View | Details | Raw Unified | Return to bug 220609 | Differences between
and this patch

Collapse All | Expand All

(-)Makefile (-23 / +22 lines)
Lines 2-8 Link Here
2
# $FreeBSD$
2
# $FreeBSD$
3
3
4
PORTNAME=	logcheck
4
PORTNAME=	logcheck
5
PORTVERSION=	1.3.17
5
PORTVERSION=	1.3.18
6
CATEGORIES=	security
6
CATEGORIES=	security
7
MASTER_SITES=	DEBIAN_POOL
7
MASTER_SITES=	DEBIAN_POOL
8
DISTNAME=	${PORTNAME}_${PORTVERSION}
8
DISTNAME=	${PORTNAME}_${PORTVERSION}
Lines 11-17 Link Here
11
COMMENT=	Auditing tool for system logs on Unix boxes
11
COMMENT=	Auditing tool for system logs on Unix boxes
12
12
13
LICENSE=	GPLv2
13
LICENSE=	GPLv2
14
LICENSE_FILE=	${WRKSRC}/LICENSE
14
15
16
BUILD_DEPENDS=	docbook-to-man>0:textproc/docbook-to-man
15
RUN_DEPENDS=	mime-construct:mail/mime-construct \
17
RUN_DEPENDS=	mime-construct:mail/mime-construct \
16
		lockfile:mail/procmail \
18
		lockfile:mail/procmail \
17
		bash:shells/bash
19
		bash:shells/bash
Lines 38-76 Link Here
38
BINMODE=	755
40
BINMODE=	755
39
SUB_LIST+=	LOGCHECK_USER=${LOGCHECK_USER} \
41
SUB_LIST+=	LOGCHECK_USER=${LOGCHECK_USER} \
40
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
42
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
41
		CRON=${PORT_OPTIONS:MCRON}
43
		DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON}
42
SUB_FILES=	pkg-install pkg-deinstall pkg-message
44
SUB_FILES=	pkg-install pkg-deinstall pkg-message
43
PLIST_SUB+=	LOGCHECK_USER=${LOGCHECK_USER} \
45
PLIST_SUB+=	LOGCHECK_USER=${LOGCHECK_USER} \
44
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
46
		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
45
		DBDIR=${DBDIR} RUNDIR=${RUNDIR}
47
		DBDIR=${DBDIR} RUNDIR=${RUNDIR}
46
SHEBANG_FILES=	src/logcheck src/logtail src/logtail2
48
SHEBANG_FILES=	src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr
47
CONFIG_DIRS=	cracking.d ignore.d.paranoid ignore.d.server \
49
CONFIG_DIRS=	cracking.d ignore.d.paranoid ignore.d.server \
48
		ignore.d.workstation violations.d violations.ignore.d
50
		ignore.d.workstation violations.d violations.ignore.d
49
DOCS=		AUTHORS CHANGES CREDITS LICENSE TODO docs/README*
51
DOCS=		AUTHORS CHANGES CREDITS TODO docs/README*
50
PORTDOCS=	${DOCS:T}
52
PORTDOCS=	${DOCS:T}
51
MAN_FILES=	logcheck.8 logtail.8 logtail2.8
53
MAN1_FILES=	logcheck-test.1
54
MAN8_FILES=	logcheck.8 logtail.8 logtail2.8
55
REINPLACE_FILES=	debian/logcheck.cron.d docs/logcheck.sgml \
56
			docs/logtail2.8 docs/README.logcheck \
57
			docs/README.logcheck-database docs/README.logtail \
58
			etc/logcheck.conf src/logcheck src/logtail2
52
59
53
PATCH_LIST=	extra-patch-debian__logcheck.cron.d \
54
		extra-patch-docs__logcheck.8 \
55
		extra-patch-etc__logcheck.conf \
56
		extra-patch-src__logcheck \
57
		extra-patch-src__logtail2
58
EXTRA_PATCHES=	${PATCH_LIST:C|^|${WRKDIR}/|g}
59
60
.include <bsd.port.pre.mk>
60
.include <bsd.port.pre.mk>
61
61
62
pre-patch:
62
do-build:
63
.for patch in ${PATCH_LIST}
63
.for file in ${REINPLACE_FILES}
64
	@${SED} ${_SUB_LIST_TEMP} ${FILESDIR}/${patch}.in > ${WRKDIR}/${patch}
64
	${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file}
65
.endfor
65
.endfor
66
	docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8
67
	${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete
66
68
67
post-patch:
68
	@${FIND} ${WRKSRC}/rulefiles -type f -name \*.orig -delete
69
70
do-build:
71
	@${REINPLACE_CMD} -e 's!/var/log/syslog!/var/log/messages!' \
72
		${WRKSRC}/etc/logcheck.logfiles
73
74
do-install:
69
do-install:
75
	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
70
	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
76
		  ${STAGEDIR}${DBDIR} \
71
		  ${STAGEDIR}${DBDIR} \
Lines 78-83 Link Here
78
		  ${STAGEDIR}${ETCDIR} \
73
		  ${STAGEDIR}${ETCDIR} \
79
		  ${STAGEDIR}${EXAMPLESDIR} \
74
		  ${STAGEDIR}${EXAMPLESDIR} \
80
		  ${STAGEDIR}${RUNDIR}
75
		  ${STAGEDIR}${RUNDIR}
76
	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin
81
	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck ${STAGEDIR}${PREFIX}/sbin
77
	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck ${STAGEDIR}${PREFIX}/sbin
82
	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail ${STAGEDIR}${PREFIX}/sbin
78
	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail ${STAGEDIR}${PREFIX}/sbin
83
	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail2 ${STAGEDIR}${PREFIX}/sbin
79
	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail2 ${STAGEDIR}${PREFIX}/sbin
Lines 97-103 Link Here
97
	@${ECHO_CMD} '@exec ${CHGRP} -R ${LOGCHECK_GROUP} \
93
	@${ECHO_CMD} '@exec ${CHGRP} -R ${LOGCHECK_GROUP} \
98
		${ETCDIR:S|^${PREFIX}/|%D/|} \
94
		${ETCDIR:S|^${PREFIX}/|%D/|} \
99
		${DATADIR:S|^${PREFIX}/|%D/|}' >> ${TMPPLIST}
95
		${DATADIR:S|^${PREFIX}/|%D/|}' >> ${TMPPLIST}
100
.for i in ${MAN_FILES}
96
.for i in ${MAN1_FILES}
97
	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN1PREFIX}/man/man1
98
.endfor
99
.for i in ${MAN8_FILES}
101
	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN8PREFIX}/man/man8
100
	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN8PREFIX}/man/man8
102
.endfor
101
.endfor
103
	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}
102
	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}
(-)distinfo (-2 / +3 lines)
Lines 1-2 Link Here
1
SHA256 (logcheck_1.3.17.tar.xz) = c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a
1
TIMESTAMP = 1499679623
2
SIZE (logcheck_1.3.17.tar.xz) = 130956
2
SHA256 (logcheck_1.3.18.tar.xz) = 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4
3
SIZE (logcheck_1.3.18.tar.xz) = 131252
(-)files/extra-patch-debian__logcheck.cron.d.in (-16 lines)
Lines 1-16 Link Here
1
--- ./debian/logcheck.cron.d.orig	2006-08-06 19:10:49.000000000 -0400
2
+++ ./debian/logcheck.cron.d	2008-09-06 19:11:28.000000000 -0400
3
@@ -1,9 +1,5 @@
4
-# /etc/cron.d/logcheck: crontab entries for the logcheck package
5
-
6
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
7
+# crontab entries for the logcheck package
8
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
9
 MAILTO=root
10
-
11
-@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
12
-2 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
13
-
14
-# EOF
15
+@reboot    if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
16
+2 * * * *  if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi
(-)files/extra-patch-docs__logcheck.8.in (-118 lines)
Lines 1-118 Link Here
1
--- docs/logcheck.8.orig	2009-12-15 15:03:22.000000000 -0500
2
+++ docs/logcheck.8	2009-12-15 15:03:41.000000000 -0500
3
@@ -0,0 +1,115 @@
4
+.\" This manpage has been automatically generated by docbook2man 
5
+.\" from a DocBook document.  This tool can be found at:
6
+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
7
+.\" Please send any bug reports, improvements, comments, patches, 
8
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
9
+.TH "Logcheck" "8" "15 December 2009" "" ""
10
+
11
+.SH NAME
12
+logcheck \- program to scan system logs for interesting lines
13
+.SH SYNOPSIS
14
+
15
+\fBlogcheck\fR [ \fBOPTIONS\fR ]
16
+
17
+.SH "DESCRIPTION"
18
+.PP
19
+The \fBlogcheck\fR program helps spot problems and
20
+security violations in your logfiles automatically and will send the
21
+results to you periodically in an e-mail. By default logcheck runs as 
22
+an hourly cronjob just off the hour and after every reboot.
23
+.PP
24
+\fBlogcheck\fR supports three level of filtering:
25
+"paranoid" is for high-security machines running as few services
26
+as possible. Don't use it if you can't handle its verbose messages.
27
+"server" is the default and contains rules for many different daemons.
28
+"workstation" is for sheltered machines and filters most of the messages.
29
+The ignore rules work in additive manner. "paranoid" rules are also
30
+included at level "server" and "workstation".
31
+.PP
32
+The messages reported are sorted into three layers, system events,
33
+security events and attack alerts. The verbosity of system events is 
34
+controlled by which level you choose, paranoid, server or workstation. 
35
+However, security events and attack alerts are not affected by this.
36
+.SH "EXAMPLES"
37
+.PP
38
+\fBlogcheck\fR can be invoked directly thanks
39
+to su(8) or sudo(8), which change the user ID. The following example checks the logfiles
40
+without updating the offset and outputs everything to STDOUT.
41
+.PP
42
+sudo -u logcheck \fBlogcheck\fR -o -t
43
+.SH "OPTIONS"
44
+.PP
45
+A summary of options is included below.
46
+.TP
47
+\fB-c CFG \fR
48
+Overrule default configuration file.
49
+.TP
50
+\fB-d \fR
51
+Debug mode.
52
+.TP
53
+\fB-h \fR
54
+Show usage information.
55
+.TP
56
+\fB-H \fR
57
+Use this hostname string in the subject of logcheck mail.
58
+.TP
59
+\fB-l LOG \fR
60
+Run logfile through logcheck.
61
+.TP
62
+\fB-L CFG \fR
63
+Overrule default logfiles list.
64
+.TP
65
+\fB-m \fR
66
+Mail report to recipient.
67
+.TP
68
+\fB-o \fR
69
+STDOUT mode, not sending mail.
70
+.TP
71
+\fB-p \fR
72
+Set the report level to "paranoid".
73
+.TP
74
+\fB-r DIR \fR
75
+Overrule default rules directory.
76
+.TP
77
+\fB-R \fR
78
+Adds "Reboot:" to the email subject line.
79
+.TP
80
+\fB-s \fR
81
+Set the report level to "server".
82
+.TP
83
+\fB-S DIR \fR
84
+Overrule default state directory.
85
+.TP
86
+\fB-t \fR
87
+Testing mode does not update offset.
88
+.TP
89
+\fB-T \fR
90
+Do not remove the TMPDIR.
91
+.TP
92
+\fB-u \fR
93
+Enable syslog-summary.
94
+.TP
95
+\fB-v \fR
96
+Print current version.
97
+.TP
98
+\fB-w \fR
99
+Set the report level to "workstation".
100
+.SH "FILES"
101
+.PP
102
+%%ETCDIR%%/logcheck.conf is the main configuration file.
103
+.PP
104
+%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.
105
+.PP
106
+%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.
107
+.SH "EXIT STATUS"
108
+.PP
109
+0 upon success; 1 upon failure
110
+.SH "SEE ALSO"
111
+.PP
112
+\fBlogtail\fR(8)
113
+.SH "AUTHOR"
114
+.PP
115
+logcheck is developed by Debian logcheck Team at alioth: 
116
+http://alioth.debian.org/projects/logcheck/.
117
+.PP
118
+This manual page was written by Jon Middleton.
(-)files/extra-patch-etc__logcheck.conf.in (-17 lines)
Lines 1-17 Link Here
1
--- etc/logcheck.conf.orig	2010-04-15 01:15:34.000000000 +0900
2
+++ etc/logcheck.conf	2010-05-12 14:22:13.000000000 +0900
3
@@ -53,13 +53,7 @@
4
 # Controls the base directory for rules file location
5
 # This must be an absolute path
6
 
7
-#RULEDIR="/etc/logcheck"
8
-
9
-# Controls if syslog-summary is run over each section.
10
-# Alternatively, set to "1" to enable extra summary.
11
-# HINT: syslog-summary needs to be installed.
12
-
13
-#SYSLOGSUMMARY=0
14
+#RULEDIR="%%ETCDIR%%"
15
 
16
 # Controls Subject: lines on logcheck reports:
17
 
(-)files/extra-patch-src__logcheck.in (-151 lines)
Lines 1-151 Link Here
1
--- src/logcheck.orig	2010-07-07 15:59:57.000000000 -0400
2
+++ src/logcheck	2010-07-07 16:19:33.000000000 -0400
3
@@ -24,17 +24,10 @@
4
 
5
 if [ `id -u` = 0 ]; then
6
     echo "logcheck should not be run as root. Use su to invoke logcheck:"
7
-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
8
+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
9
     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
10
     # you may want to uncomment that hack to let logcheck invoke itself.
11
-    # su -s /bin/bash -c "$0 $*" logcheck
12
-    exit 1
13
-fi
14
-
15
-if [ ! -f /usr/bin/lockfile-create -o \
16
-     ! -f /usr/bin/lockfile-remove -o \
17
-     ! -f /usr/bin/lockfile-touch ]; then
18
-    echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
19
+    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
20
     exit 1
21
 fi
22
 
23
@@ -69,12 +62,12 @@
24
 ADDTAG="no"
25
 
26
 # Set the default paths
27
-RULEDIR="/etc/logcheck"
28
-CONFFILE="/etc/logcheck/logcheck.conf"
29
-STATEDIR="/var/lib/logcheck"
30
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
31
-LOGFILE_FALLBACK="/var/log/syslog"
32
-LOGTAIL="/usr/sbin/logtail2"
33
+RULEDIR="%%ETCDIR%%"
34
+CONFFILE="%%ETCDIR%%/logcheck.conf"
35
+STATEDIR="/var/db/logcheck"
36
+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
37
+LOGFILE_FALLBACK="/var/log/messages"
38
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
39
 CAT="/bin/cat"
40
 SYSLOG_SUMMARY="/usr/bin/syslog-summary"
41
 
42
@@ -89,20 +82,15 @@
43
 SORTUNIQ=0
44
 SUPPORT_CRACKING_IGNORE=0
45
 SYSLOGSUMMARY=0
46
-LOCKDIR=/run/lock/logcheck
47
+LOCKDIR=/var/run/logcheck
48
 LOCKFILE="$LOCKDIR/logcheck"
49
 
50
 # Carry out the clean up tasks
51
 cleanup() {
52
 
53
-    if [ -n "$LOCK" ]; then
54
-        debug "cleanup: Killing lockfile-touch - $LOCK"
55
-	kill "$LOCK" && unset LOCK
56
-    fi
57
-
58
-    if [ -f "$LOCKFILE.lock" ]; then
59
-        debug "cleanup: Removing lockfile: $LOCKFILE.lock"
60
-	lockfile-remove "$LOCKFILE"
61
+    if [ -f "$LOCKFILE" ]; then
62
+        debug "cleanup: Removing lockfile: $LOCKFILE"
63
+	rm -f "$LOCKFILE"
64
     fi
65
 
66
     if [ -d "$TMPDIR" ]; then
67
@@ -144,14 +132,9 @@
68
     if [ "$2" = "noclean" ]; then
69
 	debug "error: Not removing lockfile"
70
     else
71
-        if [ -n "$LOCK" ]; then
72
-	    debug "error: Killing lockfile-touch - $LOCK"
73
-	    kill "$LOCK" && unset LOCK
74
-	fi
75
-
76
-       if [ -f "$LOCKFILE.lock" ]; then
77
-           debug "error: Removing lockfile: $LOCKFILE.lock"
78
-           lockfile-remove "$LOCKFILE"
79
+       if [ -f "$LOCKFILE" ]; then
80
+           debug "error: Removing lockfile: $LOCKFILE"
81
+           rm -f "$LOCKFILE"
82
        fi
83
 
84
     fi
85
@@ -170,7 +153,7 @@
86
 ${TMPDIR:+Check temporary directory: $TMPDIR
87
 }
88
 Also verify that the logcheck user can read all files referenced in
89
-/etc/logcheck/logcheck.logfiles!
90
+%%ETCDIR%%/logcheck.logfiles!
91
 
92
 $(export)
93
 EOF
94
@@ -215,7 +198,7 @@
95
 	    mkdir "$cleaned" \
96
 	        || error "Could not make dir $cleaned for cleaned rulefiles."
97
 	fi
98
-	for rulefile in $(run-parts --list "$dir"); do
99
+	for rulefile in $(ls -1R "$dir"); do
100
 	    rulefile="$(basename "$rulefile")"
101
 	    if [ -f "${dir}/${rulefile}" ]; then
102
 		debug "cleanrules: ${dir}/${rulefile}"
103
@@ -529,9 +512,9 @@
104
 
105
 # Hostname either fully qualified or not.
106
 if [ "$FQDN" -eq 1 ]; then
107
-        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
108
+        HOSTNAME="$(hostname -f 2>/dev/null)"
109
 else
110
-        HOSTNAME="$(hostname --short 2>/dev/null)"
111
+        HOSTNAME="$(hostname -s 2>/dev/null)"
112
 fi
113
 
114
 # Now check for the other options
115
@@ -610,30 +593,25 @@
116
 
117
 trap 'cleanup' 0
118
 
119
-debug "Trying to get lockfile: $LOCKFILE.lock"
120
+debug "Trying to get lockfile: $LOCKFILE"
121
 if [ ! -d "$LOCKDIR" ]; then
122
 	mkdir -m 0755 "$LOCKDIR"
123
 fi
124
-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
125
+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
126
 
127
 
128
 if [ $? -eq 1 ]; then
129
     trap 0
130
-    if [ -e "${LOCKFILE}.lock" ]; then
131
+    if [ -e "${LOCKFILE}" ]; then
132
         error "Another logcheck process is still running" "noclean"
133
     else
134
-        error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
135
+        error "Failed to get lockfile: $LOCKFILE" "noclean"
136
     fi
137
-
138
-else
139
-    debug "Running lockfile-touch $LOCKFILE.lock"
140
-    lockfile-touch "$LOCKFILE" &
141
-    LOCK="$!"
142
 fi
143
 
144
 # Create the secure temporary directory or exit
145
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
146
-    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
147
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
148
+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
149
     || error "Could not create temporary directory"
150
 
151
 # Now clean the rulefiles in the directories
(-)files/extra-patch-src__logtail2.in (-11 lines)
Lines 1-11 Link Here
1
--- src/logtail2.orig	2010-01-18 17:24:26.000000000 -0500
2
+++ src/logtail2	2010-01-18 17:24:40.000000000 -0500
3
@@ -108,7 +108,7 @@
4
     # function with dateext magic added.
5
     
6
     #print "determine_rotated_logfile $filename $inode\n";
7
-    for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
8
+    for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) {
9
         my $func = do $codefile;
10
         if (!$func) {
11
 	    print STDERR "cannot compile $codefile: $!";
(-)files/patch-debian_logcheck.cron.d (+16 lines)
Line 0 Link Here
1
--- debian/logcheck.cron.d.orig	2017-01-25 21:08:04 UTC
2
+++ debian/logcheck.cron.d
3
@@ -1,9 +1,5 @@
4
-# /etc/cron.d/logcheck: crontab entries for the logcheck package
5
-
6
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
7
+# crontab entries for the logcheck package
8
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/sbin:%%PREFIX%%/bin
9
 MAILTO=root
10
-
11
-@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
12
-2 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
13
-
14
-# EOF
15
+@reboot    if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi
16
+2 * * * *  if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi
(-)files/patch-docs_README.logcheck (+16 lines)
Line 0 Link Here
1
--- docs/README.logcheck.orig	2017-01-25 21:08:04 UTC
2
+++ docs/README.logcheck
3
@@ -17,11 +17,11 @@ don't start overlapping.
4
 ======================================================================
5
 LOG ENTRIES
6
 -----------
7
-These are taken from a specified set of logfiles (usually syslog and
8
+These are taken from a specified set of logfiles (usually messages and
9
 auth.log); a special Perl utility named "logtail" is used which
10
 "bookmarks" its place in the logs, so that events aren't reported
11
 twice in successive logcheck runs.  The offset records are stored as
12
-(eg) "/var/lib/logcheck/offset.var.log.syslog"; lines to be
13
+(eg) "%%DBDIR%%/offset.var.log.messages"; lines to be
14
 considered by logcheck are copied into tempfiles in the working
15
 directory "/var/tmp/logcheck".  See the corresponding README for
16
 logtail for further notes on complications such as log-rotation.
(-)files/patch-docs_README.logcheck-database (+105 lines)
Line 0 Link Here
1
--- docs/README.logcheck-database.orig	2017-01-25 21:08:04 UTC
2
+++ docs/README.logcheck-database
3
@@ -15,7 +15,7 @@ normal egrep pattern-matches, applied in
4
 1. the "SECURITY ALERTS" layer, designed to detect the traces of active
5
 	intrusion attempts.
6
 
7
-   Patterns raising the alarm go in "/etc/logcheck/cracking.d"; any
8
+   Patterns raising the alarm go in "%%ETCDIR%%/cracking.d"; any
9
 	event that matches one of these patterns turns the report
10
 	into an urgent "Security Alerts" report, with the relevant
11
 	event moved to a special section.  The cracking.d standard
12
@@ -26,7 +26,7 @@ normal egrep pattern-matches, applied in
13
 	the default logcheck configuration, but if the local
14
 	administrator enables this layer of filtering in
15
 	logcheck.conf, then the rules go in the directory
16
-	"/etc/logcheck/cracking.ignore.d".  Matches with
17
+	"%%ETCDIR%%/cracking.ignore.d".  Matches with
18
 	cracking.ignore rules will then reclassify the alert as a
19
 	false alarm (compare violations.ignore below).  Note that
20
 	this means they are totally ignored - log messages handled
21
@@ -35,12 +35,12 @@ normal egrep pattern-matches, applied in
22
 2. the "SECURITY EVENTS" layer, designed to detect less critical
23
 	events still considered worthy of special attention.
24
 
25
-   Patterns raising the alarm go in "/etc/logcheck/violations.d";
26
+   Patterns raising the alarm go in "%%ETCDIR%%/violations.d";
27
 	matches with these result in a "Security Events" alert,
28
 	with the relevant event moved to a special section.
29
 
30
    Patterns cancelling such alarms go in the standard directory
31
-	"/etc/logcheck/violations.ignore.d"; apparent "Security
32
+	"%%ETCDIR%%/violations.ignore.d"; apparent "Security
33
 	Events" that match with violations.ignore patterns are
34
 	discarded as false alarms.
35
 
36
@@ -51,7 +51,7 @@ normal egrep pattern-matches, applied in
37
 	from the logfiles are considered for inclusion in the main
38
 	"System Events" section.
39
 
40
-   Patterns in the three "/etc/logcheck/ignore.d.*" directories
41
+   Patterns in the three "%%ETCDIR%%/ignore.d.*" directories
42
 	again function to overrule alerts; the log messages that
43
 	match them are excluded from the report as trivial.  The
44
 	specific directories consulted depend on the prevailing
45
@@ -78,13 +78,13 @@ underscore, and hyphen.
46
 Contains filters relevant to only one Debian package - for example
47
 if "fooserver" logs suspicious events like this:
48
 "$DATE $HOSTNAME fooserver[$PID]: $USER is up to no good"
49
-then a line in "/etc/logcheck/violations.d/fooserver" with an
50
+then a line in "%%ETCDIR%%/violations.d/fooserver" with an
51
 appropriate pattern will promote it from a mere "System Event"
52
 to a full "Security Event" in a subsection of the mailing headed
53
 "fooserver".  Or then again if that kind of log message is more
54
 trivial than it looks (maybe "foo" is a networked game of
55
 spy-and-counterspy) then a line in
56
-"/etc/logcheck/ignore.d.server/fooserver" will turn it into a
57
+"%%ETCDIR%%/ignore.d.server/fooserver" will turn it into a
58
 nonevent for all but the most assiduous of administrators.
59
 
60
 Sometimes a package will have not only special alarm calls which
61
@@ -107,7 +107,7 @@ that need to be processed.
62
 
63
 Standard "generic" rules go in each directory's "./logcheck" file;
64
 thus for instance any log message at all matching "ATTACK"
65
-(listed in "/etc/logcheck/cracking.d/logcheck") _always_ triggers
66
+(listed in "%%ETCDIR%%/cracking.d/logcheck") _always_ triggers
67
 a "Security Alert", unless you deliberately tamper with
68
 "cracking.ignore.d" rules.
69
 
70
@@ -122,12 +122,12 @@ non-package-specific "flagging" patterns
71
 "fooserver" outputs syslog messages like this:
72
     "$DATE $HOSTNAME fooserver[$PID]: 3 attempts 0 rejected"
73
 then the standard keyword "reject" listed in the generic
74
-"/etc/logcheck/violations.d/logcheck" file will trigger frequent
75
+"%%ETCDIR%%/violations.d/logcheck" file will trigger frequent
76
 "Security Events" reports.  Putting a filtering pattern in
77
-"/etc/logcheck/violations.ignore.d/fooserver" won't help here!
78
+"%%ETCDIR%%/violations.ignore.d/fooserver" won't help here!
79
 The solution is to use a file named in the specially-privileged
80
 ./logcheck-<packagename> format:
81
-"/etc/logcheck/violations.ignore.d/logcheck-fooserver".
82
+"%%ETCDIR%%/violations.ignore.d/logcheck-fooserver".
83
 This can contain patterns provided by that particular package
84
 which nonetheless need to take precedence over the generic rules.
85
 
86
@@ -137,8 +137,8 @@ Sysadmins can use the "local-*" filename
87
 additions to the "logcheck-*" pattern lists.  If you have "ippl"
88
 logging network connections verbosely into syslog then you can put
89
 custom "Security Events" keywords in
90
-"/etc/logcheck/violations.d/local-ippl" and exceptions in
91
-"/etc/logcheck/violations.ignore.d/local-ippl".
92
+"%%ETCDIR%%/violations.d/local-ippl" and exceptions in
93
+"%%ETCDIR%%/violations.ignore.d/local-ippl".
94
 
95
 
96
 WRITING RULES
97
@@ -181,7 +181,7 @@ logcheck-test(1)).
98
 Alternatively you can manually grep your log file, and remove trailing
99
 space with something like this:
100
 
101
-    sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep \
102
+    sed -e 's/[[:space:]]*$//' /var/log/messages | egrep \
103
     '^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: WWWOFFLE (On|Off)line\.$'
104
 
105
 If the log line is displayed, then your regex works.
(-)files/patch-docs_README.logtail (+11 lines)
Line 0 Link Here
1
--- docs/README.logtail.orig	2017-01-25 21:08:04 UTC
2
+++ docs/README.logtail
3
@@ -28,7 +28,7 @@ Logtail2, a different executeable, also 
4
 guessing a file name that might have been the target of log rotation
5
 and printing that file's contents starting with the stored offset. If
6
 you have a non-standard rotation scheme, you can drop your own
7
-heuristic into /usr/share/logtail/detectrotate/ and have it
8
+heuristic into %%DATADIR%%/detectrotate/ and have it
9
 automatically picked up by logtail2.
10
 ======================================================================
11
 COMMANDLINE ARGUMENTS
(-)files/patch-docs_logcheck-test.1 (+26 lines)
Line 0 Link Here
1
--- docs/logcheck-test.1.orig	2017-01-25 21:08:04 UTC
2
+++ docs/logcheck-test.1
3
@@ -38,8 +38,8 @@ Show usage information
4
 .B \-a, \-\-auth.log
5
 Parse /var/log/auth.log for matching lines
6
 .TP
7
-.B \-s, \-\-syslog
8
-Parse /var/log/syslog for matching lines
9
+.B \-m, \-\-messages
10
+Parse /var/log/messages for matching lines
11
 .TP
12
 .B \-l, \-\-log\-file FILE
13
 Parse FILE for matching lines
14
@@ -69,10 +69,10 @@ With
15
 .B logcheck-test
16
 you can easily write and test new rules.
17
 .PP
18
-Test a single rule against /var/log/syslog:
19
+Test a single rule against /var/log/messages:
20
 .RS
21
 .fam C
22
-logcheck-test \-s "RULE"
23
+logcheck-test \-m "RULE"
24
 .fam T
25
 .RE
26
 
(-)files/patch-docs_logcheck.sgml (+17 lines)
Line 0 Link Here
1
--- docs/logcheck.sgml.orig	2017-01-25 21:08:04 UTC
2
+++ docs/logcheck.sgml
3
@@ -244,10 +244,10 @@ manpage.1: manpage.sgml
4
   <refsect1>
5
     <title>FILES</title>
6
 
7
-    <para>/etc/logcheck/logcheck.conf is the main configuration file.</para>
8
-    <para>/etc/logcheck/logcheck.logfiles is the list of files to monitor.</para>
9
-    <para>/etc/logcheck/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
10
-    <para>/usr/share/doc/logcheck-database/README.logcheck-database.gz for hints on how to write, test and maintain rules.</para>
11
+    <para>%%ETCDIR%%/logcheck.conf is the main configuration file.</para>
12
+    <para>%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.</para>
13
+    <para>%%ETCDIR%%/logcheck.logfiles.d is the directory of lists of files to monitor.</para>
14
+    <para>%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.</para>
15
   </refsect1>
16
   <refsect1>
17
     <title>EXIT STATUS</title>
(-)files/patch-docs_logtail2.8 (+11 lines)
Line 0 Link Here
1
--- docs/logtail2.8.orig	2017-01-25 21:08:04 UTC
2
+++ docs/logtail2.8
3
@@ -38,7 +38,7 @@ is not empty, the inode of
4
 is checked.  If the inode is changed,
5
 .B logtail2
6
 uses the heuristics stored in
7
-.I /usr/share/logtail/detectrotate/
8
+.I %%DATADIR%%/detectrotate/
9
 to find a file that might be the rotated
10
 .I logfile
11
 and prints it starting with the stored offset. It then proceeds to
(-)files/patch-etc_logcheck.conf (+37 lines)
Line 0 Link Here
1
--- etc/logcheck.conf.orig	2017-01-25 21:08:04 UTC
2
+++ etc/logcheck.conf
3
@@ -9,7 +9,7 @@
4
 # Controls the presence of boilerplate at the top of each message:
5
 # Alternatively, set to "0" to disable the introduction.
6
 #
7
-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
8
+# If the files %%ETCDIR%%/header.txt and %%ETCDIR%%/footer.txt
9
 # are present their contents will be read and used as the header and
10
 # footer of any generated mails.
11
 
12
@@ -44,8 +44,8 @@ FQDN=1
13
 
14
 #SORTUNIQ=0
15
 
16
-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
17
-# exceptions to the rules in /etc/logcheck/cracking.d:
18
+# Controls whether %%ETCDIR%%/cracking.ignore.d is scanned for
19
+# exceptions to the rules in %%ETCDIR%%/cracking.d:
20
 # Alternatively, set to "1" to enable cracking.ignore support
21
 
22
 #SUPPORT_CRACKING_IGNORE=0
23
@@ -53,13 +53,7 @@ FQDN=1
24
 # Controls the base directory for rules file location
25
 # This must be an absolute path
26
 
27
-#RULEDIR="/etc/logcheck"
28
-
29
-# Controls if syslog-summary is run over each section.
30
-# Alternatively, set to "1" to enable extra summary.
31
-# HINT: syslog-summary needs to be installed.
32
-
33
-#SYSLOGSUMMARY=0
34
+#RULEDIR="%%ETCDIR%%"
35
 
36
 # Controls Subject: lines on logcheck reports:
37
 
(-)files/patch-etc_logcheck.logfiles (+8 lines)
Line 0 Link Here
1
--- etc/logcheck.logfiles.orig	2017-01-25 21:08:04 UTC
2
+++ etc/logcheck.logfiles
3
@@ -1,4 +1,4 @@
4
 # these files will be checked by logcheck
5
 # This has been tuned towards a default syslog install
6
-/var/log/syslog
7
 /var/log/auth.log
8
+/var/log/messages
(-)files/patch-rulefiles__linux__ignore.d.server__ssh (-3 / +3 lines)
Lines 1-6 Link Here
1
--- ./rulefiles/linux/ignore.d.server/ssh.orig	2010-09-03 04:24:30.000000000 -0400
1
--- rulefiles/linux/ignore.d.server/ssh.orig	2017-01-25 21:08:04 UTC
2
+++ ./rulefiles/linux/ignore.d.server/ssh	2011-11-23 14:25:31.000000000 -0500
2
+++ rulefiles/linux/ignore.d.server/ssh
3
@@ -21,8 +21,8 @@
3
@@ -27,8 +27,8 @@
4
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
4
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
5
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
5
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
6
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
6
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
(-)files/patch-src_logcheck (+153 lines)
Line 0 Link Here
1
--- src/logcheck.orig	2017-07-11 17:32:13 UTC
2
+++ src/logcheck
3
@@ -24,17 +24,10 @@
4
 
5
 if [ `id -u` = 0 ]; then
6
     echo "logcheck should not be run as root. Use su to invoke logcheck:"
7
-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
8
+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
9
     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
10
     # you may want to uncomment that hack to let logcheck invoke itself.
11
-    # su -s /bin/bash -c "$0 $*" logcheck
12
-    exit 1
13
-fi
14
-
15
-if [ ! -f /usr/bin/lockfile-create -o \
16
-     ! -f /usr/bin/lockfile-remove -o \
17
-     ! -f /usr/bin/lockfile-touch ]; then
18
-    echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
19
+    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
20
     exit 1
21
 fi
22
 
23
@@ -69,13 +62,13 @@ EVENTSSUBJECT="System Events"
24
 ADDTAG="no"
25
 
26
 # Set the default paths
27
-RULEDIR="/etc/logcheck"
28
-CONFFILE="/etc/logcheck/logcheck.conf"
29
-STATEDIR="/var/lib/logcheck"
30
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
31
-LOGFILES_LIST_D="/etc/logcheck/logcheck.logfiles.d"
32
-LOGFILE_FALLBACK="/var/log/syslog"
33
-LOGTAIL="/usr/sbin/logtail2"
34
+RULEDIR="%%ETCDIR%%"
35
+CONFFILE="%%ETCDIR%%/logcheck.conf"
36
+STATEDIR="%%DBDIR%%"
37
+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
38
+LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
39
+LOGFILE_FALLBACK="/var/log/messages"
40
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
41
 CAT="/bin/cat"
42
 SYSLOG_SUMMARY="/usr/bin/syslog-summary"
43
 
44
@@ -90,20 +83,15 @@ FQDN=0
45
 SORTUNIQ=0
46
 SUPPORT_CRACKING_IGNORE=0
47
 SYSLOGSUMMARY=0
48
-LOCKDIR=/run/lock/logcheck
49
+LOCKDIR=/var/run/logcheck
50
 LOCKFILE="$LOCKDIR/logcheck"
51
 
52
 # Carry out the clean up tasks
53
 cleanup() {
54
 
55
-    if [ -n "$LOCK" ]; then
56
-        debug "cleanup: Killing lockfile-touch - $LOCK"
57
-	kill "$LOCK" && unset LOCK
58
-    fi
59
-
60
-    if [ -f "$LOCKFILE.lock" ]; then
61
-        debug "cleanup: Removing lockfile: $LOCKFILE.lock"
62
-	lockfile-remove "$LOCKFILE"
63
+    if [ -f "$LOCKFILE" ]; then
64
+        debug "cleanup: Removing lockfile: $LOCKFILE"
65
+	rm -f "$LOCKFILE"
66
     fi
67
 
68
     if [ -d "$TMPDIR" ]; then
69
@@ -145,14 +133,9 @@ error() {
70
     if [ "$2" = "noclean" ]; then
71
 	debug "error: Not removing lockfile"
72
     else
73
-        if [ -n "$LOCK" ]; then
74
-	    debug "error: Killing lockfile-touch - $LOCK"
75
-	    kill "$LOCK" && unset LOCK
76
-	fi
77
-
78
-       if [ -f "$LOCKFILE.lock" ]; then
79
-           debug "error: Removing lockfile: $LOCKFILE.lock"
80
-           lockfile-remove "$LOCKFILE"
81
+       if [ -f "$LOCKFILE" ]; then
82
+           debug "error: Removing lockfile: $LOCKFILE"
83
+           rm -f "$LOCKFILE"
84
        fi
85
 
86
     fi
87
@@ -171,7 +154,7 @@ $message
88
 ${TMPDIR:+Check temporary directory: $TMPDIR
89
 }
90
 Also verify that the logcheck user can read all files referenced in
91
-/etc/logcheck/logcheck.logfiles!
92
+%%ETCDIR%%/logcheck.logfiles!
93
 
94
 $(export)
95
 EOF
96
@@ -223,7 +206,7 @@ cleanrules() {
97
 			error "Couldn't read $x"
98
 		fi
99
 	done
100
-	for rulefile in $(run-parts --list "$dir"); do
101
+	for rulefile in $(ls -1R "$dir"); do
102
 	    rulefile="$(basename "$rulefile")"
103
 	    if [ -f "${dir}/${rulefile}" ]; then
104
 		debug "cleanrules: ${dir}/${rulefile}"
105
@@ -538,9 +521,9 @@ fi
106
 
107
 # Hostname either fully qualified or not.
108
 if [ "$FQDN" -eq 1 ]; then
109
-        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
110
+        HOSTNAME="$(hostname -f 2>/dev/null)"
111
 else
112
-        HOSTNAME="$(hostname --short 2>/dev/null)"
113
+        HOSTNAME="$(hostname -s 2>/dev/null)"
114
 fi
115
 
116
 # Now check for the other options
117
@@ -623,30 +606,25 @@ fi
118
 
119
 trap 'cleanup' 0
120
 
121
-debug "Trying to get lockfile: $LOCKFILE.lock"
122
+debug "Trying to get lockfile: $LOCKFILE"
123
 if [ ! -d "$LOCKDIR" ]; then
124
 	mkdir -m 0755 "$LOCKDIR"
125
 fi
126
-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1
127
+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1
128
 
129
 
130
 if [ $? -eq 1 ]; then
131
     trap 0
132
-    if [ -e "${LOCKFILE}.lock" ]; then
133
+    if [ -e "${LOCKFILE}" ]; then
134
         error "Another logcheck process is still running" "noclean"
135
     else
136
-        error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
137
+        error "Failed to get lockfile: $LOCKFILE" "noclean"
138
     fi
139
-
140
-else
141
-    debug "Running lockfile-touch $LOCKFILE.lock"
142
-    lockfile-touch "$LOCKFILE" &
143
-    LOCK="$!"
144
 fi
145
 
146
 # Create the secure temporary directory or exit
147
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
148
-    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
149
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
150
+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
151
     || error "Could not create temporary directory"
152
 
153
 # Now clean the rulefiles in the directories
(-)files/patch-src_logcheck-test (+23 lines)
Line 0 Link Here
1
--- src/logcheck-test.orig	2017-01-25 21:08:04 UTC
2
+++ src/logcheck-test
3
@@ -38,7 +38,7 @@ usage() {
4
 usage: logcheck-test
5
 -h|--help                   : Show usage information
6
 -a|--auth.log               : Parse /var/log/auth.log
7
--s|--syslog                 : Parse /var/log/syslog
8
+-m|--messages               : Parse /var/log/messages
9
 -l|--log-file LOGFILE       : Parse LOGFILE
10
 -i|--invert-match           : Show lines that don't match the RULE or RULEFILE
11
 -q|--quiet                  : Suppress rule summary
12
@@ -103,9 +103,9 @@ while [ -n "${1:-}" ]; do
13
                 warn "option -a ignored"
14
             fi
15
         ;;
16
-        -s|--syslog)
17
+        -m|--messages)
18
             if [ -z "$FILE" ] ; then
19
-                FILE="/var/log/syslog"
20
+                FILE="/var/log/messages"
21
             else
22
                 warn "option -s ignored"
23
             fi
(-)files/patch-src_logtail2 (+11 lines)
Line 0 Link Here
1
--- src/logtail2.orig	2017-07-11 17:32:13 UTC
2
+++ src/logtail2
3
@@ -109,7 +109,7 @@ sub determine_rotated_logfile {
4
     # function with dateext magic added.
5
 
6
     #print "determine_rotated_logfile $filename $inode\n";
7
-    for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) {
8
+    for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) {
9
         my $func = do $codefile;
10
         if (!$func) {
11
 	    print STDERR "cannot compile $codefile: $!";
(-)pkg-plist (-5 / +9 lines)
Lines 1-4 Link Here
1
@mode 640
1
@mode 640
2
%%DATADIR%%/detectrotate/10-savelog.dtr
3
%%DATADIR%%/detectrotate/20-logrotate.dtr
4
%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
2
%%ETCDIR%%/cracking.d/kernel
5
%%ETCDIR%%/cracking.d/kernel
3
%%ETCDIR%%/cracking.d/rlogind
6
%%ETCDIR%%/cracking.d/rlogind
4
%%ETCDIR%%/cracking.d/rsh
7
%%ETCDIR%%/cracking.d/rsh
Lines 131-136 Link Here
131
%%ETCDIR%%/ignore.d.server/sudo
134
%%ETCDIR%%/ignore.d.server/sudo
132
%%ETCDIR%%/ignore.d.server/sympa
135
%%ETCDIR%%/ignore.d.server/sympa
133
%%ETCDIR%%/ignore.d.server/syslogd
136
%%ETCDIR%%/ignore.d.server/syslogd
137
%%ETCDIR%%/ignore.d.server/systemd
138
%%ETCDIR%%/ignore.d.server/systemd-timesyncd
134
%%ETCDIR%%/ignore.d.server/teapop
139
%%ETCDIR%%/ignore.d.server/teapop
135
%%ETCDIR%%/ignore.d.server/telnetd
140
%%ETCDIR%%/ignore.d.server/telnetd
136
%%ETCDIR%%/ignore.d.server/tftpd
141
%%ETCDIR%%/ignore.d.server/tftpd
Lines 179-184 Link Here
179
%%ETCDIR%%/ignore.d.workstation/wpasupplicant
184
%%ETCDIR%%/ignore.d.workstation/wpasupplicant
180
%%ETCDIR%%/ignore.d.workstation/xdm
185
%%ETCDIR%%/ignore.d.workstation/xdm
181
%%ETCDIR%%/ignore.d.workstation/xlockmore
186
%%ETCDIR%%/ignore.d.workstation/xlockmore
187
%%ETCDIR%%/logcheck.conf.sample
188
%%ETCDIR%%/logcheck.logfiles.sample
182
%%ETCDIR%%/violations.d/kernel
189
%%ETCDIR%%/violations.d/kernel
183
%%ETCDIR%%/violations.d/logcheck
190
%%ETCDIR%%/violations.d/logcheck
184
%%ETCDIR%%/violations.d/smartd
191
%%ETCDIR%%/violations.d/smartd
Lines 186-197 Link Here
186
%%ETCDIR%%/violations.d/sudo
193
%%ETCDIR%%/violations.d/sudo
187
%%ETCDIR%%/violations.ignore.d/logcheck-su
194
%%ETCDIR%%/violations.ignore.d/logcheck-su
188
%%ETCDIR%%/violations.ignore.d/logcheck-sudo
195
%%ETCDIR%%/violations.ignore.d/logcheck-sudo
189
%%ETCDIR%%/logcheck.conf.sample
190
%%ETCDIR%%/logcheck.logfiles.sample
191
%%DATADIR%%/detectrotate/10-savelog.dtr
192
%%DATADIR%%/detectrotate/20-logrotate.dtr
193
%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr
194
@mode
196
@mode
197
bin/logcheck-test
198
man/man1/logcheck-test.1.gz
195
man/man8/logcheck.8.gz
199
man/man8/logcheck.8.gz
196
man/man8/logtail.8.gz
200
man/man8/logtail.8.gz
197
man/man8/logtail2.8.gz
201
man/man8/logtail2.8.gz

Return to bug 220609