Gerrits #13774 (audit: Support multiple audit interfaces and interface
options) and #13775 (audit: Add cmd helper for processing audit options)
added support in the audit facility for multiple audit logs.
Add command line support to use multiple audit logs for daemons that use
libcmd for command line processing: bosserver, buserver, butc,
fileserver, volserver, ptserver, and vlserver.
Update the daemons to add a call to audit_open, and where possible add a
call to audit_close when shutting down the daemon.
Update help message and manpage entries for -auditlog and
-audit-interface
Change-Id: I4356e1aa84f580897a0e788e2a2829685be891aa
Reviewed-on: https://gerrit.openafs.org/13776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit e5b1e6f1 (Add rxgk client options to vl and pt utilities) added
a couple of new command-line options related to rxgk, but didn't add
them to the relevant man pages.
Add a brief description of these new options to the manpages for pts,
vos, ptserver, and vlserver.
Change-Id: I2d9bfdeb0a31d396740ca2a4d42e14c025b6f79e
Reviewed-on: https://gerrit.openafs.org/13947
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Clone the VLLog man page to create a man page for ptserver log as well.
Fix the spelling of the PtLog file and add a link to the new PtLog man
page in the ptserver man page.
Add the missing PtLog log file name to the bos getlog man page.
Change-Id: I95ad4a2cf380077780160ec78fd1f9bdec132ba7
Reviewed-on: https://gerrit.openafs.org/12294
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Do not create new server log files when servers are restarted by
default. External log rotation tools may be used to rotate the logs by
renaming log files and then signaling server processes to reopen
log files.
Add the -transarc-logs option to each server to provide backward
compatibility with the traditional Transarc-style logging. When
-transarc-logs is given, log files are renamed to an ".old" file
(overwriting the existing ".old" file) and the previous the log file is
truncated.
Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9
Reviewed-on: https://gerrit.openafs.org/11731
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The options -logfile and -config should be enclosed
by angle brackets.
Change-Id: I9e5767b7e43753b37dbc8d86c5346c778f8bab8d
Reviewed-on: https://gerrit.openafs.org/12233
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
- Indent synopsis formatting
- Document the -db and -depth aliases by putting them next
to -database and -groupdeth (respectively) separated by a pipe "|"
Change-Id: Ic40fa0001feee293afe6c22ade7b85dc46fde938
Reviewed-on: http://gerrit.openafs.org/10399
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
Increase the maximum LWP threads allowed from 16 to 64. Increasing the number
of LWP threads can reduce the number of calls waiting for threads.
Change-Id: I66f53c0fbb2db66c94b9982e3ee6b3b1f89a0f01
Reviewed-on: http://gerrit.openafs.org/9707
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
There were several different real and made-up hostnames and company names used
throughout our documentation examples.
The IETF has reserved "example.com" and other "example" TLDs for use in
examples (RFC 2606). Replace almost all references to ABC Corporation, DEF
Corporation, and State University, as well as "abc.com", "bigcell.com",
"def.com", "def.gov", "ghi.com", "ghi.gov", "jkl.com", "mit.edu",
"stanford.edu", "state.edu", "stateu.edu", "uncc.edu", and "xyz.com".
Standardize on "Example Corporation", "Example Network", "Example
Organization" (example.com, example.net, and example.org).
The Scout documentation in the Admin Guide contains PNG images that contain
the old cell names, so I left those references until the images can be
replaced.
Change-Id: I4e44815b2d2ffe204810b7fd850842248f67c367
Reviewed-on: http://gerrit.openafs.org/6697
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Make it possible to set the location of the ptserver's configuration
directory, and the file that it logs to, from the command line. This
makes it possible to bring up a ptserver without requiring an
installation on the system for testing purposes.
Change-Id: I914eb842256eb74506490fcf5532b4138e6f3875
Reviewed-on: http://gerrit.openafs.org/4447
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The -rebuildDB flag was documented to rebuild the Protection Database at
startup, but it was accepted and ignored in the ptserver source, doing
nothing. Remove the documentation and the option recognition in ptserver.
Change-Id: I36f30f38464b602cb4739a958663a6feb5fe27bf
Reviewed-on: http://gerrit.openafs.org/2029
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
It was suggested that the auditlog option should not say there is one
record per RPC. In the future, there might be a need for multiple records
per RPC.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/229
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The expanded auditlog explanation includes what information is recorded
in the auditlog.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/213
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Adds support for sysv message queues for fileserver audit logs. This
also organizes the audit log code into various 'interfaces', of which
there are two: the original 'file' interface, and the 'sysvmq' interface
that this adds. The interface is configurable at runtime with the
-audit-interface switch.
FIXES 124674
Reviewed-on: http://gerrit.openafs.org/82
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
LICENSE BSD
Add documentation of foreign realm user registration and cross-realm PTS
groups. Add documentation of missing ptserver flags. Add some additional
to-do entries for the man pages.
Implement proper synopsis wrapping for HTML generation.
This was done in three pieces. First, add HTML-specific tags to the POD to
mark the synopsis for HTML purposes so that we can apply style information
to it. Second, update the style sheet to indent all lines except for the
first in the synopsis section. Third, add the appropriate S<> tags around
option and argument pairs so that we don't wrap between the option and its
argument.
Unfortunately, due to the <I<foo>> style that looks nicer for other reasons,
we have to use the very verbose S<<< >>>. Oh well.
This completes the initial editing pass of the section eight man pages.
Only small amounts of content editing has been done. Some known problems
have been noted in README, but there will doubtless be others, as well as
some lingering formatting problems. However, the quality should now be
good enough for general public review.
Some of the section eight man pages were really supposed to be section one,
the package apropros and package help commands are too useless to document,
and a few of the difficult-to-name section five man pages have now acquired
names.
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages. The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available. The Makefile only installs. The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).
This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.
This is only the first step, and this initial conversion has various
problems. In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later. Some of the
man pages have syntax problems and all of them have formatting errors. The
next editing pass, coming shortly, will clean up most of the remaining
mess.
