Attachment #198536 for bug #232596

View | Details | Raw Unified | Return to bug 232596
Collapse All | Expand All

Lines 3-8 Link Here

(-)Makefile (-3 / +4 lines)
3		3
4	PORTNAME= logcheck	4	PORTNAME= logcheck
5	PORTVERSION= 1.3.19	5	PORTVERSION= 1.3.19
		6	PORTREVISION= 1
6	CATEGORIES= security	7	CATEGORIES= security
7	MASTER_SITES= DEBIAN_POOL	8	MASTER_SITES= DEBIAN_POOL
8	DISTNAME= ${PORTNAME}_${PORTVERSION}	9	DISTNAME= ${PORTNAME}_${PORTVERSION}
Lines 18-23 Link Here
18	lockfile-create:sysutils/lockfile-progs \	19	lockfile-create:sysutils/lockfile-progs \
19	bash:shells/bash	20	bash:shells/bash
20		21
		22	# Enable Perl dependency for logtail script
		23	USES= perl5 shebangfix tar:xz
		24
21	LOGCHECK_USER= logcheck	25	LOGCHECK_USER= logcheck
22	LOGCHECK_GROUP= ${LOGCHECK_USER}	26	LOGCHECK_GROUP= ${LOGCHECK_USER}
23	USERS= ${LOGCHECK_USER}	27	USERS= ${LOGCHECK_USER}
Lines 33-41 Link Here
33	OPTIONS_DEFAULT=CRON	37	OPTIONS_DEFAULT=CRON
34	.endif	38	.endif
35		39
36	# Enable Perl dependency for logtail script
37	USES= perl5 shebangfix tar:xz
38
39	WRKSRC= ${WRKDIR}/${DISTNAME:S!_!-!}	40	WRKSRC= ${WRKDIR}/${DISTNAME:S!_!-!}
40	BINMODE= 755	41	BINMODE= 755
41	SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \	42	SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \

Line 0 Link Here

(-)files/patch-rulefiles_linux_ignore.d.server_sudo (+11 lines)
	1	--- rulefiles/linux/ignore.d.server/sudo.orig 2018-05-30 21:59:13 UTC
	2	+++ rulefiles/linux/ignore.d.server/sudo
	3	@@ -1,4 +1,4 @@
	4	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+$sudo:session$: session closed for user [[:alnum:]-]+$
	5	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+$sudo:session$: session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?$uid=[0-9]+$$
	6	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr\|etc\|bin\|sbin)/\|sudoedit ).*$
	7	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : $command continued$.*$
	8	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+$sudo:session$: session closed for user [[:alnum:]-]+$
	9	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+$sudo:session$: session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?$uid=[0-9]+$$
	10	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr\|etc\|bin\|sbin)/\|sudoedit ).*$
	11	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : $command continued$.*$

Line 0 Link Here

(-)files/patch-rulefiles_linux_violations.d_sudo (+7 lines)
	1	--- rulefiles/linux/violations.d/sudo.orig 2018-05-30 21:59:13 UTC
	2	+++ rulefiles/linux/violations.d/sudo
	3	@@ -1,3 +1,3 @@
	4	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: $pam_[[:alnum:]]+$ .*$
	5	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+$sudo:[[:alnum:]]+$: .*$
	6	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
	7	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$

Line 0 Link Here

(-)files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo (+13 lines)
	1	--- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig 2018-05-30 21:59:13 UTC
	2	+++ rulefiles/linux/violations.ignore.d/logcheck-sudo
	3	@@ -1,5 +1,5 @@
	4	-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5$sudo:auth$: user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
	5	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|console\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr\|etc\|bin\|sbin)/\|sudoedit ).*\|list)$
	6	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : $command continued$.*$
	7	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+$sudo:session$: session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?$uid=[0-9]+$$
	8	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+$sudo:session$: session closed for user [[:alnum:]-]+$
	9	+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5$sudo:auth$: user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
	10	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|console\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr\|etc\|bin\|sbin)/\|sudoedit ).*\|list)$
	11	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : $command continued$.*$
	12	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+$sudo:session$: session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?$uid=[0-9]+$$
	13	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+$sudo:session$: session closed for user [[:alnum:]-]+$

Return to bug 232596

Line 0 Link Here

(-)files/patch-rulefiles_linux_ignore.d.server_sudo (+11 lines)
	1	--- rulefiles/linux/ignore.d.server/sudo.orig 2018-05-30 21:59:13 UTC
	2	+++ rulefiles/linux/ignore.d.server/sudo
	3	@@ -1,4 +1,4 @@
	4	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
	5	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
	6	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr\|etc\|bin\|sbin)/\|sudoedit ).*$
	7	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
	8	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
	9	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
	10	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr\|etc\|bin\|sbin)/\|sudoedit ).*$
	11	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$

Line 0 Link Here

(-)files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo (+13 lines)
	1	--- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig 2018-05-30 21:59:13 UTC
	2	+++ rulefiles/linux/violations.ignore.d/logcheck-sudo
	3	@@ -1,5 +1,5 @@
	4	-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
	5	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|console\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr\|etc\|bin\|sbin)/\|sudoedit ).*\|list)$
	6	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
	7	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
	8	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
	9	+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
	10	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown\|console\|(pts/\|tty\|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr\|etc\|bin\|sbin)/\|sudoedit ).*\|list)$
	11	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
	12	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
	13	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$