Change all logging to clog

alert/alert.go

@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"log"
 	"log/slog"
 	"log/syslog"
 	"net/http"
 	"reflect"
 	"strings"
 	"time"
+	
+	"gitlab.cern.ch/ComputerSecurity/gocanary/clog"
 )
 
 type Field struct {
@@ -68,12 +69,13 @@ var config Config
 var syslogger *syslog.Writer
 var syslogEnabled bool
 
+
 func Initialize(slackhook string, silenceSeconds uint16, doSyslog bool) {
 	config = Config{SlackHook: slackhook, silenceSeconds: silenceSeconds}
 	if doSyslog {
 		sysl, err := syslog.New(syslog.LOG_INFO, "canary")
 		if err != nil {
-			log.Fatalln(err)
+			clog.Fatal("%s", err) // Convert err to string
 		}
 		syslogger = sysl
 	}
@@ -93,14 +95,14 @@ func PostSlackHook(message string, attachments []Attachment) {
 	// Marshal the payload into JSON
 	jsonData, err := json.Marshal(payload)
 	if err != nil {
-		log.Printf("ERROR: Slack Error encoding JSON: %s", err)
+		clog.Error("Slack Error encoding JSON: %s", err)
 		return
 	}
 
 	// Create a new HTTP request with the JSON payload
 	req, err := http.NewRequest("POST", config.SlackHook, bytes.NewBuffer(jsonData))
 	if err != nil {
-		log.Printf("ERROR: Slack Error creating request: %s", err)
+		clog.Error("Slack Error creating request: %s", err)
 		return
 	}
 
@@ -111,13 +113,13 @@ func PostSlackHook(message string, attachments []Attachment) {
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
-		log.Printf("ERROR: Slack Error sending request to Slack: %s", err)
+		clog.Error("Slack Error sending request to Slack: %s", err)
 		return
 	}
 	defer resp.Body.Close()
 
 	// Log the status code for the response
-	log.Printf("Slack Response StatusCode: %d", resp.StatusCode)
+	clog.Info("Slack Response StatusCode: %d", resp.StatusCode)
 }
 
 // Format the canary alert message

main.go

@@ -9,13 +9,11 @@
 package main
 
 import (
-	"log"
-	"log/slog"
-	"os"
 	"time"
 
 	"github.com/spf13/cobra"
 	"gitlab.cern.ch/ComputerSecurity/gocanary/alert"
+	"gitlab.cern.ch/ComputerSecurity/gocanary/clog"
 	cdns "gitlab.cern.ch/ComputerSecurity/gocanary/server/dns"
 	chttp "gitlab.cern.ch/ComputerSecurity/gocanary/server/http"
 	"gitlab.cern.ch/ComputerSecurity/gocanary/tokens"
@@ -34,7 +32,8 @@ func runCanary(cmd *cobra.Command, args []string) {
 
 	//Start servers
 	normalizeDomains()
-	log.Print("Servers starting")
+
+	clog.Info("Servers starting")
 	//Start DNS server
 	if dnsEnabled {
 		cdns.Start(getDNSConfig())
@@ -55,7 +54,7 @@ func runCanary(cmd *cobra.Command, args []string) {
 		time.Sleep(1 * time.Second)
 
 		harden.DropPrivs()
-		slog.Debug("LandLocking")
+		clog.Debug("LandLocking")
 		//If autocert we need a writable cache directory by the dropped uid
 		if len(autocertDomains) > 0 {
 			harden.LandLock(binPath, cacheDir)
@@ -72,9 +71,7 @@ func runCanary(cmd *cobra.Command, args []string) {
 
 // MAIN
 func main() {
-	logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
-	slog.SetDefault(logger)
 	if err := gocanaryCmd.Execute(); err != nil {
-		log.Fatalf("Error executing program: %s", err)
+		clog.Fatal("Error executing program: %v", err)
 	}
 }

server/dns/dns.go

@@ -2,7 +2,6 @@ package dns
 
 import (
 	"fmt"
-	"log"
 	"log/slog"
 	"net"
 	"slices"
@@ -13,6 +12,7 @@ import (
 	"github.com/miekg/dns"
 	"gitlab.cern.ch/ComputerSecurity/gocanary/alert"
 	"gitlab.cern.ch/ComputerSecurity/gocanary/tokens"
+	"gitlab.cern.ch/ComputerSecurity/gocanary/clog"
 )
 
 type DNSServerConfig struct {
@@ -120,7 +120,7 @@ func handleDNS(w dns.ResponseWriter, r *dns.Msg) {
 		}
 	}
 
-	if serverConfig.IgnoreRequests != true {
+	if !serverConfig.IgnoreRequests {
 		w.WriteMsg(m)
 	}
 }
@@ -128,10 +128,10 @@ func handleDNS(w dns.ResponseWriter, r *dns.Msg) {
 // DNS server proto udp
 func StartUDPListener(bindAddr string) {
 	server := &dns.Server{Addr: bindAddr, Net: "udp"}
-	log.Printf("Starting UDP DNS server on %s", bindAddr)
+	clog.Info("Starting UDP DNS server on %s", bindAddr)
 	go func() {
 		if err := server.ListenAndServe(); err != nil {
-			log.Fatalf("COLLECTOR_DNS: Failed to set udp listener %s\n", err.Error())
+			clog.Fatal("COLLECTOR_DNS: Failed to set udp listener %v\n", err.Error())
 		}
 	}()
 }
@@ -139,10 +139,10 @@ func StartUDPListener(bindAddr string) {
 // DNS server proto tcp
 func StartTCPListener(bindAddr string) {
 	serverTCP := &dns.Server{Addr: bindAddr, Net: "tcp"}
-	log.Printf("Starting TCP DNS server on %s", bindAddr)
+	clog.Info("Starting TCP DNS server on %s", bindAddr)
 	go func() {
 		if err := serverTCP.ListenAndServe(); err != nil {
-			log.Fatalf("COLLECTOR_DNS: Failed to set tcp listener %s\n", err.Error())
+			clog.Fatal("COLLECTOR_DNS: Failed to set tcp listener %v\n", err.Error())
 		}
 	}()
 }

server/http/http.go

@@ -3,7 +3,6 @@ package http
 import (
 	"crypto/tls"
 	"fmt"
-	"log"
 	"log/slog"
 	"net"
 	"net/http"
@@ -16,6 +15,7 @@ import (
 	"gitlab.cern.ch/ComputerSecurity/gocanary/alert"
 	"gitlab.cern.ch/ComputerSecurity/gocanary/tokens"
 	"golang.org/x/crypto/acme/autocert"
+	"gitlab.cern.ch/ComputerSecurity/gocanary/clog"
 )
 
 type HTTPServerConfig struct {
@@ -151,7 +151,7 @@ func getTlsConfig(config HTTPServerConfig) *tls.Config {
 	} else {
 		cer, err := tls.LoadX509KeyPair(config.CertFile, config.CertKeyFile)
 		if err != nil {
-			log.Fatalf("Error loading certificates")
+			clog.Fatal("Error loading certificates")
 		}
 		return &tls.Config{Certificates: []tls.Certificate{cer}}
 	}
@@ -173,7 +173,8 @@ func initializeAutocertManager(autocertDomains []string, cacheDir string) {
 func listenHTTP(config HTTPServerConfig, mux *http.ServeMux) {
 	// Start HTTP server
 	go func() {
-		log.Printf("Starting HTTP server on %s", config.HttpBindAddr)
+		clog.Info("Starting HTTP server on %s", config.HttpBindAddr)
+
 		srv := &http.Server{
 			Addr:         config.HttpBindAddr,
 			Handler:      mux,
@@ -189,7 +190,7 @@ func listenHTTP(config HTTPServerConfig, mux *http.ServeMux) {
 		}
 
 		if err := srv.ListenAndServe(); err != nil {
-			log.Fatalf("HTTP server failed: %s", err)
+			clog.Fatal("HTTP server failed: %s", err)
 		}
 	}()
 }
@@ -197,7 +198,7 @@ func listenHTTP(config HTTPServerConfig, mux *http.ServeMux) {
 func listenHTTPS(config HTTPServerConfig, mux *http.ServeMux) {
 	// Start HTTPS server
 	go func() {
-		log.Printf("Starting HTTPS server on %s", config.HttpsBindAddr)
+		clog.Info("Starting HTTPS server on %s", config.HttpsBindAddr)
 		tlsConfig := getTlsConfig(config)
 		srv := &http.Server{
 			Addr:         config.HttpsBindAddr,
@@ -209,7 +210,7 @@ func listenHTTPS(config HTTPServerConfig, mux *http.ServeMux) {
 		}
 
 		if err := srv.ListenAndServeTLS("", ""); err != nil {
-			log.Fatalf("HTTPS server failed: %s", err)
+			clog.Fatal("HTTPS server failed: %s", err)
 		}
 
 	}()

tokens/tokens.go

@@ -2,10 +2,10 @@ package tokens
 
 import (
 	"fmt"
-	"log"
 	"os"
 
 	"gopkg.in/yaml.v2"
+	"gitlab.cern.ch/ComputerSecurity/gocanary/clog"
 )
 
 type CanaryRecord struct {
@@ -22,13 +22,13 @@ var canaryRecord map[string]CanaryRecord
 func Initialize(tokenStorage string) {
 	data, err := os.ReadFile(string(tokenStorage))
 	if err != nil {
-		log.Fatalf("error reading file: %v", err)
+		clog.Fatal("error reading file: %v", err)
 	}
 
 	var records []CanaryRecord
 	err = yaml.Unmarshal(data, &records)
 	if err != nil {
-		log.Fatalf("error parsing YAML: %v", err)
+		clog.Fatal("error parsing YAML: %v", err)
 	}
 
 	canaryRecord = make(map[string]CanaryRecord)

utils/harden/harden.go

 package harden
 
 import (
-	"log"
 	"os/user"
 	"strconv"
 	"syscall"
 
 	"github.com/landlock-lsm/go-landlock/landlock"
 	"github.com/syndtr/gocapability/capability"
+	"gitlab.cern.ch/ComputerSecurity/gocanary/clog"
 )
 
 var switchToUser = "nobody"
@@ -16,13 +16,13 @@ var switchToUser = "nobody"
 func ShowCaps() {
 	caps, err := capability.NewPid(0)
 	if err != nil {
-		log.Fatal(err)
+		clog.Fatal("%v", err)
 	}
 	err = caps.Load()
 	if err != nil {
-		log.Fatal(err)
+		clog.Fatal("%v", err)
 	}
-	log.Printf("now: %+v", caps)
+	clog.Info("now: %+v", caps)
 
 }
 
@@ -32,7 +32,7 @@ func MinCapabilities(hardeningEnabled bool) {
 	// NewPid(0) means current process
 	caps, err := capability.NewPid(0)
 	if err != nil {
-		log.Fatal(err)
+		clog.Fatal(err.Error())
 	}
 	caps.Clear(capability.CAPS)
 	caps.Set(capability.CAPS, capability.CAP_NET_BIND_SERVICE)
@@ -43,7 +43,7 @@ func MinCapabilities(hardeningEnabled bool) {
 	}
 
 	if err := caps.Apply(capability.CAPS); err != nil {
-		log.Fatalf("could not apply caps: %v", err)
+		clog.Fatal("could not apply caps: %v", err)
 	}
 }
 
@@ -51,34 +51,34 @@ func MinCapabilities(hardeningEnabled bool) {
 func DropRoot() {
 	userInfo, err := user.Lookup(switchToUser)
 	if err != nil {
-		log.Printf("User %s not found, changing to 65534", switchToUser)
+		clog.Error("User %s not found, changing to 65534", switchToUser)
 		userInfo = &user.User{Gid: "65534", Uid: "65534"}
 	}
 	// Convert group ID and user ID from string to int.
 	gid, err := strconv.Atoi(userInfo.Gid)
 	if err != nil {
-		log.Fatal(err)
+		clog.Fatal(err.Error())
 	}
 	uid, err := strconv.Atoi(userInfo.Uid)
 	if err != nil {
-		log.Fatal(err)
+		clog.Fatal(err.Error())
 	}
 
 	// Unset supplementary group IDs.
 	err = syscall.Setgroups([]int{})
 	if err != nil {
-		log.Fatal("Failed to unset supplementary group IDs: " + err.Error())
+		clog.Fatal("Failed to unset supplementary group IDs: %v", err)
 	}
 
 	// Set group ID (real and effective).
 	err = syscall.Setgid(gid)
 	if err != nil {
-		log.Fatal("Failed to set group ID: " + err.Error())
+		clog.Fatal("Failed to set group ID: %v", err)
 	}
 	// Set user ID (real and effective).
 	err = syscall.Setuid(uid)
 	if err != nil {
-		log.Fatal("Failed to set user ID: " + err.Error())
+		clog.Fatal("Failed to set user ID: %v", err)
 	}
 }
 
@@ -101,7 +101,7 @@ func LandLock(extraPath string, cacheDir string) {
 		defaults...,
 	)
 	if err != nil {
-		log.Fatal("Failed LandLock : " + err.Error())
+		clog.Fatal("Failed LandLock : %v", err)
 	}
 }