Tor log implementation
This commit is contained in:
56
install.sh
56
install.sh
@@ -29,6 +29,7 @@ COLLECTOR_SRC="$SCRIPT_DIR/bin/torpanel-collect.py"
|
||||
COLLECTOR_BIN="/usr/local/bin/torpanel-collect.py"
|
||||
SVC="/etc/systemd/system/torpanel-collector.service"
|
||||
TIMER="/etc/systemd/system/torpanel-collector.timer"
|
||||
LOGDUMP_BIN="/usr/local/bin/torpanel-logdump"
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
@@ -137,9 +138,10 @@ info "Granting www-data access to Tor cookie"
|
||||
usermod -aG debian-tor www-data || true
|
||||
ok "Permissions set"
|
||||
|
||||
info "Allowing www-data to control tor (limited)"
|
||||
cat > "$SUDOERS_FILE" <<'SUD'
|
||||
info "Allowing www-data to control tor (limited) + read logs"
|
||||
cat > "$SUDOERS_FILE" <<SUD
|
||||
www-data ALL=NOPASSWD:/bin/systemctl reload tor, /bin/systemctl restart tor, /bin/systemctl start tor, /bin/systemctl stop tor
|
||||
www-data ALL=NOPASSWD:$LOGDUMP_BIN
|
||||
SUD
|
||||
chmod 440 "$SUDOERS_FILE"
|
||||
ok "Sudoers entry created"
|
||||
@@ -206,13 +208,61 @@ WantedBy=timers.target
|
||||
TIMER
|
||||
ok "Systemd units installed"
|
||||
|
||||
info "Installing tor log dumper"
|
||||
cat > "$LOGDUMP_BIN" <<'BASH'
|
||||
#!/usr/bin/env bash
|
||||
set -Eeuo pipefail
|
||||
LINES="${1:-500}"
|
||||
LEVEL="${2:-info}" # info|notice|warning|err|debug
|
||||
|
||||
case "$LINES" in ''|*[!0-9]* ) LINES=500 ;; esac
|
||||
case "$LEVEL" in debug|info|notice|warning|err) ;; * ) LEVEL=info ;; esac
|
||||
|
||||
unit_guess() {
|
||||
if systemctl list-units --type=service | grep -q '^tor@default\.service'; then
|
||||
echo 'tor@default.service'
|
||||
elif systemctl list-units --type=service | grep -q '^tor\.service'; then
|
||||
echo 'tor.service'
|
||||
else
|
||||
echo ''
|
||||
fi
|
||||
}
|
||||
UNIT="$(unit_guess)"
|
||||
|
||||
if command -v journalctl >/dev/null 2>&1; then
|
||||
if [[ -n "$UNIT" ]]; then
|
||||
if journalctl -u "$UNIT" -t tor -p "$LEVEL" -n "$LINES" -o short-iso --no-pager; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
if journalctl -t tor -p "$LEVEL" -n "$LINES" -o short-iso --no-pager; then
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
for f in /var/log/tor/notice.log /var/log/tor/info.log /var/log/tor/log; do
|
||||
if [[ -r "$f" ]]; then
|
||||
tail -n "$LINES" "$f"
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
|
||||
echo "No Tor logs found via journal (identifier 'tor') or /var/log/tor/*. Enable file logs with:
|
||||
Log notice file /var/log/tor/notice.log
|
||||
Log info file /var/log/tor/info.log
|
||||
and reload tor." >&2
|
||||
exit 1
|
||||
BASH
|
||||
chmod 0755 "$LOGDUMP_BIN"
|
||||
ok "Log dumper installed"
|
||||
|
||||
info "Restarting services"
|
||||
systemctl daemon-reload
|
||||
systemctl enable --now tor
|
||||
systemctl enable "$PHP_FPM_SVC" nginx >/dev/null
|
||||
systemctl restart "$PHP_FPM_SVC"
|
||||
systemctl restart nginx
|
||||
systemctl start torpanel-collector.service
|
||||
systemctl start torpanel-collector.service || true
|
||||
systemctl enable --now torpanel-collector.timer
|
||||
ok "Services running"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user