[tech] Member VM "bird-engames" is WIP, and `logwatch` spam to hostpersons
Dylan Hicks
dylanh333 at ucc.gu.uwa.edu.au
Sun Jun 21 14:51:08 AWST 2020
Hi All,
It has recently come to my attention that the member VM, bird-engames, has been spamming the hostpersons mailing list with emails from `logwatch`.
Let me first apologise for not sending an email to tech at ucc sooner about the creation of this VM.
I can indeed confirm that I created this VM two weeks ago on 7/06/2020, with the goal of giving Cormac Sharkey (bird, [BRD]) a dedicated VM to run his Engames Minecraft server on, as the minecraft2019 VM has been getting progressively more crowded, and I thought it would probably be easier to manage resources like disk space if [BRD] had his own dedicated VM.
With that said, I still haven't finished getting everything set up on this VM, and was originally planning to wait until I'd finished setting it up before emailing tech at ucc, however I was also intending to finish setting it up much sooner!
Now, regarding the `logwatch` email spam specifically...
When I set up this VM, I opted to make use of UCC's "ucc-ansible-soe" to configure and install a lot of the standard UCC requirements like rsyslog.
Specifically, I used the "member-vm.yml" playbook, which upon further investigation deployed both `logwatch` and `postfix` to bird-engames, and specifically:
- Installed the "ucc_postfix_smarthost" role with the postfix_relayhost set to "smarthost.mail.ucc.asn.au" and mailname set to "ucc.gu.uwa.edu.au"
- Installed the "ucc_server_base_packages" role, which included `logwatch`
After some digging through `logwatch`'s documentation, and finding that its default config is stored not in "/etc" or "/etc/default", but rather under "/usr/share/logwatch", I found in "/usr/share/logwatch/default.conf/logwatch.conf" that it defaults to sending emails to "root" with no domain-part specified, so presumably the postfix config was then causing this to be sent to root at ucc.gu.uwa.edu.au (and thus hostpersons) instead of just root at localhost.
As such, I then copied "/usr/share/logwatch/default.conf/logwatch.conf" to "/etc/logwatch/conf", changed the "MailTo" setting from "root" to "bird at ucc.asn.au", and the MailFrom setting to "logwatch at bird-engames.ucc.asn.au", and commited it in `git`, which I think has fixed it (I'm not currently in host(persons|masters|people)@ucc.asn.au, so I can't properly check).
To be honest, I do think the defaults that logwatch has (pertaining to email specifically, and not the insane config file location) and what we have in our SoE are "sane".
We could, however, probably look at having Ansible once-off deploy a default UCC copy of "/etc/logwatch/conf/logwatch.conf" with the "MailTo" and "MailFrom" options explicitly set there, which would make the logwatch configuration infinitely more discoverable and easy to change, versus having to look at the manpage and then the gzipped docs just to find out where the default config is (I'm blaming Logwatch here).
--
Kind regards,
Dylan Hicks [333]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20200621/d640cf24/attachment.htm>
More information about the tech
mailing list