Strongswan erweitertes Logging: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 46: | Zeile 46: | ||
/var/log/* rw, | /var/log/* rw, | ||
... | ... | ||
| + | =Regeln neu einlesen= | ||
| + | *apparmor_parser -r /etc/apparmor.d/usr.lib.ipsec.charon | ||
| + | =Dienst neustarten= | ||
| + | *systemctl restart ipsec | ||
| + | =Kontrolle= | ||
| + | *grep charon /var/log/kern.log | ||
| + | Sep 28 12:32:07 firewall kernel: [ 961.871006] audit: type=1400 audit(1664361127.481:15): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/ipsec/charon" pid=1162 comm="apparmor_parser | ||
| + | =Ist die Logdatei da?= | ||
| + | *tail -f /var/log/charon.log | ||
| + | Sep 28 12:32:15 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' | ||
| + | Sep 28 12:32:15 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' | ||
| + | Sep 28 12:32:15 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' | ||
| + | Sep 28 12:32:15 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' | ||
| + | Sep 28 12:32:15 00[CFG] loading crls from '/etc/ipsec.d/crls' | ||
| + | Sep 28 12:32:15 00[CFG] loading secrets from '/etc/ipsec.secrets' | ||
Version vom 28. September 2022, 10:34 Uhr
in /etc/strongswan.conf
charon {
load_modular = yes
filelog {
charon {
path = /var/log/charon.log
time_format = %b %e %T
append = yes
ike_name = yes
ike = 1
enc = 1
cfg = 2
default = 0
flush_line = yes
}
stderr {
ike = 2
knl = 3
}
}
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
- systemctl restart ipsec
oder
- systemctl restart strongswan
Wenn nicht geloggt wird folgendes untersuchen
- grep charon /var/log/kern.log
Sep 28 12:17:52 firewall kernel: [ 104.320608] audit: type=1400 audit(1664360272.815:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/ipsec/charon" pid=907 comm="apparmor_parser" Sep 28 12:20:56 firewall kernel: [ 289.121436] audit: type=1400 audit(1664360456.973:14): apparmor="DENIED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/log/charon.log" pid=998 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
- Erkenntnis Apparmor verbietet den Zugriff
Wir untersuchen
- vi /etc/apparmor.d/usr.lib.ipsec.charon
- Erkenntnis /var/log ist nicht beschreibbar
- Einfügen des Verzeichnisses zum schreiben und lesen
... /var/log/* rw, ...
Regeln neu einlesen
- apparmor_parser -r /etc/apparmor.d/usr.lib.ipsec.charon
Dienst neustarten
- systemctl restart ipsec
Kontrolle
- grep charon /var/log/kern.log
Sep 28 12:32:07 firewall kernel: [ 961.871006] audit: type=1400 audit(1664361127.481:15): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/ipsec/charon" pid=1162 comm="apparmor_parser
Ist die Logdatei da?
- tail -f /var/log/charon.log
Sep 28 12:32:15 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Sep 28 12:32:15 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Sep 28 12:32:15 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Sep 28 12:32:15 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Sep 28 12:32:15 00[CFG] loading crls from '/etc/ipsec.d/crls' Sep 28 12:32:15 00[CFG] loading secrets from '/etc/ipsec.secrets'