Added plugin to define log file retention period.

3 files changed, 56 insertions, 0 deletions

diff --git a/conf/level.secure b/conf/level.secure
index ace975a..1d879c7 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -64,3 +64,4 @@ ENABLE_STARTUP_MSEC=yes
 ENABLE_STARTUP_PERMS=yes
 ALLOW_CURDIR_IN_PATH=no
 CHECK_ON_BATTERY=no
+LOG_RETENTION=54
diff --git a/conf/level.standard b/conf/level.standard
index 6b571ab..6ce36a4 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -64,3 +64,4 @@ ENABLE_STARTUP_MSEC=yes
 ENABLE_STARTUP_PERMS=yes
 ALLOW_CURDIR_IN_PATH=no
 CHECK_ON_BATTERY=no
+LOG_RETENTION=4
diff --git a/src/msec/plugins/log.py b/src/msec/plugins/log.py
new file mode 100644
index 0000000..8f11e72
--- /dev/null
+++ b/src/msec/plugins/log.py
@@ -0,0 +1,54 @@
+#!/usr/bin/python
+"""Msec plugin for log file handling"""
+
+# main plugin class name
+PLUGIN = "log"
+
+import re
+import gettext
+
+# configuration
+import config
+
+# localization
+try:
+    gettext.install('msec')
+except IOError:
+    _ = str
+
+class log:
+    # configuration variables
+    # logrotate file
+    LOGROTATE = '/etc/logrotate.conf'
+    # pam
+    LOGROTATE_ROTATE = re.compile('^rotate\s*(\d+)$')
+
+    def __init__(self, log=None, configfiles=None, root=None):
+        # initializing plugin
+        self.log = log
+        self.configfiles = configfiles
+        self.root = root
+
+        # configuring entry in global settings
+        config.SETTINGS['LOG_RETENTION'] = ("log.log_retention", ['*'])
+
+        # insert entry into system security settings
+        config.SETTINGS_SYSTEM.append('LOG_RETENTION')
+
+    def log_retention(self, arg):
+        '''Define the default retention period for logs, in weeks. Some countries require that the log files should be kept for 12 months, other do not have such strict requirements. This variable defines the number of past log files that should be kept by logrotate on the system.'''
+
+        # verify parameter validity
+        try:
+            retention = int(arg)
+        except:
+            self.log.error(_('Invalid maximum password history length: "%s"') % arg)
+            return
+
+        logrotate = self.configfiles.get_config_file(self.LOGROTATE)
+
+        val = logrotate.get_match(self.LOGROTATE_ROTATE)
+
+        if val != retention:
+            self.log.info(_("Setting log retention period to %d weeks") % retention)
+            logrotate.replace_line_matching(self.LOGROTATE_ROTATE, ("rotate %d" % retention))