From 5364c2433535794d32f3f7baede2fde0ea82302a Mon Sep 17 00:00:00 2001 From: Viktor Berke Date: Sat, 4 Mar 2023 21:08:59 +0100 Subject: [PATCH] Log throttling info Fixes #73 --- roles/install/files/check-log-throttling | 3 ++ roles/install/files/kf2-sudo | 1 + roles/install/tasks/firewalld.yml | 8 ++++ roles/install/tasks/steam.yml | 1 + roles/uninstall/tasks/firewalld.yml | 5 +++ share/killinuxfloor | 50 ++++++++++++++++++++++-- 6 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 roles/install/files/check-log-throttling diff --git a/roles/install/files/check-log-throttling b/roles/install/files/check-log-throttling new file mode 100644 index 0000000..da40aee --- /dev/null +++ b/roles/install/files/check-log-throttling @@ -0,0 +1,3 @@ +#!/bin/bash + +/bin/grep -m 1 'messages lost due to rate-limiting' /var/log/messages | awk -F'[()]' '{print $2}' diff --git a/roles/install/files/kf2-sudo b/roles/install/files/kf2-sudo index 00b6723..ba1d53c 100644 --- a/roles/install/files/kf2-sudo +++ b/roles/install/files/kf2-sudo @@ -7,3 +7,4 @@ %steam ALL=NOPASSWD: /usr/bin/firewall-cmd --get-log-denied %steam ALL=NOPASSWD: /usr/bin/firewall-cmd --set-log-denied=all %steam ALL=NOPASSWD: /usr/bin/firewall-cmd --set-log-denied=off +%steam ALL=NOPASSWD: /usr/local/bin/check-log-throttling diff --git a/roles/install/tasks/firewalld.yml b/roles/install/tasks/firewalld.yml index 4cda226..f36bae6 100644 --- a/roles/install/tasks/firewalld.yml +++ b/roles/install/tasks/firewalld.yml @@ -56,3 +56,11 @@ /var/log/firewalld-denied.log /var/log/firewalld-denied-kf2.log retention: 7 + +- name: Install wrapper script for checking log throttling status + copy: + src: check-log-throttling + dest: /usr/local/bin/check-log-throttling + owner: root + group: root + mode: '0755' diff --git a/roles/install/tasks/steam.yml b/roles/install/tasks/steam.yml index d6324a0..48a9f8d 100644 --- a/roles/install/tasks/steam.yml +++ b/roles/install/tasks/steam.yml @@ -7,6 +7,7 @@ - glibc.i686 - libstdc++.i686 - nss-softokn-freebl.i686 + - which when: ansible_os_family == 'RedHat' - name: Install Steam dependencies diff --git a/roles/uninstall/tasks/firewalld.yml b/roles/uninstall/tasks/firewalld.yml index 263721c..3e37ee1 100644 --- a/roles/uninstall/tasks/firewalld.yml +++ b/roles/uninstall/tasks/firewalld.yml @@ -15,3 +15,8 @@ file: path: /etc/logrotate.d/firewalld-denied state: absent + +- name: Remove log throttling checker wrapper script + file: + path: /usr/local/bin/check-log-throttling + state: absent diff --git a/share/killinuxfloor b/share/killinuxfloor index 237ca20..bf11c4e 100755 --- a/share/killinuxfloor +++ b/share/killinuxfloor @@ -1215,6 +1215,48 @@ function apply_systemd_config () fi } +function get_os_id () +{ + grep '^ID=' /etc/os-release | awk -F'=' '{ print $2}' | tr -d '"' +} + +function check_log_throttling () +{ + RET=0 + which check-log-throttling &> /dev/null && RET=1 || true + if [ ${RET} -ne 1 ] + then + return + fi + + OS_ID=$(get_os_id) + + case "${OS_ID}" in + fedora|almalinux) + : + ;; + + *) + return + ;; + esac + + printf "%-18.18s" "Log throttled:" + + LOG_LIMIT=$(sudo /usr/local/bin/check-log-throttling) + + if [ "${LOG_LIMIT}" != '' ] + then + echo -e "${FG_RED}yes${COLOR_RESET}" + printf "%-18.18s" "Log limits:" + echo -e "${LOG_LIMIT}" + else + echo -e "${FG_GREEN}no" + fi + + echo -en "${COLOR_RESET}" +} + function get_ddos_stats () { if [ ! -f "${DDOS_LOG}" ] @@ -1228,9 +1270,9 @@ function get_ddos_stats () LOG_SIZE=$(du -h ${DDOS_LOG} | awk '{ print $1 }') fi - echo -e "${FG_GREEN}-----------------------------${COLOR_RESET}" - echo -e "${BG_GREEN}Today's DDoS stats: ${COLOR_RESET}" - echo -e "${FG_GREEN}-----------------------------${COLOR_RESET}" + echo -e "${FG_GREEN}-----------------------------------------------------${COLOR_RESET}" + echo -e "${BG_GREEN}Today's DDoS stats: ${COLOR_RESET}" + echo -e "${FG_GREEN}-----------------------------------------------------${COLOR_RESET}" printf "%-18.18s" "Denied packets:" if [ ${ATTACK_COUNT} -eq 0 ] @@ -1261,6 +1303,8 @@ function get_ddos_stats () fi echo -e "${LOG_SIZE}${COLOR_RESET}" + check_log_throttling + echo }