feat: force attrs for new files

- based for systemd service with inotify;
- group and permissions can be set in kf2-srv.conf;
- bot password in separate conf with no permissions for others.

SOURCES/bot.conf

@@ -0,0 +1,4 @@
+# Bot default password
+# To change the password for the bot, you must do this here and in WebAdmin.
+# Otherwise, the bot will stop working and some actions cannot be done on running servers
+ServerBotPassword=VerySecretBotPassword

SOURCES/kf2-srv

@@ -26,10 +26,11 @@ declare -A MutNames
 
 source /etc/steamcmd/steamcmd.conf
 source /etc/kf2-srv/kf2-srv.conf
+source /etc/kf2-srv/bot.conf
 
-ScriptFullname=$(readlink -e "$0")
-ScriptName=$(echo "$ScriptFullname" | awk -F '/' '{print $NF;}')
-readonly ScriptVersion="0.10.1"
+readonly ScriptFullname=$(readlink -e "$0")
+readonly ScriptName=$(echo "$ScriptFullname" | awk -F '/' '{print $NF;}')
+readonly ScriptVersion=$(rpm -qi "$ScriptName" | grep 'Version' | sed -r 's|.+: +||g') # mb problems in other langs ('Version')
 
 # Constants. Don't change.
 readonly AppServerNum="232130"
@@ -247,6 +248,16 @@ function new_instance () # $*: InstanceName[s]
 		multini -s "$InstanceDir/main.conf" '' 'PortQuery' "$MaxQueryPort"
 		multini -s "$InstanceDir/main.conf" '' 'PortWeb'   "$MaxWebAdminPort"
 		
+		multini -s "$InstanceDir/KFWeb.ini"                "IpDrv.WebServer"   "bEnabled"            "true"
+		multini -s "$InstanceDir/LinuxServer-KFEngine.ini" "LogFiles"          "PurgeLogsDays"       "0"
+		multini -s "$InstanceDir/LinuxServer-KFEngine.ini" "LogFiles"          "LogTimes"            "False"
+		multini -s "$InstanceDir/KFWebAdmin.ini"           "WebAdmin.WebAdmin" "AuthenticationClass" "WebAdmin.MultiWebAdminAuth"
+		multini -s "$InstanceDir/KFWebAdmin.ini"           "WebAdmin.WebAdmin" "bHttpAuth"           "True"
+		multini -s "$InstanceDir/KFWebAdmin.ini"           "WebAdmin.Chatlog"  "Filename"            "$Instance-chat"
+		multini -s "$InstanceDir/KFWebAdmin.ini"           "WebAdmin.Chatlog"  "bIncludeTimeStamp"   "False"
+		
+		# LOGGING?: LinuxServer-KFGame.ini bLog* 
+
 		echo "Instance $Instance created. See /etc/$ScriptName/instances$BetaPostfix/$Instance for edit configuration"
 	done
 }
@@ -480,6 +491,9 @@ function first_install ()
 		exit 1
 	fi
 	
+	rm -rf "$LogDir"
+	ln -s "/var/log/kf2-srv$BetaPostfix" "$LogDir"
+	
 	echo "Creating base ini files"
 	sudo -u "$SteamUser" $AppBin &> /dev/null &
 	while true
@@ -501,6 +515,9 @@ function first_install ()
 	killall -KILL KFGameSteamServer.bin.x86_64; sleep 1
 	echo "Setting up WebAdmin"
 	multini -s "$DefaultConfigDir/KFWeb.ini" "IpDrv.WebServer" "bEnabled" "true"
+	multini -s "$DefaultConfigDir/LinuxServer-KFEngine.ini" "LogFiles" "PurgeLogsDays" "0"
+	multini -s "$DefaultConfigDir/LinuxServer-KFEngine.ini" "LogFiles" "LogTimes" "False"
+	
 	sudo -u "$SteamUser" $AppBin &> /dev/null &
 	while true
 	do
@@ -511,7 +528,10 @@ function first_install ()
 	done
 	killall -KILL KFGameSteamServer.bin.x86_64; sleep 1
 	multini -s "$DefaultConfigDir/KFWebAdmin.ini" "WebAdmin.WebAdmin" "AuthenticationClass" "WebAdmin.MultiWebAdminAuth"
-	multini -s "$DefaultConfigDir/KFWebAdmin.ini" "WebAdmin.WebAdmin" "bHttpAuth" "True"
+	multini -s "$DefaultConfigDir/KFWebAdmin.ini" "WebAdmin.WebAdmin" "bHttpAuth"           "True"
+	multini -s "$DefaultConfigDir/KFWebAdmin.ini" "WebAdmin.WebAdmin" "bChatLog"            "True"
+	multini -s "$DefaultConfigDir/KFWebAdmin.ini" "WebAdmin.Chatlog"  "Filename"            "default-chat"
+	multini -s "$DefaultConfigDir/KFWebAdmin.ini" "WebAdmin.Chatlog"  "bIncludeTimeStamp"   "False"
 	
 	echo "Wait while WebAdmin up"
 	sudo -u "$SteamUser" $AppBin &> /dev/null &
@@ -804,9 +824,7 @@ function workshop_del () # $*: WorkshopID[s]
 		local WsName=$(name_by_workshopID "$WorkshopID")
 		local Cache="$CacheDir/$WorkshopID"
 		local Downl="$DownloadDir/$WorkshopID"
-		echo -e "Clear cache:
-$Cache
-$Downl"
+		echo -e "Clear cache:\n$Cache\n$Downl"
 		rm -rf "$Cache" "$Downl"
 		for Instance in $(show_instances)
 		do
@@ -1221,6 +1239,7 @@ AppBin="$InstallDir/Binaries/Win64/KFGameSteamServer.bin.x86_64"
 DefaultConfigDir="$InstallDir/KFGame/Config"
 DownloadDir="$InstallDir/Binaries/Win64/steamapps/workshop/content/$AppClientNum"
 CacheDir="$InstallDir/KFGame/Cache"
+LogDir="$InstallDir/KFGame/Logs"
 InstanceConfigDir="/etc/kf2-srv/instances$BetaPostfix"
 InstanceConfigLnk="$DefaultConfigDir/instances"
 MainConfigTemplate="/etc/kf2-srv/main.conf.template"

SOURCES/kf2-srv-beta-update.service

@@ -1,5 +1,7 @@
 [Unit]
 Description=Check and Update Killing Floor 2 server
+After=network-online.target
+Requires=network-online.target
 
 [Service]
 Type=oneshot

SOURCES/kf2-srv-beta@.service

@@ -1,12 +1,16 @@
 [Unit]
 Description=Killing Floor 2 Beta Server Daemon - %i
+After=kf2-srv-force-attr.service
+After=network-online.target
+Wants=network-online.target
 
 [Service]
 User=steam
 Group=steam
 Type=simple
-StandardOutput=null
-StandardError=null
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=kf2-srv-beta/%i
 EnvironmentFile=/etc/kf2-srv/instances-beta/%i/main.conf
 ExecStart=/usr/games/kf2-srv-beta/Binaries/Win64/KFGameSteamServer.bin.x86_64 ${Map}?Difficulty=${Difficulty}?GameLength=${Length}?Game=${Game}?Mutator=${Mutators}?${Args} configsubdir=instances/%i -webadminport=${PortWeb} -queryport=${PortQuery} -port=${PortGame}
 Restart=always

SOURCES/kf2-srv-force-attr

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# kf2-srv is a command line tool for managing a set of Killing Floor 2 servers.
+# Copyright (C) 2019, 2020 GenZmeY
+# mailto: genzmey@gmail.com
+# 
+# This file is part of kf2-srv.
+#
+# kf2-srv is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+declare -A ModeNames MutNames
+
+source /etc/kf2-srv/kf2-srv.conf
+
+DirLog="/var/log/kf2-srv"
+DirLogBeta="/var/log/kf2-srv-beta"
+DirInstances="/etc/kf2-srv/instances"
+DirInstancesBeta="/etc/kf2-srv/instances-beta"
+
+/usr/bin/inotifywait -qmr -e create -e moved_to --format %w%f \
+"$DirLog" "$DirLogBeta" "$DirInstances" "$DirInstancesBeta" | \
+while read File
+do
+	if echo "$File" | grep -Piq "\.log$"; then
+		chmod  "$ForceLogPermissions" "$File"
+		chown :"$ForceLogGroup"       "$File"
+	elif echo "$File" | grep -Piq "\.ini$"; then
+		chmod  "$ForceIniPermissions" "$File"
+		chown :"$ForceIniGroup"       "$File"
+	fi
+done
+

SOURCES/kf2-srv-force-attr.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=kf2-srv force attr service
+
+[Service]
+Type=simple
+StandardOutput=null
+StandardError=null
+ExecStart=/usr/sbin/kf2-srv-force-attr
+Restart=always
+
+NoNewPrivileges=yes
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=true
+
+[Install]
+WantedBy=multi-user.target

SOURCES/kf2-srv-update.service

@@ -1,5 +1,7 @@
 [Unit]
 Description=Check and Update Killing Floor 2 server
+After=network-online.target
+Requires=network-online.target
 
 [Service]
 Type=oneshot

SOURCES/kf2-srv.conf

@@ -3,7 +3,7 @@
 DiffNames=('Normal' 'Hard' 'Suicide' 'Hell')
 
 # Displays the number of waves
-# You can rename them as you like
+# You can rename them as you like (e.g. 'short' 'medium' 'long')
 WaveNames=('4' '7' '10')
 
 # Add custom gamemodes to the end of the list, similar to what is already there:
@@ -16,7 +16,9 @@ ModeNames['KFGameContent.KFGameInfo_VersusSurvival']='Versus'
 # Add mutators to the end of the list, similar to what is already there:
 MutNames['ServerExtMut.ServerExtMut']='RPG'
 
-# Bot default password
-# To change the password for the bot, you must do this here and in WebAdmin.
-# Otherwise, the bot will stop working and some actions cannot be done on running servers
-ServerBotPassword=VerySecretBotPassword
+# These parameters works only if "kf2-srv-force-attr.service" is active
+ForceIniPermissions=664
+ForceLogPermissions=640
+ForceIniGroup=steam
+ForceLogGroup=steam
+

SOURCES/kf2-srv.xml

@@ -3,7 +3,7 @@
 	<short>kf2-srv</short>
 	<description>Killing Floor 2 server</description>
 	<port protocol="udp" port="7777"/>
-	<port protocol="udp" port="27015">
+	<port protocol="udp" port="27015"/>
 	<port protocol="tcp" port="8080"/>
 	<port protocol="udp" port="20560"/>
 	<port protocol="udp" port="123"/>

SOURCES/kf2-srv@.service

@@ -1,12 +1,16 @@
 [Unit]
 Description=Killing Floor 2 Server Daemon - %i
+After=kf2-srv-force-attr.service
+After=network-online.target
+Wants=network-online.target
 
 [Service]
 User=steam
 Group=steam
 Type=simple
-StandardOutput=null
-StandardError=null
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=kf2-srv/%i
 EnvironmentFile=/etc/kf2-srv/instances/%i/main.conf
 ExecStart=/usr/games/kf2-srv/Binaries/Win64/KFGameSteamServer.bin.x86_64 ${Map}?Difficulty=${Difficulty}?GameLength=${Length}?Game=${Game}?Mutator=${Mutators}?${Args} configsubdir=instances/%i -webadminport=${PortWeb} -queryport=${PortQuery} -port=${PortGame}
 Restart=always

SOURCES/logrotate-kf2-srv

@@ -0,0 +1,17 @@
+/var/log/kf2-srv/*.log
+/var/log/kf2-srv-beta/*.log
+{
+	su root steam
+	daily
+	missingok
+	rotate 7
+	create 0644
+	missingok
+	compress
+	notifempty
+	postrotate
+		test -s /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid)
+		# postrotate script should always return 0
+		true
+	endscript
+}

SOURCES/rsyslog-kf2-srv.conf

@@ -0,0 +1,10 @@
+global(parser.permitSlashInProgramName="on")
+
+template(name="DynFile" type="string" string="/var/log/%programname%.log")
+
+if ($programname startswith "kf2-srv") then
+{
+	action(Type="omfile" DynaFile="DynFile" FileCreateMode="0640" Umask="0027" FileOwner="root" FileGroup="steam")
+	stop
+}
+

SPECS/kf2-srv.spec

@@ -1,7 +1,7 @@
 %global steamuser steam
 
 Name:       kf2-srv
-Version:    0.10.1
+Version:    0.12.0
 Release:    1%{dist}
 Summary:    Killing Floor 2 server
 Group:      Amusements/Games
@@ -20,6 +20,11 @@ Source9:    %{name}-beta-update.service
 Source10:   %{name}-beta-update.timer
 Source11:   %{name}.conf
 Source12:   COPYING
+Source13:   rsyslog-%{name}.conf
+Source14:   logrotate-%{name}
+Source15:   bot.conf
+Source16:   %{name}-force-attr
+Source17:   %{name}-force-attr.service
 
 Requires:   systemd >= 219
 Requires:   steamcmd
@@ -34,6 +39,9 @@ Requires:   sudo
 Requires:   psmisc
 Requires:   gawk
 Requires:   multini >= 0.2.3
+Requires:   rsyslog >= 8.25.0
+Requires:   logrotate
+Requires:   inotify-tools
 
 Provides:   %{name}
 
@@ -48,14 +56,19 @@ Command line tool for managing a set of Killing Floor 2 servers.
 rm -rf $RPM_BUILD_ROOT
 
 install -d %{buildroot}/%{_bindir}
+install -d %{buildroot}/%{_sbindir}
 install -d %{buildroot}/%{_prefix}/lib/systemd/system
 install -d %{buildroot}/%{_prefix}/lib/firewalld/services
 install -d %{buildroot}/%{_sysconfdir}/%{name}/instances
 install -d %{buildroot}/%{_sysconfdir}/%{name}/instances-beta
 install -d %{buildroot}/%{_sysconfdir}/%{name}/mapcycles
+install -d %{buildroot}/%{_sysconfdir}/rsyslog.d
+install -d %{buildroot}/%{_sysconfdir}/logrotate.d
 install -d %{buildroot}/%{_prefix}/games/%{name}
 install -d %{buildroot}/%{_prefix}/games/%{name}-beta
 install -d %{buildroot}/%{_datadir}/licenses/%{name}
+install -d %{buildroot}/%{_localstatedir}/log/%{name}
+install -d %{buildroot}/%{_localstatedir}/log/%{name}-beta
 
 # access rights are used here to prevent warnings when building the package
 install -m 755 %{SOURCE1}  %{buildroot}/%{_bindir}
@@ -70,24 +83,35 @@ install -m 644 %{SOURCE9}  %{buildroot}/%{_prefix}/lib/systemd/system
 install -m 644 %{SOURCE10} %{buildroot}/%{_prefix}/lib/systemd/system
 install -m 644 %{SOURCE11} %{buildroot}/%{_sysconfdir}/%{name}
 install -m 644 %{SOURCE12} %{buildroot}/%{_datadir}/licenses/%{name}
+install -m 644 %{SOURCE13} %{buildroot}/%{_sysconfdir}/rsyslog.d/%{name}.conf
+install -m 644 %{SOURCE14} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
+install -m 644 %{SOURCE15} %{buildroot}/%{_sysconfdir}/%{name}
+install -m 755 %{SOURCE16} %{buildroot}/%{_sbindir}
+install -m 644 %{SOURCE17} %{buildroot}/%{_prefix}/lib/systemd/system
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %files
-%attr(775,root,%{steamuser}) %dir               %{_prefix}/games/%{name}
-%attr(775,root,%{steamuser}) %dir               %{_prefix}/games/%{name}-beta
-%attr(775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}
-%attr(775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}/instances
-%attr(775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}/instances-beta
-%attr(775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}/mapcycles
-%attr(644,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/main.conf.template
-%attr(644,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
-%attr(644,root,root)         %config(noreplace) %{_prefix}/lib/firewalld/services/%{name}.xml
-%attr(755,root,root)                            %{_bindir}/%{name}
-%attr(755,root,root)                            %{_bindir}/%{name}-beta
-%attr(644,root,root)                            %{_prefix}/lib/systemd/system/*
-%attr(644,root,root)         %doc               %{_datadir}/licenses/%{name}/*
+%attr(0775,root,%{steamuser}) %dir               %{_prefix}/games/%{name}
+%attr(0775,root,%{steamuser}) %dir               %{_prefix}/games/%{name}-beta
+%attr(0775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}
+%attr(0775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}/instances
+%attr(0775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}/instances-beta
+%attr(0775,root,%{steamuser}) %dir               %{_sysconfdir}/%{name}/mapcycles
+%attr(0770,root,%{steamuser}) %dir               %{_localstatedir}/log/%{name}
+%attr(0770,root,%{steamuser}) %dir               %{_localstatedir}/log/%{name}-beta
+%attr(0664,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/main.conf.template
+%attr(0664,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%attr(0640,root,%{steamuser}) %config(noreplace) %{_sysconfdir}/%{name}/bot.conf
+%attr(0644,root,root)         %config(noreplace) %{_prefix}/lib/firewalld/services/%{name}.xml
+%attr(0755,root,root)                            %{_bindir}/%{name}
+%attr(0755,root,root)                            %{_bindir}/%{name}-beta
+%attr(0755,root,root)                            %{_sbindir}/%{name}-force-attr
+%attr(0644,root,root)                            %{_prefix}/lib/systemd/system/*
+%attr(0644,root,root)         %doc               %{_datadir}/licenses/%{name}/*
+%attr(0644,root,root)                            %{_sysconfdir}/rsyslog.d/%{name}.conf
+%attr(0644,root,root)                            %{_sysconfdir}/logrotate.d/%{name}
 
 %preun
 if [[ $1 -eq 0 ]] ; then # Uninstall
@@ -99,7 +123,26 @@ if [[ $1 -eq 0 ]] ; then # Uninstall
 	rm -rf %{_sysconfdir}/%{name}/instances-beta/default
 fi
 
+%post
+#if [[ $1 == 1 ]]; then # Install
+systemctl daemon-reload
+systemctl try-restart rsyslog.service
+#fi
+
 %changelog
+* Mon Jul 13 2020 GenZmeY <genzmey@gmail.com> - 0.12.0-1
+- chat logs without timestamp;
+- update rsyslog config - now logs will be create with steam group and 640 permissions;
+- update logrotate config (fixed that logrotate does nothing);
+- bot password in separate file without read permission to others;
+- feat: force attr for log/ini files.
+
+* Thu Jul 9 2020 GenZmeY <genzmey@gmail.com> - 0.11.1-1
+- fix syntax error in firewalld service.
+
+* Wed Jul 8 2020 GenZmeY <genzmey@gmail.com> - 0.11.0-1
+- logging (rsyslog + logrotate).
+
 * Wed Jul 8 2020 GenZmeY <genzmey@gmail.com> - 0.10.1-1
 - add COPYING to distributive;
 - add license info to kf2-srv-beta;

TODO

@@ -0,0 +1,61 @@
+- selinux
+- sudo for steamuser
+- kick by level
+- split the script into separate files
+- man pages
+- english help
+- check ban EGS players (mb bugs)
+- ban history
+- temporary ban
+- understand what causes a "cpu hurricane" at startup
+- generate unique password for server bot on install
+- parallel actions
+- bash completion
+
+###################
+
+Split scheme:
+game
+	update
+	validate
+	fix-permissions
+	run
+	help
+
+instance
+	list
+	new
+	delete
+	enable
+	disable
+	start
+	stop
+	restart
+	chat
+	help
+
+ban
+	list
+	add
+	delete
+	sync
+	help
+
+workshop
+	list
+	add
+	delete
+	sync
+	help
+
+password
+	game
+	admin
+	help
+
+maprotate
+	save
+	load
+	help
+	
+help h -h --help