/',
- 'errmsg'=> 'log_retention_error_regex'),
- ),
- 'default' => '30',
- 'value' => '',
- 'width' => '4',
- 'maxlength' => '4'
- )
+ 'log_retention' => array (
+ 'datatype' => 'INTEGER',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^([0-9]{1,4})$/',
+ 'errmsg'=> 'log_retention_error_regex'),
+ ),
+ 'default' => '30',
+ 'value' => '',
+ 'width' => '4',
+ 'maxlength' => '4'
+ )
//#################################
// ENDE Datatable fields
//#################################
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index 80b7f38f44..791dacf12b 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -1399,6 +1399,14 @@ class page_action extends tform_actions {
$app->uses("getconf");
$web_rec = $app->tform->getDataRecord($this->id);
$web_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'web');
+
+ // get global log retention value as default for web log retention
+ $server_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'server');
+ if($server_config['log_retention'] > 0) {
+ $log_retention = $server_config['log_retention'];
+ } else {
+ $log_retention = 10;
+ }
if($this->_vhostdomain_type == 'domain') {
$document_root = str_replace("[website_id]", $this->id, $web_config["website_path"]);
@@ -1432,8 +1440,8 @@ class page_action extends tform_actions {
$htaccess_allow_override = $web_config["htaccess_allow_override"];
$added_by = $_SESSION['s']['user']['username'];
- $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = CURDATE(), added_by = ? WHERE domain_id = ?";
- $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_by, $this->id);
+ $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = CURDATE(), added_by = ?, log_retention WHERE domain_id = ?";
+ $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_by, $log_retention, $this->id);
} else {
// Set the values for document_root, system_user and system_group
$system_user = $this->parent_domain_record['system_user'];
@@ -1446,8 +1454,8 @@ class page_action extends tform_actions {
$htaccess_allow_override = $this->parent_domain_record['allow_override'];
$added_by = $_SESSION['s']['user']['username'];
- $sql = "UPDATE web_domain SET sys_groupid = ?, system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = CURDATE(), added_by = ? WHERE domain_id = ?";
- $app->db->query($sql, $this->parent_domain_record['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_by, $this->id);
+ $sql = "UPDATE web_domain SET sys_groupid = ?, system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = CURDATE(), added_by = ?, log_retention WHERE domain_id = ?";
+ $app->db->query($sql, $this->parent_domain_record['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_by, $log_retention, $this->id);
}
if(isset($this->dataRecord['folder_directive_snippets'])) $app->db->query("UPDATE web_domain SET folder_directive_snippets = ? WHERE domain_id = ?", $this->dataRecord['folder_directive_snippets'], $this->id);
diff --git a/server/conf/apache_ispconfig.conf.master b/server/conf/apache_ispconfig.conf.master
index 3edf45fd46..6acb16f7c8 100644
--- a/server/conf/apache_ispconfig.conf.master
+++ b/server/conf/apache_ispconfig.conf.master
@@ -6,7 +6,12 @@
SetEnvIf Request_URI "^/datalogstatus.php$" dontlog
LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
+<tmpl_if name='logging' op='==' value='anon'>
+CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -p -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog
+</tmpl_if>
+<tmpl_if name='logging' op='==' value='yes'>
CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog
+</tmpl_if>
<Directory /var/www/clients>
AllowOverride None
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index 7672af39a0..a6fd2f95b1 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -45,7 +45,12 @@
</tmpl_if>
</tmpl_if>
+<tmpl_if name='logging' op='==' value='anon'>
+ ErrorLog "|/usr/local/ispconfig/server/scripts/vlogger -e -n -P -t \"error.log\" /var/log/ispconfig/httpd/<tmpl_var name='domain'>"
+</tmpl_if>
+<tmpl_if name='logging' op='==' value='yes'>
ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log
+</tmpl_if>
<tmpl_if name='errordocs'>
Alias /error/ "<tmpl_var name='web_document_root_www'>/error/"
diff --git a/server/lib/classes/cron.d/200-logfiles.inc.php b/server/lib/classes/cron.d/200-logfiles.inc.php
index 8a68f127bf..40778a8a13 100644
--- a/server/lib/classes/cron.d/200-logfiles.inc.php
+++ b/server/lib/classes/cron.d/200-logfiles.inc.php
@@ -50,7 +50,14 @@ class cronjob_logfiles extends cronjob {
public function onRunJob() {
global $app, $conf;
- $max_syslog = 10;
+ $app->uses('getconf');
+ $server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
+
+ if($server_config['log_retention'] > 0) {
+ $max_syslog = $server_config['log_retention'];
+ } else {
+ $max_syslog = 10;
+ }
//######################################################################################################
// Make the web logfiles directories world readable to enable ftp access
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index aba168257d..5b1441a4b9 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -73,6 +73,9 @@ class apache2_plugin {
$app->plugins->registerEvent('server_ip_insert', $this->plugin_name, 'server_ip');
$app->plugins->registerEvent('server_ip_update', $this->plugin_name, 'server_ip');
$app->plugins->registerEvent('server_ip_delete', $this->plugin_name, 'server_ip');
+
+ $app->plugins->registerEvent('server_insert', $this->plugin_name, 'server_ip');
+ $app->plugins->registerEvent('server_update', $this->plugin_name, 'server_ip');
$app->plugins->registerEvent('webdav_user_insert', $this->plugin_name, 'webdav');
$app->plugins->registerEvent('webdav_user_update', $this->plugin_name, 'webdav');
@@ -1160,6 +1163,7 @@ class apache2_plugin {
$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
$vhost_data['has_custom_php_ini'] = $has_custom_php_ini;
$vhost_data['custom_php_ini_dir'] = escapeshellcmd($custom_php_ini_dir);
+ $vhost_data['logging'] = $web_config['logging'];
// Custom Apache directives
if(intval($data['new']['directive_snippets_id']) > 0){
@@ -2248,7 +2252,7 @@ class apache2_plugin {
if($data['old']['type'] != 'vhost') $app->system->web_folder_protection($data['old']['document_root'], true);
}
- //* This function is called when a IP on the server is inserted, updated or deleted
+ //* This function is called when a IP on the server is inserted, updated or deleted or when anon_ip setting is altered
function server_ip($event_name, $data) {
global $app, $conf;
@@ -2261,6 +2265,7 @@ class apache2_plugin {
$tpl = new tpl();
$tpl->newTemplate('apache_ispconfig.conf.master');
$tpl->setVar('apache_version', $app->system->getapacheversion());
+ $tpl->setVar('logging', $web_config['logging']);
$records = $app->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ? AND virtualhost = 'y'", $conf['server_id']);
$records_out= array();
--
GitLab