View | Details | Raw Unified | Return to bug 220609 | Differences between
and this patch

Collapse All | Expand All

(-)Makefile (-20 / +11 lines)
Lines 2-8 Link Here
2
# $FreeBSD$
2
# $FreeBSD$
3
3
4
PORTNAME=	logcheck
4
PORTNAME=	logcheck
5
PORTVERSION=	1.3.17
5
PORTVERSION=	1.3.18
6
CATEGORIES=	security
6
CATEGORIES=	security
7
MASTER_SITES=	DEBIAN_POOL
7
MASTER_SITES=	DEBIAN_POOL
8
DISTNAME=	${PORTNAME}_${PORTVERSION}
8
DISTNAME=	${PORTNAME}_${PORTVERSION}
Lines 12-17 Link Here
12
12
13
LICENSE=	GPLv2
13
LICENSE=	GPLv2
14
14
15
BUILD_DEPENDS=	docbook-to-man>0:textproc/docbook-to-man
15
RUN_DEPENDS=	mime-construct:mail/mime-construct \
16
RUN_DEPENDS=	mime-construct:mail/mime-construct \
16
		lockfile:mail/procmail \
17
		lockfile:mail/procmail \
17
		bash:shells/bash
18
		bash:shells/bash
Lines 38-76 Link Here
38
BINMODE=	755
39
BINMODE=	755
39
SUB_LIST+=	LOGCHECK_USER=${LOGCHECK_USER} \
40
SUB_LIST+=	LOGCHECK_USER=${LOGCHECK_USER} \
40
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
41
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
41
		CRON=${PORT_OPTIONS:MCRON}
42
		DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON}
42
SUB_FILES=	pkg-install pkg-deinstall pkg-message
43
SUB_FILES=	pkg-install pkg-deinstall pkg-message
43
PLIST_SUB+=	LOGCHECK_USER=${LOGCHECK_USER} \
44
PLIST_SUB+=	LOGCHECK_USER=${LOGCHECK_USER} \
44
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
45
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
45
		DBDIR=${DBDIR} RUNDIR=${RUNDIR}
46
		DBDIR=${DBDIR} RUNDIR=${RUNDIR}
46
SHEBANG_FILES=	src/logcheck src/logtail src/logtail2
47
SHEBANG_FILES=	src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr
47
CONFIG_DIRS=	cracking.d ignore.d.paranoid ignore.d.server \
48
CONFIG_DIRS=	cracking.d ignore.d.paranoid ignore.d.server \
48
		ignore.d.workstation violations.d violations.ignore.d
49
		ignore.d.workstation violations.d violations.ignore.d
49
DOCS=		AUTHORS CHANGES CREDITS LICENSE TODO docs/README*
50
DOCS=		AUTHORS CHANGES CREDITS LICENSE TODO docs/README*
50
PORTDOCS=	${DOCS:T}
51
PORTDOCS=	${DOCS:T}
51
MAN_FILES=	logcheck.8 logtail.8 logtail2.8
52
MAN_FILES=	logcheck.8 logtail.8 logtail2.8
53
REINPLACE_FILES=	debian/logcheck.cron.d docs/logcheck.sgml \
54
			etc/logcheck.conf src/logcheck src/logtail2
52
55
53
PATCH_LIST=	extra-patch-debian__logcheck.cron.d \
54
		extra-patch-docs__logcheck.8 \
55
		extra-patch-etc__logcheck.conf \
56
		extra-patch-src__logcheck \
57
		extra-patch-src__logtail2
58
EXTRA_PATCHES=	${PATCH_LIST:C|^|${WRKDIR}/|g}
59
60
.include <bsd.port.pre.mk>
56
.include <bsd.port.pre.mk>
61
57
62
pre-patch:
58
do-build:
63
.for patch in ${PATCH_LIST}
59
.for file in ${REINPLACE_FILES}
64
	@${SED} ${_SUB_LIST_TEMP} ${FILESDIR}/${patch}.in > ${WRKDIR}/${patch}
60
	${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file}
65
.endfor
61
.endfor
62
	docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8
63
	${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete
66
64
67
post-patch:
68
	@${FIND} ${WRKSRC}/rulefiles -type f -name \*.orig -delete
69
70
do-build:
71
	@${REINPLACE_CMD} -e 's!/var/log/syslog!/var/log/messages!' \
72
		${WRKSRC}/etc/logcheck.logfiles
73
74
do-install:
65
do-install:
75
	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
66
	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
76
		  ${STAGEDIR}${DBDIR} \
67
		  ${STAGEDIR}${DBDIR} \
(-)distinfo (-2 / +3 lines)
Lines 1-2 Link Here
1
SHA256 (logcheck_1.3.17.tar.xz) = c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a
1
TIMESTAMP = 1499679623
2
SIZE (logcheck_1.3.17.tar.xz) = 130956
2
SHA256 (logcheck_1.3.18.tar.xz) = 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4
3
SIZE (logcheck_1.3.18.tar.xz) = 131252
(-)files/extra-patch-debian__logcheck.cron.d.in (-16 lines)
Lines 1-16 Link Here
1
--- ./debian/logcheck.cron.d.orig	2006-08-06 19:10:49.000000000 -0400
2
+++ ./debian/logcheck.cron.d	2008-09-06 19:11:28.000000000 -0400
3
@@ -1,9 +1,5 @@
4
-# /etc/cron.d/logcheck: crontab entries for the logcheck package
5
-
6
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
7
+# crontab entries for the logcheck package
8
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
9
 MAILTO=root
10
-
11
-@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
12
-2 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
13
-
14
-# EOF
15
+@reboot    if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
16
+2 * * * *  if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi
(-)files/extra-patch-docs__logcheck.8.in (-118 lines)
Lines 1-118 Link Here
1
--- docs/logcheck.8.orig	2009-12-15 15:03:22.000000000 -0500
2
+++ docs/logcheck.8	2009-12-15 15:03:41.000000000 -0500
3
@@ -0,0 +1,115 @@
4
+.\" This manpage has been automatically generated by docbook2man 
5
+.\" from a DocBook document.  This tool can be found at:
6
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
7
+.\" Please send any bug reports, improvements, comments, patches, 
8
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
9
+.TH "Logcheck" "8" "15 December 2009" "" ""
10
+
11
+.SH NAME
12
+logcheck \- program to scan system logs for interesting lines
13
+.SH SYNOPSIS
14
+
15
+\fBlogcheck\fR [ \fBOPTIONS\fR ]
16
+
17
+.SH "DESCRIPTION"
18
+.PP
19
+The \fBlogcheck\fR program helps spot problems and
20
+security violations in your logfiles automatically and will send the
21
+results to you periodically in an e-mail. By default logcheck runs as 
22
+an hourly cronjob just off the hour and after every reboot.
23
+.PP
24
+\fBlogcheck\fR supports three level of filtering:
25
+"paranoid" is for high-security machines running as few services
26
+as possible. Don't use it if you can't handle its verbose messages.
27
+"server" is the default and contains rules for many different daemons.
28
+"workstation" is for sheltered machines and filters most of the messages.
29
+The ignore rules work in additive manner. "paranoid" rules are also
30
+included at level "server" and "workstation".
31
+.PP
32
+The messages reported are sorted into three layers, system events,
33
+security events and attack alerts. The verbosity of system events is 
34
+controlled by which level you choose, paranoid, server or workstation. 
35
+However, security events and attack alerts are not affected by this.
36
+.SH "EXAMPLES"
37
+.PP
38
+\fBlogcheck\fR can be invoked directly thanks
39
+to su(8) or sudo(8), which change the user ID. The following example checks the logfiles
40
+without updating the offset and outputs everything to STDOUT.
41
+.PP
42
+sudo -u logcheck \fBlogcheck\fR -o -t
43
+.SH "OPTIONS"
44
+.PP
45
+A summary of options is included below.
46
+.TP
47
+\fB-c CFG \fR
48
+Overrule default configuration file.
49
+.TP
50
+\fB-d \fR
51
+Debug mode.
52
+.TP
53
+\fB-h \fR
54
+Show usage information.
55
+.TP
56
+\fB-H \fR
57
+Use this hostname string in the subject of logcheck mail.
58
+.TP
59
+\fB-l LOG \fR
60
+Run logfile through logcheck.
61
+.TP
62
+\fB-L CFG \fR
63
+Overrule default logfiles list.
64
+.TP
65
+\fB-m \fR
66
+Mail report to recipient.
67
+.TP
68
+\fB-o \fR
69
+STDOUT mode, not sending mail.
70
+.TP
71
+\fB-p \fR
72
+Set the report level to "paranoid".
73
+.TP
74
+\fB-r DIR \fR
75
+Overrule default rules directory.
76
+.TP
77
+\fB-R \fR
78
+Adds "Reboot:" to the email subject line.
79
+.TP
80
+\fB-s \fR
81
+Set the report level to "server".
82
+.TP
83
+\fB-S DIR \fR
84
+Overrule default state directory.
85
+.TP
86
+\fB-t \fR
87
+Testing mode does not update offset.
88
+.TP
89
+\fB-T \fR
90
+Do not remove the TMPDIR.
91
+.TP
92
+\fB-u \fR
93
+Enable syslog-summary.
94
+.TP
95
+\fB-v \fR
96
+Print current version.
97
+.TP
98
+\fB-w \fR
99
+Set the report level to "workstation".
100
+.SH "FILES"
101
+.PP
102
+%%ETCDIR%%/logcheck.conf is the main configuration file.
103
+.PP
104
+%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.
105
+.PP
106
+%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.
107
+.SH "EXIT STATUS"
108
+.PP
109
+0 upon success; 1 upon failure
110
+.SH "SEE ALSO"
111
+.PP
112
+\fBlogtail\fR(8)
113
+.SH "AUTHOR"
114
+.PP
115
+logcheck is developed by Debian logcheck Team at alioth: 
116
+http://alioth.debian.org/projects/logcheck/.
117
+.PP
118
+This manual page was written by Jon Middleton.
(-)files/extra-patch-etc__logcheck.conf.in (-17 lines)
Lines 1-17 Link Here
1
--- etc/logcheck.conf.orig	2010-04-15 01:15:34.000000000 +0900
2
+++ etc/logcheck.conf	2010-05-12 14:22:13.000000000 +0900
3
@@ -53,13 +53,7 @@
4
 # Controls the base directory for rules file location
5
 # This must be an absolute path
6
 
7
-#RULEDIR="/etc/logcheck"
8
-
9
-# Controls if syslog-summary is run over each section.
10
-# Alternatively, set to "1" to enable extra summary.
11
-# HINT: syslog-summary needs to be installed.
12
-
13
-#SYSLOGSUMMARY=0
14
+#RULEDIR="%%ETCDIR%%"
15
 
16
 # Controls Subject: lines on logcheck reports:
17
 
(-)files/extra-patch-src__logcheck.in (-151 lines)
Lines 1-151 Link Here
1
--- src/logcheck.orig	2010-07-07 15:59:57.000000000 -0400
2
+++ src/logcheck	2010-07-07 16:19:33.000000000 -0400
3
@@ -24,17 +24,10 @@
4
 
5
 if [ `id -u` = 0 ]; then
6
     echo "logcheck should not be run as root. Use su to invoke logcheck:"
7
-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
8
+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
9
     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
10
     # you may want to uncomment that hack to let logcheck invoke itself.
11
-    # su -s /bin/bash -c "$0 $*" logcheck
12
-    exit 1
13
-fi
14
-
15
-if [ ! -f /usr/bin/lockfile-create -o \
16
-     ! -f /usr/bin/lockfile-remove -o \
17
-     ! -f /usr/bin/lockfile-touch ]; then
18
-    echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
19
+    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
20
     exit 1
21
 fi
22
 
23
@@ -69,12 +62,12 @@
24
 ADDTAG="no"
25
 
26
 # Set the default paths
27
-RULEDIR="/etc/logcheck"
28
-CONFFILE="/etc/logcheck/logcheck.conf"
29
-STATEDIR="/var/lib/logcheck"
30
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
31
-LOGFILE_FALLBACK="/var/log/syslog"
32
-LOGTAIL="/usr/sbin/logtail2"
33
+RULEDIR="%%ETCDIR%%"
34
+CONFFILE="%%ETCDIR%%/logcheck.conf"
35
+STATEDIR="/var/db/logcheck"
36
+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
37
+LOGFILE_FALLBACK="/var/log/messages"
38
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
39
 CAT="/bin/cat"
40
 SYSLOG_SUMMARY="/usr/bin/syslog-summary"
41
 
42
@@ -89,20 +82,15 @@
43
 SORTUNIQ=0
44
 SUPPORT_CRACKING_IGNORE=0
45
 SYSLOGSUMMARY=0
46
-LOCKDIR=/run/lock/logcheck
47
+LOCKDIR=/var/run/logcheck
48
 LOCKFILE="$LOCKDIR/logcheck"
49
 
50
 # Carry out the clean up tasks
51
 cleanup() {
52
 
53
-    if [ -n "$LOCK" ]; then
54
-        debug "cleanup: Killing lockfile-touch - $LOCK"
55
-	kill "$LOCK" && unset LOCK
56
-    fi
57
-
58
-    if [ -f "$LOCKFILE.lock" ]; then
59
-        debug "cleanup: Removing lockfile: $LOCKFILE.lock"
60
-	lockfile-remove "$LOCKFILE"
61
+    if [ -f "$LOCKFILE" ]; then
62
+        debug "cleanup: Removing lockfile: $LOCKFILE"
63
+	rm -f "$LOCKFILE"
64
     fi
65
 
66
     if [ -d "$TMPDIR" ]; then
67
@@ -144,14 +132,9 @@
68
     if [ "$2" = "noclean" ]; then
69
 	debug "error: Not removing lockfile"
70
     else
71
-        if [ -n "$LOCK" ]; then
72
-	    debug "error: Killing lockfile-touch - $LOCK"
73
-	    kill "$LOCK" && unset LOCK
74
-	fi
75
-
76
-       if [ -f "$LOCKFILE.lock" ]; then
77
-           debug "error: Removing lockfile: $LOCKFILE.lock"
78
-           lockfile-remove "$LOCKFILE"
79
+       if [ -f "$LOCKFILE" ]; then
80
+           debug "error: Removing lockfile: $LOCKFILE"
81
+           rm -f "$LOCKFILE"
82
        fi
83
 
84
     fi
85
@@ -170,7 +153,7 @@
86
 ${TMPDIR:+Check temporary directory: $TMPDIR
87
 }
88
 Also verify that the logcheck user can read all files referenced in
89
-/etc/logcheck/logcheck.logfiles!
90
+%%ETCDIR%%/logcheck.logfiles!
91
 
92
 $(export)
93
 EOF
94
@@ -215,7 +198,7 @@
95
 	    mkdir "$cleaned" \
96
 	        || error "Could not make dir $cleaned for cleaned rulefiles."
97
 	fi
98
-	for rulefile in $(run-parts --list "$dir"); do
99
+	for rulefile in $(ls -1R "$dir"); do
100
 	    rulefile="$(basename "$rulefile")"
101
 	    if [ -f "${dir}/${rulefile}" ]; then
102
 		debug "cleanrules: ${dir}/${rulefile}"
103
@@ -529,9 +512,9 @@
104
 
105
 # Hostname either fully qualified or not.
106
 if [ "$FQDN" -eq 1 ]; then
107
-        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
108
+        HOSTNAME="$(hostname -f 2>/dev/null)"
109
 else
110
-        HOSTNAME="$(hostname --short 2>/dev/null)"
111
+        HOSTNAME="$(hostname -s 2>/dev/null)"
112
 fi
113
 
114
 # Now check for the other options
115
@@ -610,30 +593,25 @@
116
 
117
 trap 'cleanup' 0
118
 
119
-debug "Trying to get lockfile: $LOCKFILE.lock"
120
+debug "Trying to get lockfile: $LOCKFILE"
121
 if [ ! -d "$LOCKDIR" ]; then
122
 	mkdir -m 0755 "$LOCKDIR"
123
 fi
124
-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
125
+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
126
 
127
 
128
 if [ $? -eq 1 ]; then
129
     trap 0
130
-    if [ -e "${LOCKFILE}.lock" ]; then
131
+    if [ -e "${LOCKFILE}" ]; then
132
         error "Another logcheck process is still running" "noclean"
133
     else
134
-        error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
135
+        error "Failed to get lockfile: $LOCKFILE" "noclean"
136
     fi
137
-
138
-else
139
-    debug "Running lockfile-touch $LOCKFILE.lock"
140
-    lockfile-touch "$LOCKFILE" &
141
-    LOCK="$!"
142
 fi
143
 
144
 # Create the secure temporary directory or exit
145
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
146
-    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
147
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
148
+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
149
     || error "Could not create temporary directory"
150
 
151
 # Now clean the rulefiles in the directories
(-)files/extra-patch-src__logtail2.in (-11 lines)
Lines 1-11 Link Here
1
--- src/logtail2.orig	2010-01-18 17:24:26.000000000 -0500
2
+++ src/logtail2	2010-01-18 17:24:40.000000000 -0500
3
@@ -108,7 +108,7 @@
4
     # function with dateext magic added.
5
     
6
     #print "determine_rotated_logfile $filename $inode\n";
7
-    for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
8
+    for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) {
9
         my $func = do $codefile;
10
         if (!$func) {
11
 	    print STDERR "cannot compile $codefile: $!";
(-)files/patch-debian_logcheck.cron.d (+16 lines)
Line 0 Link Here
1
--- debian/logcheck.cron.d.orig	2017-01-25 21:08:04 UTC
2
+++ debian/logcheck.cron.d
3
@@ -1,9 +1,5 @@
4
-# /etc/cron.d/logcheck: crontab entries for the logcheck package
5
-
6
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
7
+# crontab entries for the logcheck package
8
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/sbin:%%PREFIX%%/bin
9
 MAILTO=root
10
-
11
-@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
12
-2 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
13
-
14
-# EOF
15
+@reboot    if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
16
+2 * * * *  if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi
(-)files/patch-docs_logcheck.sgml (+17 lines)
Line 0 Link Here
1
--- docs/logcheck.sgml.orig	2017-01-25 21:08:04 UTC
2
+++ docs/logcheck.sgml
3
@@ -244,10 +244,10 @@ manpage.1: manpage.sgml
4
   <refsect1>
5
     <title>FILES</title>
6
 
7
-    <para>/etc/logcheck/logcheck.conf is the main configuration file.</para>
8
-    <para>/etc/logcheck/logcheck.logfiles is the list of files to monitor.</para>
9
-    <para>/etc/logcheck/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
10
-    <para>/usr/share/doc/logcheck-database/README.logcheck-database.gz for hints on how to write, test and maintain rules.</para>
11
+    <para>%%ETCDIR%%/logcheck.conf is the main configuration file.</para>
12
+    <para>%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.</para>
13
+    <para>%%ETCDIR%%/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
14
+    <para>%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.</para>
15
   </refsect1>
16
   <refsect1>
17
     <title>EXIT STATUS</title>
(-)files/patch-etc_logcheck.conf (+37 lines)
Line 0 Link Here
1
--- etc/logcheck.conf.orig	2017-01-25 21:08:04 UTC
2
+++ etc/logcheck.conf
3
@@ -9,7 +9,7 @@
4
 # Controls the presence of boilerplate at the top of each message:
5
 # Alternatively, set to "0" to disable the introduction.
6
 #
7
-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
8
+# If the files %%ETCDIR%%/header.txt and %%ETCDIR%%/footer.txt
9
 # are present their contents will be read and used as the header and
10
 # footer of any generated mails.
11
 
12
@@ -44,8 +44,8 @@ FQDN=1
13
 
14
 #SORTUNIQ=0
15
 
16
-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
17
-# exceptions to the rules in /etc/logcheck/cracking.d:
18
+# Controls whether %%ETCDIR%%/cracking.ignore.d is scanned for
19
+# exceptions to the rules in %%ETCDIR%%/cracking.d:
20
 # Alternatively, set to "1" to enable cracking.ignore support
21
 
22
 #SUPPORT_CRACKING_IGNORE=0
23
@@ -53,13 +53,7 @@ FQDN=1
24
 # Controls the base directory for rules file location
25
 # This must be an absolute path
26
 
27
-#RULEDIR="/etc/logcheck"
28
-
29
-# Controls if syslog-summary is run over each section.
30
-# Alternatively, set to "1" to enable extra summary.
31
-# HINT: syslog-summary needs to be installed.
32
-
33
-#SYSLOGSUMMARY=0
34
+#RULEDIR="%%ETCDIR%%"
35
 
36
 # Controls Subject: lines on logcheck reports:
37
 
(-)files/patch-etc_logcheck.logfiles (+8 lines)
Line 0 Link Here
1
--- etc/logcheck.logfiles.orig	2017-01-25 21:08:04 UTC
2
+++ etc/logcheck.logfiles
3
@@ -1,4 +1,4 @@
4
 # these files will be checked by logcheck
5
 # This has been tuned towards a default syslog install
6
-/var/log/syslog
7
 /var/log/auth.log
8
+/var/log/messages
(-)files/patch-rulefiles__linux__ignore.d.server__ssh (-3 / +3 lines)
Lines 1-6 Link Here
1
--- ./rulefiles/linux/ignore.d.server/ssh.orig	2010-09-03 04:24:30.000000000 -0400
1
--- rulefiles/linux/ignore.d.server/ssh.orig	2017-01-25 21:08:04 UTC
2
+++ ./rulefiles/linux/ignore.d.server/ssh	2011-11-23 14:25:31.000000000 -0500
2
+++ rulefiles/linux/ignore.d.server/ssh
3
@@ -21,8 +21,8 @@
3
@@ -27,8 +27,8 @@
4
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
4
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
5
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
5
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
6
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
6
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
(-)files/patch-src_logcheck (+153 lines)
Line 0 Link Here
1
--- src/logcheck.orig	2017-07-11 09:46:25 UTC
2
+++ src/logcheck
3
@@ -24,17 +24,10 @@
4
 
5
 if [ `id -u` = 0 ]; then
6
     echo "logcheck should not be run as root. Use su to invoke logcheck:"
7
-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
8
+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
9
     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
10
     # you may want to uncomment that hack to let logcheck invoke itself.
11
-    # su -s /bin/bash -c "$0 $*" logcheck
12
-    exit 1
13
-fi
14
-
15
-if [ ! -f /usr/bin/lockfile-create -o \
16
-     ! -f /usr/bin/lockfile-remove -o \
17
-     ! -f /usr/bin/lockfile-touch ]; then
18
-    echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
19
+    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
20
     exit 1
21
 fi
22
 
23
@@ -69,13 +62,13 @@ EVENTSSUBJECT="System Events"
24
 ADDTAG="no"
25
 
26
 # Set the default paths
27
-RULEDIR="/etc/logcheck"
28
-CONFFILE="/etc/logcheck/logcheck.conf"
29
-STATEDIR="/var/lib/logcheck"
30
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
31
-LOGFILES_LIST_D="/etc/logcheck/logcheck.logfiles.d"
32
-LOGFILE_FALLBACK="/var/log/syslog"
33
-LOGTAIL="/usr/sbin/logtail2"
34
+RULEDIR="%%ETCDIR%%"
35
+CONFFILE="%%ETCDIR%%/logcheck.conf"
36
+STATEDIR="%%DBDIR%%"
37
+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
38
+LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
39
+LOGFILE_FALLBACK="/var/log/messages"
40
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
41
 CAT="/bin/cat"
42
 SYSLOG_SUMMARY="/usr/bin/syslog-summary"
43
 
44
@@ -90,20 +83,15 @@ FQDN=0
45
 SORTUNIQ=0
46
 SUPPORT_CRACKING_IGNORE=0
47
 SYSLOGSUMMARY=0
48
-LOCKDIR=/run/lock/logcheck
49
+LOCKDIR=/var/run/logcheck
50
 LOCKFILE="$LOCKDIR/logcheck"
51
 
52
 # Carry out the clean up tasks
53
 cleanup() {
54
 
55
-    if [ -n "$LOCK" ]; then
56
-        debug "cleanup: Killing lockfile-touch - $LOCK"
57
-	kill "$LOCK" && unset LOCK
58
-    fi
59
-
60
-    if [ -f "$LOCKFILE.lock" ]; then
61
-        debug "cleanup: Removing lockfile: $LOCKFILE.lock"
62
-	lockfile-remove "$LOCKFILE"
63
+    if [ -f "$LOCKFILE" ]; then
64
+        debug "cleanup: Removing lockfile: $LOCKFILE"
65
+	rm -f "$LOCKFILE"
66
     fi
67
 
68
     if [ -d "$TMPDIR" ]; then
69
@@ -145,14 +133,9 @@ error() {
70
     if [ "$2" = "noclean" ]; then
71
 	debug "error: Not removing lockfile"
72
     else
73
-        if [ -n "$LOCK" ]; then
74
-	    debug "error: Killing lockfile-touch - $LOCK"
75
-	    kill "$LOCK" && unset LOCK
76
-	fi
77
-
78
-       if [ -f "$LOCKFILE.lock" ]; then
79
-           debug "error: Removing lockfile: $LOCKFILE.lock"
80
-           lockfile-remove "$LOCKFILE"
81
+       if [ -f "$LOCKFILE" ]; then
82
+           debug "error: Removing lockfile: $LOCKFILE"
83
+           rm -f "$LOCKFILE"
84
        fi
85
 
86
     fi
87
@@ -171,7 +154,7 @@ $message
88
 ${TMPDIR:+Check temporary directory: $TMPDIR
89
 }
90
 Also verify that the logcheck user can read all files referenced in
91
-/etc/logcheck/logcheck.logfiles!
92
+%%ETCDIR%%/logcheck.logfiles!
93
 
94
 $(export)
95
 EOF
96
@@ -223,7 +206,7 @@ cleanrules() {
97
 			error "Couldn't read $x"
98
 		fi
99
 	done
100
-	for rulefile in $(run-parts --list "$dir"); do
101
+	for rulefile in $(ls -1R "$dir"); do
102
 	    rulefile="$(basename "$rulefile")"
103
 	    if [ -f "${dir}/${rulefile}" ]; then
104
 		debug "cleanrules: ${dir}/${rulefile}"
105
@@ -538,9 +521,9 @@ fi
106
 
107
 # Hostname either fully qualified or not.
108
 if [ "$FQDN" -eq 1 ]; then
109
-        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
110
+        HOSTNAME="$(hostname -f 2>/dev/null)"
111
 else
112
-        HOSTNAME="$(hostname --short 2>/dev/null)"
113
+        HOSTNAME="$(hostname -s 2>/dev/null)"
114
 fi
115
 
116
 # Now check for the other options
117
@@ -623,30 +606,25 @@ fi
118
 
119
 trap 'cleanup' 0
120
 
121
-debug "Trying to get lockfile: $LOCKFILE.lock"
122
+debug "Trying to get lockfile: $LOCKFILE"
123
 if [ ! -d "$LOCKDIR" ]; then
124
 	mkdir -m 0755 "$LOCKDIR"
125
 fi
126
-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
127
+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
128
 
129
 
130
 if [ $? -eq 1 ]; then
131
     trap 0
132
-    if [ -e "${LOCKFILE}.lock" ]; then
133
+    if [ -e "${LOCKFILE}" ]; then
134
         error "Another logcheck process is still running" "noclean"
135
     else
136
-        error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
137
+        error "Failed to get lockfile: $LOCKFILE" "noclean"
138
     fi
139
-
140
-else
141
-    debug "Running lockfile-touch $LOCKFILE.lock"
142
-    lockfile-touch "$LOCKFILE" &
143
-    LOCK="$!"
144
 fi
145
 
146
 # Create the secure temporary directory or exit
147
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
148
-    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
149
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
150
+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
151
     || error "Could not create temporary directory"
152
 
153
 # Now clean the rulefiles in the directories
(-)files/patch-src_logtail2 (+11 lines)
Line 0 Link Here
1
--- src/logtail2.orig	2017-07-11 09:46:25 UTC
2
+++ src/logtail2
3
@@ -109,7 +109,7 @@ sub determine_rotated_logfile {
4
     # function with dateext magic added.
5
 
6
     #print "determine_rotated_logfile $filename $inode\n";
7
-    for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
8
+    for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) {
9
         my $func = do $codefile;
10
         if (!$func) {
11
 	    print STDERR "cannot compile $codefile: $!";
(-)pkg-plist (-5 / +7 lines)
Lines 1-4 Link Here
1
@mode 640
1
@mode 640
2
%%DATADIR%%/detectrotate/10-savelog.dtr
3
%%DATADIR%%/detectrotate/20-logrotate.dtr
4
%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
2
%%ETCDIR%%/cracking.d/kernel
5
%%ETCDIR%%/cracking.d/kernel
3
%%ETCDIR%%/cracking.d/rlogind
6
%%ETCDIR%%/cracking.d/rlogind
4
%%ETCDIR%%/cracking.d/rsh
7
%%ETCDIR%%/cracking.d/rsh
Lines 131-136 Link Here
131
%%ETCDIR%%/ignore.d.server/sudo
134
%%ETCDIR%%/ignore.d.server/sudo
132
%%ETCDIR%%/ignore.d.server/sympa
135
%%ETCDIR%%/ignore.d.server/sympa
133
%%ETCDIR%%/ignore.d.server/syslogd
136
%%ETCDIR%%/ignore.d.server/syslogd
137
%%ETCDIR%%/ignore.d.server/systemd
138
%%ETCDIR%%/ignore.d.server/systemd-timesyncd
134
%%ETCDIR%%/ignore.d.server/teapop
139
%%ETCDIR%%/ignore.d.server/teapop
135
%%ETCDIR%%/ignore.d.server/telnetd
140
%%ETCDIR%%/ignore.d.server/telnetd
136
%%ETCDIR%%/ignore.d.server/tftpd
141
%%ETCDIR%%/ignore.d.server/tftpd
Lines 179-184 Link Here
179
%%ETCDIR%%/ignore.d.workstation/wpasupplicant
184
%%ETCDIR%%/ignore.d.workstation/wpasupplicant
180
%%ETCDIR%%/ignore.d.workstation/xdm
185
%%ETCDIR%%/ignore.d.workstation/xdm
181
%%ETCDIR%%/ignore.d.workstation/xlockmore
186
%%ETCDIR%%/ignore.d.workstation/xlockmore
187
%%ETCDIR%%/logcheck.conf.sample
188
%%ETCDIR%%/logcheck.logfiles.sample
182
%%ETCDIR%%/violations.d/kernel
189
%%ETCDIR%%/violations.d/kernel
183
%%ETCDIR%%/violations.d/logcheck
190
%%ETCDIR%%/violations.d/logcheck
184
%%ETCDIR%%/violations.d/smartd
191
%%ETCDIR%%/violations.d/smartd
Lines 186-196 Link Here
186
%%ETCDIR%%/violations.d/sudo
193
%%ETCDIR%%/violations.d/sudo
187
%%ETCDIR%%/violations.ignore.d/logcheck-su
194
%%ETCDIR%%/violations.ignore.d/logcheck-su
188
%%ETCDIR%%/violations.ignore.d/logcheck-sudo
195
%%ETCDIR%%/violations.ignore.d/logcheck-sudo
189
%%ETCDIR%%/logcheck.conf.sample
190
%%ETCDIR%%/logcheck.logfiles.sample
191
%%DATADIR%%/detectrotate/10-savelog.dtr
192
%%DATADIR%%/detectrotate/20-logrotate.dtr
193
%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
194
@mode
196
@mode
195
man/man8/logcheck.8.gz
197
man/man8/logcheck.8.gz
196
man/man8/logtail.8.gz
198
man/man8/logtail.8.gz

Return to bug 220609