Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Override level of apache error log in ossec config #4340

Merged
merged 1 commit into from
Apr 16, 2019
Merged

Override level of apache error log in ossec config #4340

merged 1 commit into from
Apr 16, 2019

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Apr 12, 2019

Status

Ready for review

Description of Changes

Fixes #4339

Testing

  1. Set up a production (VM or physical) SecureDrop instance
  2. make build-debs on this branch
  3. Go to Journalist Interface, click on Admin, navigate to Instance Config and click on "Send Test OSSEC Alert" button
  • Observe no email received
  1. copy securedrop-ossec-agent and ossec-agent debs to app server and install
  2. copy securedrop-ossec-server and ossec-server debs to mon server and install
  3. Go to Journalist Interface, click on Admin, navigate to Instance Config and click on "Send Test OSSEC Alert" button
  • Observe email received

Deployment

New and existing SecureDrop instances will be upgraded via the securedrop-ossec-{client, server} deb packages.

Checklist

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

@emkll
Override level of apache error log
26444fc 
Default is set to 0 per the apache default rules, changing to 7 in order for them to appear in logs and email.
@zenmonkeykstop
Copy link
Contributor

Tested against a 0.12.1 NUC5 instance:

  • Clicked SEND TEST OSSEC ALERT in admin section of JI, confirmed no email sent
  • Ran make build-debs on branch, scped debs to app and mon, installed with dpkg
  • Clicked SEND TEST OSSEC ALERT, confirmed email sent and decryptable with message:
[Mon Apr 15 20:50:41.624397 2019] [wsgi:error] [pid 4484:tid 3839274497792] ERROR:flask.app:This is a test OSSEC alert

👍

redshiftzero
redshiftzero approved these changes Apr 16, 2019
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving based on @zenmonkeykstop testing, visual review of the diff looks good. thanks for the tests @emkll 🥇

@redshiftzero redshiftzero merged commit a886f81 into develop Apr 16, 2019
@redshiftzero redshiftzero deleted the 4339-apache-log-ossec-alert branch April 16, 2019 01:04
@emkll emkll mentioned this pull request Apr 18, 2019
Closed
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@kushaldas kushaldas Awaiting requested review from kushaldas

@msheiny msheiny Awaiting requested review from msheiny

Assignees
No one assigned
Labels
urgent off-sprint issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ossec test notifications do not generate ossec alerts
4 participants
@emkll @zenmonkeykstop @redshiftzero @eloquence