From 0d1adfc7dbf0e596ef7ef9002df297b3eba763a8 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Wed, 19 Apr 2023 11:09:39 +0200 Subject: [PATCH] wizard: auto-detect ssh.service correctly on deb distros when auth.log is missing (fix #2175) (#2176) --- debian/control | 2 +- wizard.sh | 17 ++++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/debian/control b/debian/control index ef727ec0b..d06d38884 100644 --- a/debian/control +++ b/debian/control @@ -1,6 +1,6 @@ Source: crowdsec Maintainer: Crowdsec Team -Build-Depends: debhelper, jq, bash, git +Build-Depends: debhelper, bash, git Package: crowdsec Architecture: any diff --git a/wizard.sh b/wizard.sh index 638c33ef2..e331db2fb 100755 --- a/wizard.sh +++ b/wizard.sh @@ -60,14 +60,21 @@ ACTION="" DEBUG_MODE="false" FORCE_MODE="false" -SUPPORTED_SERVICES='apache2 +# the ssh service has different names on deb vs rpm-based distros +if [[ -f "/etc/debian_version" ]]; then + SSH_NAME="ssh" +else + SSH_NAME="sshd" +fi + +SUPPORTED_SERVICES="apache2 httpd nginx -sshd +$SSH_NAME mysql telnet smb -' +" HTTP_PLUGIN_BINARY="./plugins/notifications/http/notification-http" @@ -162,7 +169,7 @@ detect_services () { declare -A log_input_tags log_input_tags[apache2]='type: apache2' log_input_tags[nginx]='type: nginx' -log_input_tags[sshd]='type: syslog' +log_input_tags[$SSH_NAME]='type: syslog' log_input_tags[rsyslog]='type: syslog' log_input_tags[telnet]='type: telnet' log_input_tags[mysql]='type: mysql' @@ -172,7 +179,7 @@ log_input_tags[linux]="type: syslog" declare -A log_locations log_locations[apache2]='/var/log/apache2/*.log,/var/log/*httpd*.log,/var/log/httpd/*log' log_locations[nginx]='/var/log/nginx/*.log,/usr/local/openresty/nginx/logs/*.log' -log_locations[sshd]='/var/log/auth.log,/var/log/sshd.log,/var/log/secure' +log_locations[$SSH_NAME]='/var/log/auth.log,/var/log/sshd.log,/var/log/secure' log_locations[rsyslog]='/var/log/syslog' log_locations[telnet]='/var/log/telnetd*.log' log_locations[mysql]='/var/log/mysql/error.log'