Fossil

Check-in [a9e74eb3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add information about the server error log to the security audit page. Provide the new /errorlog page for viewing the server logfile online.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: a9e74eb311f315da24dbb7f1cc59d0f79f43a5cce51121fc109ec993c73f7b10
User & Date: drh 2018-06-25 13:47:36.248
Context
2018-06-25
14:26
Extend the user capability system to allow the use of upper-case ASCII letters for new capabilities. ... (check-in: e45cfde7 user: drh tags: trunk)
13:47
Add information about the server error log to the security audit page. Provide the new /errorlog page for viewing the server logfile online. ... (check-in: a9e74eb3 user: drh tags: trunk)
13:32
Make sure emailerShutdown() correctly closes the emailqueue database. ... (check-in: b9121b47 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/security_audit.c. 
323
324
325
326
327
328
329


























330
331
332
333
334
335
336

      @ The "Server Load Average Limit" on the
      @ <a href="setup_access">Access Control</a> page is set to %g(r),
      @ which seems high.  Is this server really a %d((int)r)-core machine?
    }
  }
#endif




























  @ </ol>
  style_footer();
}

/*
** WEBPAGE: takeitprivate








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362

      @ The "Server Load Average Limit" on the
      @ <a href="setup_access">Access Control</a> page is set to %g(r),
      @ which seems high.  Is this server really a %d((int)r)-core machine?
    }
  }
#endif

  if( g.zErrlog==0 || fossil_strcmp(g.zErrlog,"-")==0 ){
    @ <li><p>
    @ <b>Caution:</b>
    @ No server error log is defined. It is recommended that you establish
    @ an error log on Fossil servers and monitor that log for problems.
    @ To set up an error log:
    @ <ul>
    @ <li>If running from CGI, make an entry "errorlog: <i>FILENAME</i>"
    @ in the CGI script.
    @ <li>If running the "fossil server" or "fossil http" commands,
    @ add the "--errorlog <i>FILENAME</i>" command-line option.
    @ </ul>
  }else{
    FILE *pTest = fossil_fopen(g.zErrlog,"a");
    if( pTest==0 ){
      @ <li><p>
      @ <b>Error:</b>
      @ There is an error log at "%h(g.zErrlog)" but that file is not
      @ writable and so no logging will occur.
    }else{
      fclose(pTest);
      @ <li><p>
      @ The error log at "<a href='%R/errorlog'>%h(g.zErrlog)</a>" that is
      @ %,lld(file_size(g.zErrlog, ExtFILE)) bytes in size.
    }
  }

  @ </ol>
  style_footer();
}

/*
** WEBPAGE: takeitprivate

366
367
368
369
370
371
372
































































  @ <form action="%s(g.zPath)" method="post">
  @ <input type="submit" name="apply" value="Make It Private">
  @ <input type="submit" name="cancel" value="Cancel">
  @ </form>

  style_footer();
}







































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461

  @ <form action="%s(g.zPath)" method="post">
  @ <input type="submit" name="apply" value="Make It Private">
  @ <input type="submit" name="cancel" value="Cancel">
  @ </form>

  style_footer();
}

/*
** The maximum number of bytes of log to show
*/
#define MXSHOWLOG 20000

/*
** WEBPAGE: errorlog
**
** Show the content of the error log.  Only the administrator can view
** this page.
*/
void errorlog_page(void){
  login_check_credentials();
  i64 szFile;
  FILE *in;
  long got;
  char z[10000];
  if( !g.perm.Setup && !g.perm.Admin ){
    login_needed(0);
    return;
  }
  style_header("Server Error Log");
  if( g.zErrlog==0 || fossil_strcmp(g.zErrlog,"-")==0 ){
    @ <p>There is no server error log!
    @ <p>To create a server error log:
    @ <ol>
    @ <li><p>
    @ If the server is running as CGI, then create a line in the CGI file
    @ like this:
    @ <blockquote><pre>
    @ errorlog: <i>FILENAME</i>
    @ </pre></blockquote>
    @ <li><p>
    @ If the server is running using one of 
    @ the "fossil http" or "fossil server" commands then add
    @ a command-line option "--errorlog <i>FILENAME</i>" to that
    @ command.
    @ </ol>
    style_footer();
    return;
  }
  szFile = file_size(g.zErrlog, ExtFILE);
  @ <p>The server error log at "%h(g.zErrlog)" is %,lld(szFile) bytes in size.
  in = fossil_fopen(g.zErrlog, "rb");
  if( in==0 ){
    @ <p class='generalError'>Unable top open that file for reading!</p>
    style_footer();
    return;
  }
  if( szFile>MXSHOWLOG ){
    @ Only the last %,d(MXSHOWLOG) bytes are shown.
    fseek(in, -MXSHOWLOG, SEEK_END);
  }
  @ <hr>
  @ <pre>
  while( fgets(z, sizeof(z), in) ){
    @ %h(z)\
  }
  fclose(in);
  @ </pre>
  style_footer();
}