diff --git a/SOURCES/bot.conf b/SOURCES/bot.conf new file mode 100644 index 0000000..99c537f --- /dev/null +++ b/SOURCES/bot.conf @@ -0,0 +1,4 @@ +# Bot default password +# To change the password for the bot, you must do this here and in WebAdmin. +# Otherwise, the bot will stop working and some actions cannot be done on running servers +ServerBotPassword=VerySecretBotPassword diff --git a/SOURCES/kf2-srv b/SOURCES/kf2-srv index bb45b9a..117191f 100644 --- a/SOURCES/kf2-srv +++ b/SOURCES/kf2-srv @@ -26,10 +26,11 @@ declare -A MutNames source /etc/steamcmd/steamcmd.conf source /etc/kf2-srv/kf2-srv.conf +source /etc/kf2-srv/bot.conf ScriptFullname=$(readlink -e "$0") ScriptName=$(echo "$ScriptFullname" | awk -F '/' '{print $NF;}') -readonly ScriptVersion="0.11.1" +readonly ScriptVersion="0.12.0" # Constants. Don't change. readonly AppServerNum="232130" diff --git a/SOURCES/kf2-srv-beta@.service b/SOURCES/kf2-srv-beta@.service index f955823..cc762fc 100644 --- a/SOURCES/kf2-srv-beta@.service +++ b/SOURCES/kf2-srv-beta@.service @@ -1,5 +1,6 @@ [Unit] Description=Killing Floor 2 Beta Server Daemon - %i +After=kf2-srv-force-attr.service After=network-online.target Wants=network-online.target diff --git a/SOURCES/kf2-srv-force-attr.service b/SOURCES/kf2-srv-force-attr.service new file mode 100644 index 0000000..62a3ea5 --- /dev/null +++ b/SOURCES/kf2-srv-force-attr.service @@ -0,0 +1,19 @@ +[Unit] +Description=kf2-srv force attr service + +[Service] +Type=simple +StandardOutput=null +StandardError=null +EnvironmentFile=/etc/kf2-srv/kf2-srv.conf +ExecStart=/bin/bash -c 'declare -a DiffNames WaveNames; declare -A ModeNames MutNames; source /etc/kf2-srv/kf2-srv.conf; /usr/bin/inotifywait -qmr -e create -e moved_to --format %w%f /var/log/kf2-srv /var/log/kf2-srv-beta /etc/kf2-srv/instances /etc/kf2-srv/instances-beta | while read File; do if echo "${File}" | grep -Piq "\.log$"; then chmod "${ForceLogPermissions}" "${File}"; chown :"${ForceLogGroup}" "${File}"; elif echo "${File}" | grep -Piq "\.ini$"; then chmod "${ForceIniPermissions}" "${File}"; chown :"${ForceIniGroup}" "${File}"; fi; done' +Restart=always + +NoNewPrivileges=yes +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/kf2-srv.conf b/SOURCES/kf2-srv.conf index fcfe94c..7665aaa 100755 --- a/SOURCES/kf2-srv.conf +++ b/SOURCES/kf2-srv.conf @@ -3,7 +3,7 @@ DiffNames=('Normal' 'Hard' 'Suicide' 'Hell') # Displays the number of waves -# You can rename them as you like +# You can rename them as you like (e.g. 'short' 'medium' 'long') WaveNames=('4' '7' '10') # Add custom gamemodes to the end of the list, similar to what is already there: @@ -16,7 +16,9 @@ ModeNames['KFGameContent.KFGameInfo_VersusSurvival']='Versus' # Add mutators to the end of the list, similar to what is already there: MutNames['ServerExtMut.ServerExtMut']='RPG' -# Bot default password -# To change the password for the bot, you must do this here and in WebAdmin. -# Otherwise, the bot will stop working and some actions cannot be done on running servers -ServerBotPassword=VerySecretBotPassword +# These parameters works only if "kf2-srv-force-attr.service" is active +ForceIniPermissions=644 +ForceLogPermissions=640 +ForceIniGroup=steam +ForceLogGroup=steam + diff --git a/SOURCES/kf2-srv@.service b/SOURCES/kf2-srv@.service index be7e73c..bcf5647 100644 --- a/SOURCES/kf2-srv@.service +++ b/SOURCES/kf2-srv@.service @@ -1,5 +1,6 @@ [Unit] Description=Killing Floor 2 Server Daemon - %i +After=kf2-srv-force-attr.service After=network-online.target Wants=network-online.target diff --git a/SPECS/kf2-srv.spec b/SPECS/kf2-srv.spec index b4fe1c0..53fcb9e 100644 --- a/SPECS/kf2-srv.spec +++ b/SPECS/kf2-srv.spec @@ -22,6 +22,8 @@ Source11: %{name}.conf Source12: COPYING Source13: rsyslog-%{name}.conf Source14: logrotate-%{name} +Source15: bot.conf +Source16: %{name}-force-attr.service Requires: systemd >= 219 Requires: steamcmd @@ -38,6 +40,7 @@ Requires: gawk Requires: multini >= 0.2.3 Requires: rsyslog >= 8.25.0 Requires: logrotate +Requires: inotify-tools Provides: %{name} @@ -80,6 +83,8 @@ install -m 644 %{SOURCE11} %{buildroot}/%{_sysconfdir}/%{name} install -m 644 %{SOURCE12} %{buildroot}/%{_datadir}/licenses/%{name} install -m 644 %{SOURCE13} %{buildroot}/%{_sysconfdir}/rsyslog.d/%{name}.conf install -m 644 %{SOURCE14} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} +install -m 644 %{SOURCE15} %{buildroot}/%{_sysconfdir}/%{name} +install -m 644 %{SOURCE16} %{buildroot}/%{_prefix}/lib/systemd/system %clean rm -rf $RPM_BUILD_ROOT @@ -95,6 +100,7 @@ rm -rf $RPM_BUILD_ROOT %attr(0770,root,%{steamuser}) %dir %{_localstatedir}/log/%{name}-beta %attr(0664,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/main.conf.template %attr(0664,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%attr(0640,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/bot.conf %attr(0644,root,root) %config(noreplace) %{_prefix}/lib/firewalld/services/%{name}.xml %attr(0755,root,root) %{_bindir}/%{name} %attr(0755,root,root) %{_bindir}/%{name}-beta @@ -123,7 +129,8 @@ systemctl try-restart rsyslog.service * Sun Jul 12 2020 GenZmeY - 0.12.0-1 - chat logs without timestamp; - update rsyslog config - now logs will be create with steam group and 640 permissions; -- update logrotate config (fixed that logrotate does nothing). +- update logrotate config (fixed that logrotate does nothing); +- feat: force attr for log/ini files. * Thu Jul 9 2020 GenZmeY - 0.11.1-1 - fix syntax error in firewalld service. diff --git a/TODO b/TODO index 1f212c1..85e63fc 100644 --- a/TODO +++ b/TODO @@ -11,8 +11,6 @@ - generate unique password for server bot on install - parallel actions - bash completion -- fix permissions for log/ini by inotify. Example: - inotifywait -qm -e 'create' -e 'moved_to' --format %w%f /home/genzmey/test/ /home/genzmey/test2/ ###################