Attachment #184253 for bug #220609




# $FreeBSD$

PORTNAME=	logcheck
PORTVERSION=	1.3.18
CATEGORIES=	security
MASTER_SITES=	DEBIAN_POOL
DISTNAME=	${PORTNAME}_${PORTVERSION}


LICENSE=	GPLv2

BUILD_DEPENDS=	docbook-to-man>0:textproc/docbook-to-man
RUN_DEPENDS=	mime-construct:mail/mime-construct \
		lockfile:mail/procmail \
		bash:shells/bash

BINMODE=	755
SUB_LIST+=	LOGCHECK_USER=${LOGCHECK_USER} \
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
		DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON}
SUB_FILES=	pkg-install pkg-deinstall pkg-message
PLIST_SUB+=	LOGCHECK_USER=${LOGCHECK_USER} \
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
		DBDIR=${DBDIR} RUNDIR=${RUNDIR}
SHEBANG_FILES=	src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr
CONFIG_DIRS=	cracking.d ignore.d.paranoid ignore.d.server \
		ignore.d.workstation violations.d violations.ignore.d
DOCS=		AUTHORS CHANGES CREDITS LICENSE TODO docs/README*
PORTDOCS=	${DOCS:T}
MAN_FILES=	logcheck.8 logtail.8 logtail2.8
REINPLACE_FILES=	debian/logcheck.cron.d docs/logcheck.sgml \
			etc/logcheck.conf src/logcheck src/logtail2

PATCH_LIST=	extra-patch-debian__logcheck.cron.d \
		extra-patch-docs__logcheck.8 \
		extra-patch-etc__logcheck.conf \
		extra-patch-src__logcheck \
		extra-patch-src__logtail2
EXTRA_PATCHES=	${PATCH_LIST:C|^|${WRKDIR}/|g}

.include <bsd.port.pre.mk>

do-build:
.for file in ${REINPLACE_FILES}
	${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file}
.endfor
	docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8
	${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete

post-patch:
	@${FIND} ${WRKSRC}/rulefiles -type f -name \*.orig -delete

do-build:
	@${REINPLACE_CMD} -e 's!/var/log/syslog!/var/log/messages!' \
		${WRKSRC}/etc/logcheck.logfiles

do-install:
	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
		  ${STAGEDIR}${DBDIR} \

Lines 1-2 Link Here

(-)distinfo (-2 / +3 lines)
1	SHA256 (logcheck_1.3.17.tar.xz) = c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a	1	TIMESTAMP = 1499679623
2	SIZE (logcheck_1.3.17.tar.xz) = 130956	2	SHA256 (logcheck_1.3.18.tar.xz) = 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4
		3	SIZE (logcheck_1.3.18.tar.xz) = 131252




--- ./debian/logcheck.cron.d.orig	2006-08-06 19:10:49.000000000 -0400
+++ ./debian/logcheck.cron.d	2008-09-06 19:11:28.000000000 -0400
@@ -1,9 +1,5 @@
-# /etc/cron.d/logcheck: crontab entries for the logcheck package
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+# crontab entries for the logcheck package
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
 MAILTO=root
-
-@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
-2 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
-
-# EOF
+@reboot    if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
+2 * * * *  if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi




--- docs/logcheck.8.orig	2009-12-15 15:03:22.000000000 -0500
+++ docs/logcheck.8	2009-12-15 15:03:41.000000000 -0500
@@ -0,0 +1,115 @@
+.\" This manpage has been automatically generated by docbook2man 
+.\" from a DocBook document.  This tool can be found at:
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "Logcheck" "8" "15 December 2009" "" ""
+
+.SH NAME
+logcheck \- program to scan system logs for interesting lines
+.SH SYNOPSIS
+
+\fBlogcheck\fR [ \fBOPTIONS\fR ]
+
+.SH "DESCRIPTION"
+.PP
+The \fBlogcheck\fR program helps spot problems and
+security violations in your logfiles automatically and will send the
+results to you periodically in an e-mail. By default logcheck runs as 
+an hourly cronjob just off the hour and after every reboot.
+.PP
+\fBlogcheck\fR supports three level of filtering:
+"paranoid" is for high-security machines running as few services
+as possible. Don't use it if you can't handle its verbose messages.
+"server" is the default and contains rules for many different daemons.
+"workstation" is for sheltered machines and filters most of the messages.
+The ignore rules work in additive manner. "paranoid" rules are also
+included at level "server" and "workstation".
+.PP
+The messages reported are sorted into three layers, system events,
+security events and attack alerts. The verbosity of system events is 
+controlled by which level you choose, paranoid, server or workstation. 
+However, security events and attack alerts are not affected by this.
+.SH "EXAMPLES"
+.PP
+\fBlogcheck\fR can be invoked directly thanks
+to su(8) or sudo(8), which change the user ID. The following example checks the logfiles
+without updating the offset and outputs everything to STDOUT.
+.PP
+sudo -u logcheck \fBlogcheck\fR -o -t
+.SH "OPTIONS"
+.PP
+A summary of options is included below.
+.TP
+\fB-c CFG \fR
+Overrule default configuration file.
+.TP
+\fB-d \fR
+Debug mode.
+.TP
+\fB-h \fR
+Show usage information.
+.TP
+\fB-H \fR
+Use this hostname string in the subject of logcheck mail.
+.TP
+\fB-l LOG \fR
+Run logfile through logcheck.
+.TP
+\fB-L CFG \fR
+Overrule default logfiles list.
+.TP
+\fB-m \fR
+Mail report to recipient.
+.TP
+\fB-o \fR
+STDOUT mode, not sending mail.
+.TP
+\fB-p \fR
+Set the report level to "paranoid".
+.TP
+\fB-r DIR \fR
+Overrule default rules directory.
+.TP
+\fB-R \fR
+Adds "Reboot:" to the email subject line.
+.TP
+\fB-s \fR
+Set the report level to "server".
+.TP
+\fB-S DIR \fR
+Overrule default state directory.
+.TP
+\fB-t \fR
+Testing mode does not update offset.
+.TP
+\fB-T \fR
+Do not remove the TMPDIR.
+.TP
+\fB-u \fR
+Enable syslog-summary.
+.TP
+\fB-v \fR
+Print current version.
+.TP
+\fB-w \fR
+Set the report level to "workstation".
+.SH "FILES"
+.PP
+%%ETCDIR%%/logcheck.conf is the main configuration file.
+.PP
+%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.
+.PP
+%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.
+.SH "EXIT STATUS"
+.PP
+0 upon success; 1 upon failure
+.SH "SEE ALSO"
+.PP
+\fBlogtail\fR(8)
+.SH "AUTHOR"
+.PP
+logcheck is developed by Debian logcheck Team at alioth: 
+http://alioth.debian.org/projects/logcheck/.
+.PP
+This manual page was written by Jon Middleton.




--- etc/logcheck.conf.orig	2010-04-15 01:15:34.000000000 +0900
+++ etc/logcheck.conf	2010-05-12 14:22:13.000000000 +0900
@@ -53,13 +53,7 @@
 # Controls the base directory for rules file location
 # This must be an absolute path
 
-#RULEDIR="/etc/logcheck"
-
-# Controls if syslog-summary is run over each section.
-# Alternatively, set to "1" to enable extra summary.
-# HINT: syslog-summary needs to be installed.
-
-#SYSLOGSUMMARY=0
+#RULEDIR="%%ETCDIR%%"
 
 # Controls Subject: lines on logcheck reports:
 




--- src/logcheck.orig	2010-07-07 15:59:57.000000000 -0400
+++ src/logcheck	2010-07-07 16:19:33.000000000 -0400
@@ -24,17 +24,10 @@
 
 if [ `id -u` = 0 ]; then
     echo "logcheck should not be run as root. Use su to invoke logcheck:"
-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
     # you may want to uncomment that hack to let logcheck invoke itself.
-    # su -s /bin/bash -c "$0 $*" logcheck
-    exit 1
-fi
-
-if [ ! -f /usr/bin/lockfile-create -o \
-     ! -f /usr/bin/lockfile-remove -o \
-     ! -f /usr/bin/lockfile-touch ]; then
-    echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
+    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
     exit 1
 fi
 
@@ -69,12 +62,12 @@
 ADDTAG="no"
 
 # Set the default paths
-RULEDIR="/etc/logcheck"
-CONFFILE="/etc/logcheck/logcheck.conf"
-STATEDIR="/var/lib/logcheck"
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
-LOGFILE_FALLBACK="/var/log/syslog"
-LOGTAIL="/usr/sbin/logtail2"
+RULEDIR="%%ETCDIR%%"
+CONFFILE="%%ETCDIR%%/logcheck.conf"
+STATEDIR="/var/db/logcheck"
+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
+LOGFILE_FALLBACK="/var/log/messages"
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
 CAT="/bin/cat"
 SYSLOG_SUMMARY="/usr/bin/syslog-summary"
 
@@ -89,20 +82,15 @@
 SORTUNIQ=0
 SUPPORT_CRACKING_IGNORE=0
 SYSLOGSUMMARY=0
-LOCKDIR=/run/lock/logcheck
+LOCKDIR=/var/run/logcheck
 LOCKFILE="$LOCKDIR/logcheck"
 
 # Carry out the clean up tasks
 cleanup() {
 
-    if [ -n "$LOCK" ]; then
-        debug "cleanup: Killing lockfile-touch - $LOCK"
-	kill "$LOCK" && unset LOCK
-    fi
-
-    if [ -f "$LOCKFILE.lock" ]; then
-        debug "cleanup: Removing lockfile: $LOCKFILE.lock"
-	lockfile-remove "$LOCKFILE"
+    if [ -f "$LOCKFILE" ]; then
+        debug "cleanup: Removing lockfile: $LOCKFILE"
+	rm -f "$LOCKFILE"
     fi
 
     if [ -d "$TMPDIR" ]; then
@@ -144,14 +132,9 @@
     if [ "$2" = "noclean" ]; then
 	debug "error: Not removing lockfile"
     else
-        if [ -n "$LOCK" ]; then
-	    debug "error: Killing lockfile-touch - $LOCK"
-	    kill "$LOCK" && unset LOCK
-	fi
-
-       if [ -f "$LOCKFILE.lock" ]; then
-           debug "error: Removing lockfile: $LOCKFILE.lock"
-           lockfile-remove "$LOCKFILE"
+       if [ -f "$LOCKFILE" ]; then
+           debug "error: Removing lockfile: $LOCKFILE"
+           rm -f "$LOCKFILE"
        fi
 
     fi
@@ -170,7 +153,7 @@
 ${TMPDIR:+Check temporary directory: $TMPDIR
 }
 Also verify that the logcheck user can read all files referenced in
-/etc/logcheck/logcheck.logfiles!
+%%ETCDIR%%/logcheck.logfiles!
 
 $(export)
 EOF
@@ -215,7 +198,7 @@
 	    mkdir "$cleaned" \
 	        || error "Could not make dir $cleaned for cleaned rulefiles."
 	fi
-	for rulefile in $(run-parts --list "$dir"); do
+	for rulefile in $(ls -1R "$dir"); do
 	    rulefile="$(basename "$rulefile")"
 	    if [ -f "${dir}/${rulefile}" ]; then
 		debug "cleanrules: ${dir}/${rulefile}"
@@ -529,9 +512,9 @@
 
 # Hostname either fully qualified or not.
 if [ "$FQDN" -eq 1 ]; then
-        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
+        HOSTNAME="$(hostname -f 2>/dev/null)"
 else
-        HOSTNAME="$(hostname --short 2>/dev/null)"
+        HOSTNAME="$(hostname -s 2>/dev/null)"
 fi
 
 # Now check for the other options
@@ -610,30 +593,25 @@
 
 trap 'cleanup' 0
 
-debug "Trying to get lockfile: $LOCKFILE.lock"
+debug "Trying to get lockfile: $LOCKFILE"
 if [ ! -d "$LOCKDIR" ]; then
 	mkdir -m 0755 "$LOCKDIR"
 fi
-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
 
 
 if [ $? -eq 1 ]; then
     trap 0
-    if [ -e "${LOCKFILE}.lock" ]; then
+    if [ -e "${LOCKFILE}" ]; then
         error "Another logcheck process is still running" "noclean"
     else
-        error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
+        error "Failed to get lockfile: $LOCKFILE" "noclean"
     fi
-
-else
-    debug "Running lockfile-touch $LOCKFILE.lock"
-    lockfile-touch "$LOCKFILE" &
-    LOCK="$!"
 fi
 
 # Create the secure temporary directory or exit
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
-    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
     || error "Could not create temporary directory"
 
 # Now clean the rulefiles in the directories

Lines 1-11 Link Here

(-)files/extra-patch-src__logtail2.in (-11 lines)
1	--- src/logtail2.orig 2010-01-18 17:24:26.000000000 -0500
2	+++ src/logtail2 2010-01-18 17:24:40.000000000 -0500
3	@@ -108,7 +108,7 @@
4	# function with dateext magic added.
5
6	#print "determine_rotated_logfile $filename $inode\n";
7	- for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
8	+ for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) {
9	my $func = do $codefile;
10	if (!$func) {
11	print STDERR "cannot compile $codefile: $!";




--- debian/logcheck.cron.d.orig	2017-01-25 21:08:04 UTC
+++ debian/logcheck.cron.d
@@ -1,9 +1,5 @@
-# /etc/cron.d/logcheck: crontab entries for the logcheck package
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+# crontab entries for the logcheck package
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/sbin:%%PREFIX%%/bin
 MAILTO=root
-
-@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
-2 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
-
-# EOF
+@reboot    if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
+2 * * * *  if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi




--- docs/logcheck.sgml.orig	2017-01-25 21:08:04 UTC
+++ docs/logcheck.sgml
@@ -244,10 +244,10 @@ manpage.1: manpage.sgml
   <refsect1>
     <title>FILES</title>
 
-    <para>/etc/logcheck/logcheck.conf is the main configuration file.</para>
-    <para>/etc/logcheck/logcheck.logfiles is the list of files to monitor.</para>
-    <para>/etc/logcheck/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
-    <para>/usr/share/doc/logcheck-database/README.logcheck-database.gz for hints on how to write, test and maintain rules.</para>
+    <para>%%ETCDIR%%/logcheck.conf is the main configuration file.</para>
+    <para>%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.</para>
+    <para>%%ETCDIR%%/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
+    <para>%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.</para>
   </refsect1>
   <refsect1>
     <title>EXIT STATUS</title>




--- etc/logcheck.conf.orig	2017-01-25 21:08:04 UTC
+++ etc/logcheck.conf
@@ -9,7 +9,7 @@
 # Controls the presence of boilerplate at the top of each message:
 # Alternatively, set to "0" to disable the introduction.
 #
-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
+# If the files %%ETCDIR%%/header.txt and %%ETCDIR%%/footer.txt
 # are present their contents will be read and used as the header and
 # footer of any generated mails.
 
@@ -44,8 +44,8 @@ FQDN=1
 
 #SORTUNIQ=0
 
-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
-# exceptions to the rules in /etc/logcheck/cracking.d:
+# Controls whether %%ETCDIR%%/cracking.ignore.d is scanned for
+# exceptions to the rules in %%ETCDIR%%/cracking.d:
 # Alternatively, set to "1" to enable cracking.ignore support
 
 #SUPPORT_CRACKING_IGNORE=0
@@ -53,13 +53,7 @@ FQDN=1
 # Controls the base directory for rules file location
 # This must be an absolute path
 
-#RULEDIR="/etc/logcheck"
-
-# Controls if syslog-summary is run over each section.
-# Alternatively, set to "1" to enable extra summary.
-# HINT: syslog-summary needs to be installed.
-
-#SYSLOGSUMMARY=0
+#RULEDIR="%%ETCDIR%%"
 
 # Controls Subject: lines on logcheck reports:
 

Line 0 Link Here

(-)files/patch-etc_logcheck.logfiles (+8 lines)
	1	--- etc/logcheck.logfiles.orig 2017-01-25 21:08:04 UTC
	2	+++ etc/logcheck.logfiles
	3	@@ -1,4 +1,4 @@
	4	# these files will be checked by logcheck
	5	# This has been tuned towards a default syslog install
	6	-/var/log/syslog
	7	/var/log/auth.log
	8	+/var/log/messages

Lines 1-6 Link Here

(-)files/patch-rulefiles__linux__ignore.d.server__ssh (-3 / +3 lines)
1	--- ./rulefiles/linux/ignore.d.server/ssh.orig 2010-09-03 04:24:30.000000000 -0400	1	--- rulefiles/linux/ignore.d.server/ssh.orig 2017-01-25 21:08:04 UTC
2	+++ ./rulefiles/linux/ignore.d.server/ssh 2011-11-23 14:25:31.000000000 -0500	2	+++ rulefiles/linux/ignore.d.server/ssh
3	@@ -21,8 +21,8 @@	3	@@ -27,8 +27,8 @@
4	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ check pass; user unknown$	4	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ check pass; user unknown$
5	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ bad username \[[^]]+\]$	5	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ bad username \[[^]]+\]$
6	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$	6	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$




--- src/logcheck.orig	2017-07-11 09:46:25 UTC
+++ src/logcheck
@@ -24,17 +24,10 @@
 
 if [ `id -u` = 0 ]; then
     echo "logcheck should not be run as root. Use su to invoke logcheck:"
-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
     # you may want to uncomment that hack to let logcheck invoke itself.
-    # su -s /bin/bash -c "$0 $*" logcheck
-    exit 1
-fi
-
-if [ ! -f /usr/bin/lockfile-create -o \
-     ! -f /usr/bin/lockfile-remove -o \
-     ! -f /usr/bin/lockfile-touch ]; then
-    echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
+    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
     exit 1
 fi
 
@@ -69,13 +62,13 @@ EVENTSSUBJECT="System Events"
 ADDTAG="no"
 
 # Set the default paths
-RULEDIR="/etc/logcheck"
-CONFFILE="/etc/logcheck/logcheck.conf"
-STATEDIR="/var/lib/logcheck"
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
-LOGFILES_LIST_D="/etc/logcheck/logcheck.logfiles.d"
-LOGFILE_FALLBACK="/var/log/syslog"
-LOGTAIL="/usr/sbin/logtail2"
+RULEDIR="%%ETCDIR%%"
+CONFFILE="%%ETCDIR%%/logcheck.conf"
+STATEDIR="%%DBDIR%%"
+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
+LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
+LOGFILE_FALLBACK="/var/log/messages"
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
 CAT="/bin/cat"
 SYSLOG_SUMMARY="/usr/bin/syslog-summary"
 
@@ -90,20 +83,15 @@ FQDN=0
 SORTUNIQ=0
 SUPPORT_CRACKING_IGNORE=0
 SYSLOGSUMMARY=0
-LOCKDIR=/run/lock/logcheck
+LOCKDIR=/var/run/logcheck
 LOCKFILE="$LOCKDIR/logcheck"
 
 # Carry out the clean up tasks
 cleanup() {
 
-    if [ -n "$LOCK" ]; then
-        debug "cleanup: Killing lockfile-touch - $LOCK"
-	kill "$LOCK" && unset LOCK
-    fi
-
-    if [ -f "$LOCKFILE.lock" ]; then
-        debug "cleanup: Removing lockfile: $LOCKFILE.lock"
-	lockfile-remove "$LOCKFILE"
+    if [ -f "$LOCKFILE" ]; then
+        debug "cleanup: Removing lockfile: $LOCKFILE"
+	rm -f "$LOCKFILE"
     fi
 
     if [ -d "$TMPDIR" ]; then
@@ -145,14 +133,9 @@ error() {
     if [ "$2" = "noclean" ]; then
 	debug "error: Not removing lockfile"
     else
-        if [ -n "$LOCK" ]; then
-	    debug "error: Killing lockfile-touch - $LOCK"
-	    kill "$LOCK" && unset LOCK
-	fi
-
-       if [ -f "$LOCKFILE.lock" ]; then
-           debug "error: Removing lockfile: $LOCKFILE.lock"
-           lockfile-remove "$LOCKFILE"
+       if [ -f "$LOCKFILE" ]; then
+           debug "error: Removing lockfile: $LOCKFILE"
+           rm -f "$LOCKFILE"
        fi
 
     fi
@@ -171,7 +154,7 @@ $message
 ${TMPDIR:+Check temporary directory: $TMPDIR
 }
 Also verify that the logcheck user can read all files referenced in
-/etc/logcheck/logcheck.logfiles!
+%%ETCDIR%%/logcheck.logfiles!
 
 $(export)
 EOF
@@ -223,7 +206,7 @@ cleanrules() {
 			error "Couldn't read $x"
 		fi
 	done
-	for rulefile in $(run-parts --list "$dir"); do
+	for rulefile in $(ls -1R "$dir"); do
 	    rulefile="$(basename "$rulefile")"
 	    if [ -f "${dir}/${rulefile}" ]; then
 		debug "cleanrules: ${dir}/${rulefile}"
@@ -538,9 +521,9 @@ fi
 
 # Hostname either fully qualified or not.
 if [ "$FQDN" -eq 1 ]; then
-        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
+        HOSTNAME="$(hostname -f 2>/dev/null)"
 else
-        HOSTNAME="$(hostname --short 2>/dev/null)"
+        HOSTNAME="$(hostname -s 2>/dev/null)"
 fi
 
 # Now check for the other options
@@ -623,30 +606,25 @@ fi
 
 trap 'cleanup' 0
 
-debug "Trying to get lockfile: $LOCKFILE.lock"
+debug "Trying to get lockfile: $LOCKFILE"
 if [ ! -d "$LOCKDIR" ]; then
 	mkdir -m 0755 "$LOCKDIR"
 fi
-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
 
 
 if [ $? -eq 1 ]; then
     trap 0
-    if [ -e "${LOCKFILE}.lock" ]; then
+    if [ -e "${LOCKFILE}" ]; then
         error "Another logcheck process is still running" "noclean"
     else
-        error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
+        error "Failed to get lockfile: $LOCKFILE" "noclean"
     fi
-
-else
-    debug "Running lockfile-touch $LOCKFILE.lock"
-    lockfile-touch "$LOCKFILE" &
-    LOCK="$!"
 fi
 
 # Create the secure temporary directory or exit
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
-    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
     || error "Could not create temporary directory"
 
 # Now clean the rulefiles in the directories

Line 0 Link Here

(-)files/patch-src_logtail2 (+11 lines)
	1	--- src/logtail2.orig 2017-07-11 09:46:25 UTC
	2	+++ src/logtail2
	3	@@ -109,7 +109,7 @@ sub determine_rotated_logfile {
	4	# function with dateext magic added.
	5
	6	#print "determine_rotated_logfile $filename $inode\n";
	7	- for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
	8	+ for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) {
	9	my $func = do $codefile;
	10	if (!$func) {
	11	print STDERR "cannot compile $codefile: $!";

Lines 1-4 Link Here

(-)pkg-plist (-5 / +7 lines)
1	@mode 640	1	@mode 640
		2	%%DATADIR%%/detectrotate/10-savelog.dtr
		3	%%DATADIR%%/detectrotate/20-logrotate.dtr
		4	%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
2	%%ETCDIR%%/cracking.d/kernel	5	%%ETCDIR%%/cracking.d/kernel
3	%%ETCDIR%%/cracking.d/rlogind	6	%%ETCDIR%%/cracking.d/rlogind
4	%%ETCDIR%%/cracking.d/rsh	7	%%ETCDIR%%/cracking.d/rsh
Lines 131-136 Link Here
131	%%ETCDIR%%/ignore.d.server/sudo	134	%%ETCDIR%%/ignore.d.server/sudo
132	%%ETCDIR%%/ignore.d.server/sympa	135	%%ETCDIR%%/ignore.d.server/sympa
133	%%ETCDIR%%/ignore.d.server/syslogd	136	%%ETCDIR%%/ignore.d.server/syslogd
		137	%%ETCDIR%%/ignore.d.server/systemd
		138	%%ETCDIR%%/ignore.d.server/systemd-timesyncd
134	%%ETCDIR%%/ignore.d.server/teapop	139	%%ETCDIR%%/ignore.d.server/teapop
135	%%ETCDIR%%/ignore.d.server/telnetd	140	%%ETCDIR%%/ignore.d.server/telnetd
136	%%ETCDIR%%/ignore.d.server/tftpd	141	%%ETCDIR%%/ignore.d.server/tftpd
Lines 179-184 Link Here
179	%%ETCDIR%%/ignore.d.workstation/wpasupplicant	184	%%ETCDIR%%/ignore.d.workstation/wpasupplicant
180	%%ETCDIR%%/ignore.d.workstation/xdm	185	%%ETCDIR%%/ignore.d.workstation/xdm
181	%%ETCDIR%%/ignore.d.workstation/xlockmore	186	%%ETCDIR%%/ignore.d.workstation/xlockmore
		187	%%ETCDIR%%/logcheck.conf.sample
		188	%%ETCDIR%%/logcheck.logfiles.sample
182	%%ETCDIR%%/violations.d/kernel	189	%%ETCDIR%%/violations.d/kernel
183	%%ETCDIR%%/violations.d/logcheck	190	%%ETCDIR%%/violations.d/logcheck
184	%%ETCDIR%%/violations.d/smartd	191	%%ETCDIR%%/violations.d/smartd
Lines 186-196 Link Here
186	%%ETCDIR%%/violations.d/sudo	193	%%ETCDIR%%/violations.d/sudo
187	%%ETCDIR%%/violations.ignore.d/logcheck-su	194	%%ETCDIR%%/violations.ignore.d/logcheck-su
188	%%ETCDIR%%/violations.ignore.d/logcheck-sudo	195	%%ETCDIR%%/violations.ignore.d/logcheck-sudo
189	%%ETCDIR%%/logcheck.conf.sample
190	%%ETCDIR%%/logcheck.logfiles.sample
191	%%DATADIR%%/detectrotate/10-savelog.dtr
192	%%DATADIR%%/detectrotate/20-logrotate.dtr
193	%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
194	@mode	196	@mode
195	man/man8/logcheck.8.gz	197	man/man8/logcheck.8.gz
196	man/man8/logtail.8.gz	198	man/man8/logtail.8.gz

Return to bug 220609

Lines 2-8 Link Here

(-)Makefile (-20 / +11 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= logcheck	4	PORTNAME= logcheck
5	PORTVERSION= 1.3.17	5	PORTVERSION= 1.3.18
6	CATEGORIES= security	6	CATEGORIES= security
7	MASTER_SITES= DEBIAN_POOL	7	MASTER_SITES= DEBIAN_POOL
8	DISTNAME= ${PORTNAME}_${PORTVERSION}	8	DISTNAME= ${PORTNAME}_${PORTVERSION}
Lines 12-17 Link Here
12		12
13	LICENSE= GPLv2	13	LICENSE= GPLv2
14		14
		15	BUILD_DEPENDS= docbook-to-man>0:textproc/docbook-to-man
15	RUN_DEPENDS= mime-construct:mail/mime-construct \	16	RUN_DEPENDS= mime-construct:mail/mime-construct \
16	lockfile:mail/procmail \	17	lockfile:mail/procmail \
17	bash:shells/bash	18	bash:shells/bash
Lines 38-76 Link Here
38	BINMODE= 755	39	BINMODE= 755
39	SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \	40	SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \
40	LOGCHECK_GROUP=${LOGCHECK_GROUP} \	41	LOGCHECK_GROUP=${LOGCHECK_GROUP} \
41	CRON=${PORT_OPTIONS:MCRON}	42	DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON}
42	SUB_FILES= pkg-install pkg-deinstall pkg-message	43	SUB_FILES= pkg-install pkg-deinstall pkg-message
43	PLIST_SUB+= LOGCHECK_USER=${LOGCHECK_USER} \	44	PLIST_SUB+= LOGCHECK_USER=${LOGCHECK_USER} \
44	LOGCHECK_GROUP=${LOGCHECK_GROUP} \	45	LOGCHECK_GROUP=${LOGCHECK_GROUP} \
45	DBDIR=${DBDIR} RUNDIR=${RUNDIR}	46	DBDIR=${DBDIR} RUNDIR=${RUNDIR}
46	SHEBANG_FILES= src/logcheck src/logtail src/logtail2	47	SHEBANG_FILES= src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr
47	CONFIG_DIRS= cracking.d ignore.d.paranoid ignore.d.server \	48	CONFIG_DIRS= cracking.d ignore.d.paranoid ignore.d.server \
48	ignore.d.workstation violations.d violations.ignore.d	49	ignore.d.workstation violations.d violations.ignore.d
49	DOCS= AUTHORS CHANGES CREDITS LICENSE TODO docs/README*	50	DOCS= AUTHORS CHANGES CREDITS LICENSE TODO docs/README*
50	PORTDOCS= ${DOCS:T}	51	PORTDOCS= ${DOCS:T}
51	MAN_FILES= logcheck.8 logtail.8 logtail2.8	52	MAN_FILES= logcheck.8 logtail.8 logtail2.8
		53	REINPLACE_FILES= debian/logcheck.cron.d docs/logcheck.sgml \
		54	etc/logcheck.conf src/logcheck src/logtail2
52		55
53	PATCH_LIST= extra-patch-debian__logcheck.cron.d \
54	extra-patch-docs__logcheck.8 \
55	extra-patch-etc__logcheck.conf \
56	extra-patch-src__logcheck \
57	extra-patch-src__logtail2
58	EXTRA_PATCHES= ${PATCH_LIST:C\|^\|${WRKDIR}/\|g}
59
60	.include <bsd.port.pre.mk>	56	.include <bsd.port.pre.mk>
61		57
62	pre-patch:	58	do-build:
63	.for patch in ${PATCH_LIST}	59	.for file in ${REINPLACE_FILES}
64	@${SED} ${_SUB_LIST_TEMP} ${FILESDIR}/${patch}.in > ${WRKDIR}/${patch}	60	${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file}
65	.endfor	61	.endfor
		62	docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8
		63	${FIND} ${WRKSRC} -type f \( -name \.orig -o -name \.bak \) -delete
66		64
67	post-patch:
68	@${FIND} ${WRKSRC}/rulefiles -type f -name \*.orig -delete
69
70	do-build:
71	@${REINPLACE_CMD} -e 's!/var/log/syslog!/var/log/messages!' \
72	${WRKSRC}/etc/logcheck.logfiles
73
74	do-install:	65	do-install:
75	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \	66	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
76	${STAGEDIR}${DBDIR} \	67	${STAGEDIR}${DBDIR} \

Lines 1-16 Link Here

(-)files/extra-patch-debian__logcheck.cron.d.in (-16 lines)
1	--- ./debian/logcheck.cron.d.orig 2006-08-06 19:10:49.000000000 -0400
2	+++ ./debian/logcheck.cron.d 2008-09-06 19:11:28.000000000 -0400
3	@@ -1,9 +1,5 @@
4	-# /etc/cron.d/logcheck: crontab entries for the logcheck package
5	-
6	-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
7	+# crontab entries for the logcheck package
8	+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
9	MAILTO=root
10	-
11	-@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
12	-2 * * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
13	-
14	-# EOF
15	+@reboot if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
16	+2 * * * * if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi

Lines 1-118 Link Here

(-)files/extra-patch-docs__logcheck.8.in (-118 lines)
1	--- docs/logcheck.8.orig 2009-12-15 15:03:22.000000000 -0500
2	+++ docs/logcheck.8 2009-12-15 15:03:41.000000000 -0500
3	@@ -0,0 +1,115 @@
4	+.\" This manpage has been automatically generated by docbook2man
5	+.\" from a DocBook document. This tool can be found at:
6	+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
7	+.\" Please send any bug reports, improvements, comments, patches,
8	+.\" etc. to Steve Cheng <steve@ggi-project.org>.
9	+.TH "Logcheck" "8" "15 December 2009" "" ""
10	+
11	+.SH NAME
12	+logcheck \- program to scan system logs for interesting lines
13	+.SH SYNOPSIS
14	+
15	+\fBlogcheck\fR [ \fBOPTIONS\fR ]
16	+
17	+.SH "DESCRIPTION"
18	+.PP
19	+The \fBlogcheck\fR program helps spot problems and
20	+security violations in your logfiles automatically and will send the
21	+results to you periodically in an e-mail. By default logcheck runs as
22	+an hourly cronjob just off the hour and after every reboot.
23	+.PP
24	+\fBlogcheck\fR supports three level of filtering:
25	+"paranoid" is for high-security machines running as few services
26	+as possible. Don't use it if you can't handle its verbose messages.
27	+"server" is the default and contains rules for many different daemons.
28	+"workstation" is for sheltered machines and filters most of the messages.
29	+The ignore rules work in additive manner. "paranoid" rules are also
30	+included at level "server" and "workstation".
31	+.PP
32	+The messages reported are sorted into three layers, system events,
33	+security events and attack alerts. The verbosity of system events is
34	+controlled by which level you choose, paranoid, server or workstation.
35	+However, security events and attack alerts are not affected by this.
36	+.SH "EXAMPLES"
37	+.PP
38	+\fBlogcheck\fR can be invoked directly thanks
39	+to su(8) or sudo(8), which change the user ID. The following example checks the logfiles
40	+without updating the offset and outputs everything to STDOUT.
41	+.PP
42	+sudo -u logcheck \fBlogcheck\fR -o -t
43	+.SH "OPTIONS"
44	+.PP
45	+A summary of options is included below.
46	+.TP
47	+\fB-c CFG \fR
48	+Overrule default configuration file.
49	+.TP
50	+\fB-d \fR
51	+Debug mode.
52	+.TP
53	+\fB-h \fR
54	+Show usage information.
55	+.TP
56	+\fB-H \fR
57	+Use this hostname string in the subject of logcheck mail.
58	+.TP
59	+\fB-l LOG \fR
60	+Run logfile through logcheck.
61	+.TP
62	+\fB-L CFG \fR
63	+Overrule default logfiles list.
64	+.TP
65	+\fB-m \fR
66	+Mail report to recipient.
67	+.TP
68	+\fB-o \fR
69	+STDOUT mode, not sending mail.
70	+.TP
71	+\fB-p \fR
72	+Set the report level to "paranoid".
73	+.TP
74	+\fB-r DIR \fR
75	+Overrule default rules directory.
76	+.TP
77	+\fB-R \fR
78	+Adds "Reboot:" to the email subject line.
79	+.TP
80	+\fB-s \fR
81	+Set the report level to "server".
82	+.TP
83	+\fB-S DIR \fR
84	+Overrule default state directory.
85	+.TP
86	+\fB-t \fR
87	+Testing mode does not update offset.
88	+.TP
89	+\fB-T \fR
90	+Do not remove the TMPDIR.
91	+.TP
92	+\fB-u \fR
93	+Enable syslog-summary.
94	+.TP
95	+\fB-v \fR
96	+Print current version.
97	+.TP
98	+\fB-w \fR
99	+Set the report level to "workstation".
100	+.SH "FILES"
101	+.PP
102	+%%ETCDIR%%/logcheck.conf is the main configuration file.
103	+.PP
104	+%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.
105	+.PP
106	+%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.
107	+.SH "EXIT STATUS"
108	+.PP
109	+0 upon success; 1 upon failure
110	+.SH "SEE ALSO"
111	+.PP
112	+\fBlogtail\fR(8)
113	+.SH "AUTHOR"
114	+.PP
115	+logcheck is developed by Debian logcheck Team at alioth:
116	+http://alioth.debian.org/projects/logcheck/.
117	+.PP
118	+This manual page was written by Jon Middleton.

Lines 1-17 Link Here

(-)files/extra-patch-etc__logcheck.conf.in (-17 lines)
1	--- etc/logcheck.conf.orig 2010-04-15 01:15:34.000000000 +0900
2	+++ etc/logcheck.conf 2010-05-12 14:22:13.000000000 +0900
3	@@ -53,13 +53,7 @@
4	# Controls the base directory for rules file location
5	# This must be an absolute path
6
7	-#RULEDIR="/etc/logcheck"
8	-
9	-# Controls if syslog-summary is run over each section.
10	-# Alternatively, set to "1" to enable extra summary.
11	-# HINT: syslog-summary needs to be installed.
12	-
13	-#SYSLOGSUMMARY=0
14	+#RULEDIR="%%ETCDIR%%"
15
16	# Controls Subject: lines on logcheck reports:
17

Lines 1-151 Link Here

(-)files/extra-patch-src__logcheck.in (-151 lines)
1	--- src/logcheck.orig 2010-07-07 15:59:57.000000000 -0400
2	+++ src/logcheck 2010-07-07 16:19:33.000000000 -0400
3	@@ -24,17 +24,10 @@
4
5	if [ `id -u` = 0 ]; then
6	echo "logcheck should not be run as root. Use su to invoke logcheck:"
7	- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
8	+ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
9	echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
10	# you may want to uncomment that hack to let logcheck invoke itself.
11	- # su -s /bin/bash -c "$0 $*" logcheck
12	- exit 1
13	-fi
14	-
15	-if [ ! -f /usr/bin/lockfile-create -o \
16	- ! -f /usr/bin/lockfile-remove -o \
17	- ! -f /usr/bin/lockfile-touch ]; then
18	- echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
19	+ # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
20	exit 1
21	fi
22
23	@@ -69,12 +62,12 @@
24	ADDTAG="no"
25
26	# Set the default paths
27	-RULEDIR="/etc/logcheck"
28	-CONFFILE="/etc/logcheck/logcheck.conf"
29	-STATEDIR="/var/lib/logcheck"
30	-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
31	-LOGFILE_FALLBACK="/var/log/syslog"
32	-LOGTAIL="/usr/sbin/logtail2"
33	+RULEDIR="%%ETCDIR%%"
34	+CONFFILE="%%ETCDIR%%/logcheck.conf"
35	+STATEDIR="/var/db/logcheck"
36	+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
37	+LOGFILE_FALLBACK="/var/log/messages"
38	+LOGTAIL="%%PREFIX%%/sbin/logtail2"
39	CAT="/bin/cat"
40	SYSLOG_SUMMARY="/usr/bin/syslog-summary"
41
42	@@ -89,20 +82,15 @@
43	SORTUNIQ=0
44	SUPPORT_CRACKING_IGNORE=0
45	SYSLOGSUMMARY=0
46	-LOCKDIR=/run/lock/logcheck
47	+LOCKDIR=/var/run/logcheck
48	LOCKFILE="$LOCKDIR/logcheck"
49
50	# Carry out the clean up tasks
51	cleanup() {
52
53	- if [ -n "$LOCK" ]; then
54	- debug "cleanup: Killing lockfile-touch - $LOCK"
55	- kill "$LOCK" && unset LOCK
56	- fi
57	-
58	- if [ -f "$LOCKFILE.lock" ]; then
59	- debug "cleanup: Removing lockfile: $LOCKFILE.lock"
60	- lockfile-remove "$LOCKFILE"
61	+ if [ -f "$LOCKFILE" ]; then
62	+ debug "cleanup: Removing lockfile: $LOCKFILE"
63	+ rm -f "$LOCKFILE"
64	fi
65
66	if [ -d "$TMPDIR" ]; then
67	@@ -144,14 +132,9 @@
68	if [ "$2" = "noclean" ]; then
69	debug "error: Not removing lockfile"
70	else
71	- if [ -n "$LOCK" ]; then
72	- debug "error: Killing lockfile-touch - $LOCK"
73	- kill "$LOCK" && unset LOCK
74	- fi
75	-
76	- if [ -f "$LOCKFILE.lock" ]; then
77	- debug "error: Removing lockfile: $LOCKFILE.lock"
78	- lockfile-remove "$LOCKFILE"
79	+ if [ -f "$LOCKFILE" ]; then
80	+ debug "error: Removing lockfile: $LOCKFILE"
81	+ rm -f "$LOCKFILE"
82	fi
83
84	fi
85	@@ -170,7 +153,7 @@
86	${TMPDIR:+Check temporary directory: $TMPDIR
87	}
88	Also verify that the logcheck user can read all files referenced in
89	-/etc/logcheck/logcheck.logfiles!
90	+%%ETCDIR%%/logcheck.logfiles!
91
92	$(export)
93	EOF
94	@@ -215,7 +198,7 @@
95	mkdir "$cleaned" \
96	\|\| error "Could not make dir $cleaned for cleaned rulefiles."
97	fi
98	- for rulefile in $(run-parts --list "$dir"); do
99	+ for rulefile in $(ls -1R "$dir"); do
100	rulefile="$(basename "$rulefile")"
101	if [ -f "${dir}/${rulefile}" ]; then
102	debug "cleanrules: ${dir}/${rulefile}"
103	@@ -529,9 +512,9 @@
104
105	# Hostname either fully qualified or not.
106	if [ "$FQDN" -eq 1 ]; then
107	- HOSTNAME="$(hostname --fqdn 2>/dev/null)"
108	+ HOSTNAME="$(hostname -f 2>/dev/null)"
109	else
110	- HOSTNAME="$(hostname --short 2>/dev/null)"
111	+ HOSTNAME="$(hostname -s 2>/dev/null)"
112	fi
113
114	# Now check for the other options
115	@@ -610,30 +593,25 @@
116
117	trap 'cleanup' 0
118
119	-debug "Trying to get lockfile: $LOCKFILE.lock"
120	+debug "Trying to get lockfile: $LOCKFILE"
121	if [ ! -d "$LOCKDIR" ]; then
122	mkdir -m 0755 "$LOCKDIR"
123	fi
124	-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
125	+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
126
127
128	if [ $? -eq 1 ]; then
129	trap 0
130	- if [ -e "${LOCKFILE}.lock" ]; then
131	+ if [ -e "${LOCKFILE}" ]; then
132	error "Another logcheck process is still running" "noclean"
133	else
134	- error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
135	+ error "Failed to get lockfile: $LOCKFILE" "noclean"
136	fi
137	-
138	-else
139	- debug "Running lockfile-touch $LOCKFILE.lock"
140	- lockfile-touch "$LOCKFILE" &
141	- LOCK="$!"
142	fi
143
144	# Create the secure temporary directory or exit
145	-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
146	- \|\| TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
147	+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
148	+ \|\| TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
149	\|\| error "Could not create temporary directory"
150
151	# Now clean the rulefiles in the directories

Line 0 Link Here

(-)files/patch-debian_logcheck.cron.d (+16 lines)
	1	--- debian/logcheck.cron.d.orig 2017-01-25 21:08:04 UTC
	2	+++ debian/logcheck.cron.d
	3	@@ -1,9 +1,5 @@
	4	-# /etc/cron.d/logcheck: crontab entries for the logcheck package
	5	-
	6	-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	7	+# crontab entries for the logcheck package
	8	+PATH=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/sbin:%%PREFIX%%/bin
	9	MAILTO=root
	10	-
	11	-@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
	12	-2 * * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
	13	-
	14	-# EOF
	15	+@reboot if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
	16	+2 * * * * if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi

Line 0 Link Here

(-)files/patch-docs_logcheck.sgml (+17 lines)
	1	--- docs/logcheck.sgml.orig 2017-01-25 21:08:04 UTC
	2	+++ docs/logcheck.sgml
	3	@@ -244,10 +244,10 @@ manpage.1: manpage.sgml
	4	<refsect1>
	5	<title>FILES</title>
	6
	7	- <para>/etc/logcheck/logcheck.conf is the main configuration file.</para>
	8	- <para>/etc/logcheck/logcheck.logfiles is the list of files to monitor.</para>
	9	- <para>/etc/logcheck/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
	10	- <para>/usr/share/doc/logcheck-database/README.logcheck-database.gz for hints on how to write, test and maintain rules.</para>
	11	+ <para>%%ETCDIR%%/logcheck.conf is the main configuration file.</para>
	12	+ <para>%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.</para>
	13	+ <para>%%ETCDIR%%/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
	14	+ <para>%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.</para>
	15	</refsect1>
	16	<refsect1>
	17	<title>EXIT STATUS</title>

Line 0 Link Here

(-)files/patch-etc_logcheck.conf (+37 lines)
	1	--- etc/logcheck.conf.orig 2017-01-25 21:08:04 UTC
	2	+++ etc/logcheck.conf
	3	@@ -9,7 +9,7 @@
	4	# Controls the presence of boilerplate at the top of each message:
	5	# Alternatively, set to "0" to disable the introduction.
	6	#
	7	-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
	8	+# If the files %%ETCDIR%%/header.txt and %%ETCDIR%%/footer.txt
	9	# are present their contents will be read and used as the header and
	10	# footer of any generated mails.
	11
	12	@@ -44,8 +44,8 @@ FQDN=1
	13
	14	#SORTUNIQ=0
	15
	16	-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
	17	-# exceptions to the rules in /etc/logcheck/cracking.d:
	18	+# Controls whether %%ETCDIR%%/cracking.ignore.d is scanned for
	19	+# exceptions to the rules in %%ETCDIR%%/cracking.d:
	20	# Alternatively, set to "1" to enable cracking.ignore support
	21
	22	#SUPPORT_CRACKING_IGNORE=0
	23	@@ -53,13 +53,7 @@ FQDN=1
	24	# Controls the base directory for rules file location
	25	# This must be an absolute path
	26
	27	-#RULEDIR="/etc/logcheck"
	28	-
	29	-# Controls if syslog-summary is run over each section.
	30	-# Alternatively, set to "1" to enable extra summary.
	31	-# HINT: syslog-summary needs to be installed.
	32	-
	33	-#SYSLOGSUMMARY=0
	34	+#RULEDIR="%%ETCDIR%%"
	35
	36	# Controls Subject: lines on logcheck reports:
	37

Line 0 Link Here

(-)files/patch-src_logcheck (+153 lines)
		1	--- src/logcheck.orig 2017-07-11 09:46:25 UTC
		2	+++ src/logcheck
		3	@@ -24,17 +24,10 @@
		4
		5	if [ `id -u` = 0 ]; then
		6	echo "logcheck should not be run as root. Use su to invoke logcheck:"
		7	- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
		8	+ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
		9	echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
		10	# you may want to uncomment that hack to let logcheck invoke itself.
		11	- # su -s /bin/bash -c "$0 $*" logcheck
		12	- exit 1
		13	-fi
		14	-
		15	-if [ ! -f /usr/bin/lockfile-create -o \
		16	- ! -f /usr/bin/lockfile-remove -o \
		17	- ! -f /usr/bin/lockfile-touch ]; then
		18	- echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
		19	+ # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
		20	exit 1
		21	fi
		22
		23	@@ -69,13 +62,13 @@ EVENTSSUBJECT="System Events"
		24	ADDTAG="no"
		25
		26	# Set the default paths
		27	-RULEDIR="/etc/logcheck"
		28	-CONFFILE="/etc/logcheck/logcheck.conf"
		29	-STATEDIR="/var/lib/logcheck"
		30	-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
		31	-LOGFILES_LIST_D="/etc/logcheck/logcheck.logfiles.d"
		32	-LOGFILE_FALLBACK="/var/log/syslog"
		33	-LOGTAIL="/usr/sbin/logtail2"
		34	+RULEDIR="%%ETCDIR%%"
		35	+CONFFILE="%%ETCDIR%%/logcheck.conf"
		36	+STATEDIR="%%DBDIR%%"
		37	+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
		38	+LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
		39	+LOGFILE_FALLBACK="/var/log/messages"
		40	+LOGTAIL="%%PREFIX%%/sbin/logtail2"
		41	CAT="/bin/cat"
		42	SYSLOG_SUMMARY="/usr/bin/syslog-summary"
		43
		44	@@ -90,20 +83,15 @@ FQDN=0
		45	SORTUNIQ=0
		46	SUPPORT_CRACKING_IGNORE=0
		47	SYSLOGSUMMARY=0
		48	-LOCKDIR=/run/lock/logcheck
		49	+LOCKDIR=/var/run/logcheck
		50	LOCKFILE="$LOCKDIR/logcheck"
		51
		52	# Carry out the clean up tasks
		53	cleanup() {
		54
		55	- if [ -n "$LOCK" ]; then
		56	- debug "cleanup: Killing lockfile-touch - $LOCK"
		57	- kill "$LOCK" && unset LOCK
		58	- fi
		59	-
		60	- if [ -f "$LOCKFILE.lock" ]; then
		61	- debug "cleanup: Removing lockfile: $LOCKFILE.lock"
		62	- lockfile-remove "$LOCKFILE"
		63	+ if [ -f "$LOCKFILE" ]; then
		64	+ debug "cleanup: Removing lockfile: $LOCKFILE"
65	+ rm -f "$LOCKFILE"
66	fi
67
68	if [ -d "$TMPDIR" ]; then
69	@@ -145,14 +133,9 @@ error() {
70	if [ "$2" = "noclean" ]; then
71	debug "error: Not removing lockfile"
72	else
73	- if [ -n "$LOCK" ]; then
74	- debug "error: Killing lockfile-touch - $LOCK"
75	- kill "$LOCK" && unset LOCK
76	- fi
77	-
78	- if [ -f "$LOCKFILE.lock" ]; then
79	- debug "error: Removing lockfile: $LOCKFILE.lock"
80	- lockfile-remove "$LOCKFILE"
81	+ if [ -f "$LOCKFILE" ]; then
82	+ debug "error: Removing lockfile: $LOCKFILE"
83	+ rm -f "$LOCKFILE"
84	fi
85
86	fi
87	@@ -171,7 +154,7 @@ $message
88	${TMPDIR:+Check temporary directory: $TMPDIR
89	}
90	Also verify that the logcheck user can read all files referenced in
91	-/etc/logcheck/logcheck.logfiles!
92	+%%ETCDIR%%/logcheck.logfiles!
93
94	$(export)
95	EOF
96	@@ -223,7 +206,7 @@ cleanrules() {
97	error "Couldn't read $x"
98	fi
99	done
100	- for rulefile in $(run-parts --list "$dir"); do
101	+ for rulefile in $(ls -1R "$dir"); do
102	rulefile="$(basename "$rulefile")"
103	if [ -f "${dir}/${rulefile}" ]; then
104	debug "cleanrules: ${dir}/${rulefile}"
105	@@ -538,9 +521,9 @@ fi
106
107	# Hostname either fully qualified or not.
108	if [ "$FQDN" -eq 1 ]; then
109	- HOSTNAME="$(hostname --fqdn 2>/dev/null)"
110	+ HOSTNAME="$(hostname -f 2>/dev/null)"
111	else
112	- HOSTNAME="$(hostname --short 2>/dev/null)"
113	+ HOSTNAME="$(hostname -s 2>/dev/null)"
114	fi
115
116	# Now check for the other options
117	@@ -623,30 +606,25 @@ fi
118
119	trap 'cleanup' 0
120
121	-debug "Trying to get lockfile: $LOCKFILE.lock"
122	+debug "Trying to get lockfile: $LOCKFILE"
123	if [ ! -d "$LOCKDIR" ]; then
124	mkdir -m 0755 "$LOCKDIR"
125	fi
126	-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
127	+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
128
129
130	if [ $? -eq 1 ]; then
131	trap 0
132	- if [ -e "${LOCKFILE}.lock" ]; then
133	+ if [ -e "${LOCKFILE}" ]; then
134	error "Another logcheck process is still running" "noclean"
135	else
136	- error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
137	+ error "Failed to get lockfile: $LOCKFILE" "noclean"
138	fi
139	-
140	-else
141	- debug "Running lockfile-touch $LOCKFILE.lock"
142	- lockfile-touch "$LOCKFILE" &
143	- LOCK="$!"
144	fi
145
146	# Create the secure temporary directory or exit
147	-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
148	- \|\| TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
149	+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
150	+ \|\| TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
151	\|\| error "Could not create temporary directory"
152
153	# Now clean the rulefiles in the directories