About Me

My photo

Father, hacker, partner, feminist, atheist, socialist, SJW. Ex-Russian, Canadian, Québécois par adoption; universal basic income NDP-er (and I vote!); electric-car driving pansy; lapsed artist and photographer.

Abusive comments will be deleted, and abusive posters banned without warning.

Monday, December 10, 2012

Using rsyslog with Netapp's snaplock

Netapp's "snaplock" technology allows one to create "write-once, read many" ("WORM") volumes that allow data to be written but not modified or deleted -- especially not if "compliance" mode is used. While this is not a true "WORM" -- it's still done entirely in software and therefore can theoretically be hacked -- it adds an extra layer of security to your infrastructure, especially if you already rely on netapps for your NAS needs.

Any file stored on a snaplock volume can be given WORM protection by first doing a "touch" and setting the atime with the date in the future, and then setting a read-only mode on the file. If after setting "read-only" on a file you give it a read-write permission, the file will be put into "append" mode -- data can be appended to the file, but no previously stored data can be modified or deleted (data is "locked" in 256K chunks).

This is extremely handy for storing system logs or copies of emails for archival purposes. We have a syslog aggregator that receives all our system logs, including auditd. I wrote a simple script that runs out of /etc/cron.daily that pre-creates the "append-only" locations for rsyslog to write to, plus sets read-only on yesterday's logs. Here's the code:

On rsyslog's side of things you'll need something like the following in order to write to these locations:

And, finally, you'll need to do some SELinux manipulations in order to allow rsyslog to write to the NFS location, such as setting the mount context to var_log_t. If you do that, then you'll need the following SELinux policy in order to allow the cron script from above to run:

6 comments:

Kayal m said...

These posts are very superb! I must say to you it was really helpful for us and I am waiting for your more different kinds of posts. Thank you!!!
Linux Training in Chennai
Linux Course in Chennai
Best Linux Training Institute in Chennai
Excel Training in Chennai
Corporate Training in Chennai
Embedded System Course Chennai
Linux Training in OMR
Linux Training in Velachery

emilyjoseph said...

Thanks for sharing this valuable information to our vision. You have posted a worthy blog keep sharing.
Salesforce Training in Chennai
Salesforce Training
Development courses in Chennai
ccna course in Chennai
PHP Training in Chennai
Salesforce Training
Salesforce Course in Chennai

Sivanandhana Girish said...

This was an excellent info being posted. This would definitely help the needed ones to a greater extend.

IELTS Coaching in Tambaram
IELTS Coaching Centre in Tambaram
IELTS Training in Tambaram
IELTS Coaching In Velachery
IELTS Coaching Centre in Velachery
IELTS Training in Velachery
IELTS Coaching in T Nagar
IELTS Classes in T Nagar
IELTS Training in T Nagar

sheela rajesh said...

Nice idea,keep sharing your ideas with us.i hope this information's will be helpful for the new learners.
iOS Training in Chennai
iOS Course in Chennai
JAVA Training in Chennai
Python Training in Chennai
Hadoop Training in Chennai
Android Training in Chennai
IOS Training in Chennai
iOS Training in OMR

ProPlus Logics said...

Hey Nice Blog!! Thanks For Sharing!!!Wonderful blog & good post.Its really helpful for me, waiting for a more new post. Keep Blogging!
SEO company in coimbatore
Digital Marketing Company in Coimbatore
SEO Services in coimbatore

lekha mathan said...

Very good information provided, Thanks a lot for sharing such useful information.
Aviation Academy in Chennai
Air hostess training in Chennai
Airport management courses in Chennai
Ground staff training in Chennai
Aviation Courses in Chennai
air hostess academy in Chennai
Airport Management Training in Chennai
airport ground staff training in Chennai