From 736c739bf492a73c60cfca000b853c040f53a104 Mon Sep 17 00:00:00 2001 From: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com> Date: Fri, 5 Aug 2022 06:10:34 +0800 Subject: [PATCH] Fix issue: rsyslog rate limit does not work on version 8.2110.0 (#11588) #### Why I did it The default stable version of rsyslog on bullseye has a bug about rate limit. It causes rate limit not work. The bug has been fixed on backport version 8.2206.0-1~bpo11+1. Buster has no such issue. #### How I did it Upgrade rsyslog from 8.2110.0 to 8.2206.0-1~bpo11+1 #### How to verify it Manual test --- build_debian.sh | 5 ++++- dockers/docker-base-bullseye/Dockerfile.j2 | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/build_debian.sh b/build_debian.sh index 1dd77f3bee6e..7947aef22d64 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -331,7 +331,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in sysfsutils \ squashfs-tools \ grub2-common \ - rsyslog \ screen \ hping3 \ tcptraceroute \ @@ -356,6 +355,10 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in jq \ auditd +# default rsyslog version is 8.2110.0 which has a bug on log rate limit, +# use backport version +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -t bullseye-backports -y install rsyslog + # Have systemd create the auditd log directory sudo mkdir -p ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d sudo tee ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d/log-directory.conf >/dev/null <