FreeBSD Bugzilla – Attachment 184253 Details for
Bug 220609
security/logcheck: Update to 1.3.18
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
updated patch file
patch-security_logcheck (text/plain), 25.60 KB, created by
Yasuhiro Kimura
on 2017-07-11 10:42:19 UTC
(
hide
)
Description:
updated patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2017-07-11 10:42:19 UTC
Size:
25.60 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 445458) >+++ Makefile (working copy) >@@ -2,7 +2,7 @@ > # $FreeBSD$ > > PORTNAME= logcheck >-PORTVERSION= 1.3.17 >+PORTVERSION= 1.3.18 > CATEGORIES= security > MASTER_SITES= DEBIAN_POOL > DISTNAME= ${PORTNAME}_${PORTVERSION} >@@ -12,6 +12,7 @@ > > LICENSE= GPLv2 > >+BUILD_DEPENDS= docbook-to-man>0:textproc/docbook-to-man > RUN_DEPENDS= mime-construct:mail/mime-construct \ > lockfile:mail/procmail \ > bash:shells/bash >@@ -38,39 +39,29 @@ > BINMODE= 755 > SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \ > LOGCHECK_GROUP=${LOGCHECK_GROUP} \ >- CRON=${PORT_OPTIONS:MCRON} >+ DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON} > SUB_FILES= pkg-install pkg-deinstall pkg-message > PLIST_SUB+= LOGCHECK_USER=${LOGCHECK_USER} \ > LOGCHECK_GROUP=${LOGCHECK_GROUP} \ > DBDIR=${DBDIR} RUNDIR=${RUNDIR} >-SHEBANG_FILES= src/logcheck src/logtail src/logtail2 >+SHEBANG_FILES= src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr > CONFIG_DIRS= cracking.d ignore.d.paranoid ignore.d.server \ > ignore.d.workstation violations.d violations.ignore.d > DOCS= AUTHORS CHANGES CREDITS LICENSE TODO docs/README* > PORTDOCS= ${DOCS:T} > MAN_FILES= logcheck.8 logtail.8 logtail2.8 >+REINPLACE_FILES= debian/logcheck.cron.d docs/logcheck.sgml \ >+ etc/logcheck.conf src/logcheck src/logtail2 > >-PATCH_LIST= extra-patch-debian__logcheck.cron.d \ >- extra-patch-docs__logcheck.8 \ >- extra-patch-etc__logcheck.conf \ >- extra-patch-src__logcheck \ >- extra-patch-src__logtail2 >-EXTRA_PATCHES= ${PATCH_LIST:C|^|${WRKDIR}/|g} >- > .include <bsd.port.pre.mk> > >-pre-patch: >-.for patch in ${PATCH_LIST} >- @${SED} ${_SUB_LIST_TEMP} ${FILESDIR}/${patch}.in > ${WRKDIR}/${patch} >+do-build: >+.for file in ${REINPLACE_FILES} >+ ${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file} > .endfor >+ docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8 >+ ${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete > >-post-patch: >- @${FIND} ${WRKSRC}/rulefiles -type f -name \*.orig -delete >- >-do-build: >- @${REINPLACE_CMD} -e 's!/var/log/syslog!/var/log/messages!' \ >- ${WRKSRC}/etc/logcheck.logfiles >- > do-install: > @${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \ > ${STAGEDIR}${DBDIR} \ >Index: distinfo >=================================================================== >--- distinfo (revision 445458) >+++ distinfo (working copy) >@@ -1,2 +1,3 @@ >-SHA256 (logcheck_1.3.17.tar.xz) = c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a >-SIZE (logcheck_1.3.17.tar.xz) = 130956 >+TIMESTAMP = 1499679623 >+SHA256 (logcheck_1.3.18.tar.xz) = 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 >+SIZE (logcheck_1.3.18.tar.xz) = 131252 >Index: files/extra-patch-debian__logcheck.cron.d.in >=================================================================== >--- files/extra-patch-debian__logcheck.cron.d.in (revision 445458) >+++ files/extra-patch-debian__logcheck.cron.d.in (nonexistent) >@@ -1,16 +0,0 @@ >---- ./debian/logcheck.cron.d.orig 2006-08-06 19:10:49.000000000 -0400 >-+++ ./debian/logcheck.cron.d 2008-09-06 19:11:28.000000000 -0400 >-@@ -1,9 +1,5 @@ >--# /etc/cron.d/logcheck: crontab entries for the logcheck package >-- >--PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin >-+# crontab entries for the logcheck package >-+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin >- MAILTO=root >-- >--@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi >--2 * * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi >-- >--# EOF >-+@reboot if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi >-+2 * * * * if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi >Index: files/extra-patch-docs__logcheck.8.in >=================================================================== >--- files/extra-patch-docs__logcheck.8.in (revision 445458) >+++ files/extra-patch-docs__logcheck.8.in (nonexistent) >@@ -1,118 +0,0 @@ >---- docs/logcheck.8.orig 2009-12-15 15:03:22.000000000 -0500 >-+++ docs/logcheck.8 2009-12-15 15:03:41.000000000 -0500 >-@@ -0,0 +1,115 @@ >-+.\" This manpage has been automatically generated by docbook2man >-+.\" from a DocBook document. This tool can be found at: >-+.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> >-+.\" Please send any bug reports, improvements, comments, patches, >-+.\" etc. to Steve Cheng <steve@ggi-project.org>. >-+.TH "Logcheck" "8" "15 December 2009" "" "" >-+ >-+.SH NAME >-+logcheck \- program to scan system logs for interesting lines >-+.SH SYNOPSIS >-+ >-+\fBlogcheck\fR [ \fBOPTIONS\fR ] >-+ >-+.SH "DESCRIPTION" >-+.PP >-+The \fBlogcheck\fR program helps spot problems and >-+security violations in your logfiles automatically and will send the >-+results to you periodically in an e-mail. By default logcheck runs as >-+an hourly cronjob just off the hour and after every reboot. >-+.PP >-+\fBlogcheck\fR supports three level of filtering: >-+"paranoid" is for high-security machines running as few services >-+as possible. Don't use it if you can't handle its verbose messages. >-+"server" is the default and contains rules for many different daemons. >-+"workstation" is for sheltered machines and filters most of the messages. >-+The ignore rules work in additive manner. "paranoid" rules are also >-+included at level "server" and "workstation". >-+.PP >-+The messages reported are sorted into three layers, system events, >-+security events and attack alerts. The verbosity of system events is >-+controlled by which level you choose, paranoid, server or workstation. >-+However, security events and attack alerts are not affected by this. >-+.SH "EXAMPLES" >-+.PP >-+\fBlogcheck\fR can be invoked directly thanks >-+to su(8) or sudo(8), which change the user ID. The following example checks the logfiles >-+without updating the offset and outputs everything to STDOUT. >-+.PP >-+sudo -u logcheck \fBlogcheck\fR -o -t >-+.SH "OPTIONS" >-+.PP >-+A summary of options is included below. >-+.TP >-+\fB-c CFG \fR >-+Overrule default configuration file. >-+.TP >-+\fB-d \fR >-+Debug mode. >-+.TP >-+\fB-h \fR >-+Show usage information. >-+.TP >-+\fB-H \fR >-+Use this hostname string in the subject of logcheck mail. >-+.TP >-+\fB-l LOG \fR >-+Run logfile through logcheck. >-+.TP >-+\fB-L CFG \fR >-+Overrule default logfiles list. >-+.TP >-+\fB-m \fR >-+Mail report to recipient. >-+.TP >-+\fB-o \fR >-+STDOUT mode, not sending mail. >-+.TP >-+\fB-p \fR >-+Set the report level to "paranoid". >-+.TP >-+\fB-r DIR \fR >-+Overrule default rules directory. >-+.TP >-+\fB-R \fR >-+Adds "Reboot:" to the email subject line. >-+.TP >-+\fB-s \fR >-+Set the report level to "server". >-+.TP >-+\fB-S DIR \fR >-+Overrule default state directory. >-+.TP >-+\fB-t \fR >-+Testing mode does not update offset. >-+.TP >-+\fB-T \fR >-+Do not remove the TMPDIR. >-+.TP >-+\fB-u \fR >-+Enable syslog-summary. >-+.TP >-+\fB-v \fR >-+Print current version. >-+.TP >-+\fB-w \fR >-+Set the report level to "workstation". >-+.SH "FILES" >-+.PP >-+%%ETCDIR%%/logcheck.conf is the main configuration file. >-+.PP >-+%%ETCDIR%%/logcheck.logfiles is the list of files to monitor. >-+.PP >-+%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules. >-+.SH "EXIT STATUS" >-+.PP >-+0 upon success; 1 upon failure >-+.SH "SEE ALSO" >-+.PP >-+\fBlogtail\fR(8) >-+.SH "AUTHOR" >-+.PP >-+logcheck is developed by Debian logcheck Team at alioth: >-+http://alioth.debian.org/projects/logcheck/. >-+.PP >-+This manual page was written by Jon Middleton. >Index: files/extra-patch-etc__logcheck.conf.in >=================================================================== >--- files/extra-patch-etc__logcheck.conf.in (revision 445458) >+++ files/extra-patch-etc__logcheck.conf.in (nonexistent) >@@ -1,17 +0,0 @@ >---- etc/logcheck.conf.orig 2010-04-15 01:15:34.000000000 +0900 >-+++ etc/logcheck.conf 2010-05-12 14:22:13.000000000 +0900 >-@@ -53,13 +53,7 @@ >- # Controls the base directory for rules file location >- # This must be an absolute path >- >--#RULEDIR="/etc/logcheck" >-- >--# Controls if syslog-summary is run over each section. >--# Alternatively, set to "1" to enable extra summary. >--# HINT: syslog-summary needs to be installed. >-- >--#SYSLOGSUMMARY=0 >-+#RULEDIR="%%ETCDIR%%" >- >- # Controls Subject: lines on logcheck reports: >- >Index: files/extra-patch-src__logcheck.in >=================================================================== >--- files/extra-patch-src__logcheck.in (revision 445458) >+++ files/extra-patch-src__logcheck.in (nonexistent) >@@ -1,151 +0,0 @@ >---- src/logcheck.orig 2010-07-07 15:59:57.000000000 -0400 >-+++ src/logcheck 2010-07-07 16:19:33.000000000 -0400 >-@@ -24,17 +24,10 @@ >- >- if [ `id -u` = 0 ]; then >- echo "logcheck should not be run as root. Use su to invoke logcheck:" >-- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck" >-+ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\"" >- echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}." >- # you may want to uncomment that hack to let logcheck invoke itself. >-- # su -s /bin/bash -c "$0 $*" logcheck >-- exit 1 >--fi >-- >--if [ ! -f /usr/bin/lockfile-create -o \ >-- ! -f /usr/bin/lockfile-remove -o \ >-- ! -f /usr/bin/lockfile-touch ]; then >-- echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found." >-+ # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck >- exit 1 >- fi >- >-@@ -69,12 +62,12 @@ >- ADDTAG="no" >- >- # Set the default paths >--RULEDIR="/etc/logcheck" >--CONFFILE="/etc/logcheck/logcheck.conf" >--STATEDIR="/var/lib/logcheck" >--LOGFILES_LIST="/etc/logcheck/logcheck.logfiles" >--LOGFILE_FALLBACK="/var/log/syslog" >--LOGTAIL="/usr/sbin/logtail2" >-+RULEDIR="%%ETCDIR%%" >-+CONFFILE="%%ETCDIR%%/logcheck.conf" >-+STATEDIR="/var/db/logcheck" >-+LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles" >-+LOGFILE_FALLBACK="/var/log/messages" >-+LOGTAIL="%%PREFIX%%/sbin/logtail2" >- CAT="/bin/cat" >- SYSLOG_SUMMARY="/usr/bin/syslog-summary" >- >-@@ -89,20 +82,15 @@ >- SORTUNIQ=0 >- SUPPORT_CRACKING_IGNORE=0 >- SYSLOGSUMMARY=0 >--LOCKDIR=/run/lock/logcheck >-+LOCKDIR=/var/run/logcheck >- LOCKFILE="$LOCKDIR/logcheck" >- >- # Carry out the clean up tasks >- cleanup() { >- >-- if [ -n "$LOCK" ]; then >-- debug "cleanup: Killing lockfile-touch - $LOCK" >-- kill "$LOCK" && unset LOCK >-- fi >-- >-- if [ -f "$LOCKFILE.lock" ]; then >-- debug "cleanup: Removing lockfile: $LOCKFILE.lock" >-- lockfile-remove "$LOCKFILE" >-+ if [ -f "$LOCKFILE" ]; then >-+ debug "cleanup: Removing lockfile: $LOCKFILE" >-+ rm -f "$LOCKFILE" >- fi >- >- if [ -d "$TMPDIR" ]; then >-@@ -144,14 +132,9 @@ >- if [ "$2" = "noclean" ]; then >- debug "error: Not removing lockfile" >- else >-- if [ -n "$LOCK" ]; then >-- debug "error: Killing lockfile-touch - $LOCK" >-- kill "$LOCK" && unset LOCK >-- fi >-- >-- if [ -f "$LOCKFILE.lock" ]; then >-- debug "error: Removing lockfile: $LOCKFILE.lock" >-- lockfile-remove "$LOCKFILE" >-+ if [ -f "$LOCKFILE" ]; then >-+ debug "error: Removing lockfile: $LOCKFILE" >-+ rm -f "$LOCKFILE" >- fi >- >- fi >-@@ -170,7 +153,7 @@ >- ${TMPDIR:+Check temporary directory: $TMPDIR >- } >- Also verify that the logcheck user can read all files referenced in >--/etc/logcheck/logcheck.logfiles! >-+%%ETCDIR%%/logcheck.logfiles! >- >- $(export) >- EOF >-@@ -215,7 +198,7 @@ >- mkdir "$cleaned" \ >- || error "Could not make dir $cleaned for cleaned rulefiles." >- fi >-- for rulefile in $(run-parts --list "$dir"); do >-+ for rulefile in $(ls -1R "$dir"); do >- rulefile="$(basename "$rulefile")" >- if [ -f "${dir}/${rulefile}" ]; then >- debug "cleanrules: ${dir}/${rulefile}" >-@@ -529,9 +512,9 @@ >- >- # Hostname either fully qualified or not. >- if [ "$FQDN" -eq 1 ]; then >-- HOSTNAME="$(hostname --fqdn 2>/dev/null)" >-+ HOSTNAME="$(hostname -f 2>/dev/null)" >- else >-- HOSTNAME="$(hostname --short 2>/dev/null)" >-+ HOSTNAME="$(hostname -s 2>/dev/null)" >- fi >- >- # Now check for the other options >-@@ -610,30 +593,25 @@ >- >- trap 'cleanup' 0 >- >--debug "Trying to get lockfile: $LOCKFILE.lock" >-+debug "Trying to get lockfile: $LOCKFILE" >- if [ ! -d "$LOCKDIR" ]; then >- mkdir -m 0755 "$LOCKDIR" >- fi >--lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1 >-+lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1 >- >- >- if [ $? -eq 1 ]; then >- trap 0 >-- if [ -e "${LOCKFILE}.lock" ]; then >-+ if [ -e "${LOCKFILE}" ]; then >- error "Another logcheck process is still running" "noclean" >- else >-- error "Failed to get lockfile: $LOCKFILE.lock" "noclean" >-+ error "Failed to get lockfile: $LOCKFILE" "noclean" >- fi >-- >--else >-- debug "Running lockfile-touch $LOCKFILE.lock" >-- lockfile-touch "$LOCKFILE" & >-- LOCK="$!" >- fi >- >- # Create the secure temporary directory or exit >--TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \ >-- || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \ >-+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \ >-+ || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \ >- || error "Could not create temporary directory" >- >- # Now clean the rulefiles in the directories >Index: files/extra-patch-src__logtail2.in >=================================================================== >--- files/extra-patch-src__logtail2.in (revision 445458) >+++ files/extra-patch-src__logtail2.in (nonexistent) >@@ -1,11 +0,0 @@ >---- src/logtail2.orig 2010-01-18 17:24:26.000000000 -0500 >-+++ src/logtail2 2010-01-18 17:24:40.000000000 -0500 >-@@ -108,7 +108,7 @@ >- # function with dateext magic added. >- >- #print "determine_rotated_logfile $filename $inode\n"; >-- for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) { >-+ for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) { >- my $func = do $codefile; >- if (!$func) { >- print STDERR "cannot compile $codefile: $!"; >Index: files/patch-debian_logcheck.cron.d >=================================================================== >--- files/patch-debian_logcheck.cron.d (nonexistent) >+++ files/patch-debian_logcheck.cron.d (working copy) >@@ -0,0 +1,16 @@ >+--- debian/logcheck.cron.d.orig 2017-01-25 21:08:04 UTC >++++ debian/logcheck.cron.d >+@@ -1,9 +1,5 @@ >+-# /etc/cron.d/logcheck: crontab entries for the logcheck package >+- >+-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin >++# crontab entries for the logcheck package >++PATH=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/sbin:%%PREFIX%%/bin >+ MAILTO=root >+- >+-@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi >+-2 * * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi >+- >+-# EOF >++@reboot if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck -R; fi >++2 * * * * if [ -x %%PREFIX%%/sbin/logcheck ]; then nice -n10 %%PREFIX%%/sbin/logcheck; fi >Index: files/patch-docs_logcheck.sgml >=================================================================== >--- files/patch-docs_logcheck.sgml (nonexistent) >+++ files/patch-docs_logcheck.sgml (working copy) >@@ -0,0 +1,17 @@ >+--- docs/logcheck.sgml.orig 2017-01-25 21:08:04 UTC >++++ docs/logcheck.sgml >+@@ -244,10 +244,10 @@ manpage.1: manpage.sgml >+ <refsect1> >+ <title>FILES</title> >+ >+- <para>/etc/logcheck/logcheck.conf is the main configuration file.</para> >+- <para>/etc/logcheck/logcheck.logfiles is the list of files to monitor.</para> >+- <para>/etc/logcheck/logcheck.logfiles.d is the directory of lists of files to monitor.</para> >+- <para>/usr/share/doc/logcheck-database/README.logcheck-database.gz for hints on how to write, test and maintain rules.</para> >++ <para>%%ETCDIR%%/logcheck.conf is the main configuration file.</para> >++ <para>%%ETCDIR%%/logcheck.logfiles is the list of files to monitor.</para> >++ <para>%%ETCDIR%%/logcheck.logfiles.d is the directory of lists of files to monitor.</para> >++ <para>%%DOCSDIR%%/README.logcheck-database for hints on how to write, test and maintain rules.</para> >+ </refsect1> >+ <refsect1> >+ <title>EXIT STATUS</title> >Index: files/patch-etc_logcheck.conf >=================================================================== >--- files/patch-etc_logcheck.conf (nonexistent) >+++ files/patch-etc_logcheck.conf (working copy) >@@ -0,0 +1,37 @@ >+--- etc/logcheck.conf.orig 2017-01-25 21:08:04 UTC >++++ etc/logcheck.conf >+@@ -9,7 +9,7 @@ >+ # Controls the presence of boilerplate at the top of each message: >+ # Alternatively, set to "0" to disable the introduction. >+ # >+-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt >++# If the files %%ETCDIR%%/header.txt and %%ETCDIR%%/footer.txt >+ # are present their contents will be read and used as the header and >+ # footer of any generated mails. >+ >+@@ -44,8 +44,8 @@ FQDN=1 >+ >+ #SORTUNIQ=0 >+ >+-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for >+-# exceptions to the rules in /etc/logcheck/cracking.d: >++# Controls whether %%ETCDIR%%/cracking.ignore.d is scanned for >++# exceptions to the rules in %%ETCDIR%%/cracking.d: >+ # Alternatively, set to "1" to enable cracking.ignore support >+ >+ #SUPPORT_CRACKING_IGNORE=0 >+@@ -53,13 +53,7 @@ FQDN=1 >+ # Controls the base directory for rules file location >+ # This must be an absolute path >+ >+-#RULEDIR="/etc/logcheck" >+- >+-# Controls if syslog-summary is run over each section. >+-# Alternatively, set to "1" to enable extra summary. >+-# HINT: syslog-summary needs to be installed. >+- >+-#SYSLOGSUMMARY=0 >++#RULEDIR="%%ETCDIR%%" >+ >+ # Controls Subject: lines on logcheck reports: >+ >Index: files/patch-etc_logcheck.logfiles >=================================================================== >--- files/patch-etc_logcheck.logfiles (nonexistent) >+++ files/patch-etc_logcheck.logfiles (working copy) >@@ -0,0 +1,8 @@ >+--- etc/logcheck.logfiles.orig 2017-01-25 21:08:04 UTC >++++ etc/logcheck.logfiles >+@@ -1,4 +1,4 @@ >+ # these files will be checked by logcheck >+ # This has been tuned towards a default syslog install >+-/var/log/syslog >+ /var/log/auth.log >++/var/log/messages >Index: files/patch-rulefiles__linux__ignore.d.server__ssh >=================================================================== >--- files/patch-rulefiles__linux__ignore.d.server__ssh (revision 445458) >+++ files/patch-rulefiles__linux__ignore.d.server__ssh (working copy) >@@ -1,6 +1,6 @@ >---- ./rulefiles/linux/ignore.d.server/ssh.orig 2010-09-03 04:24:30.000000000 -0400 >-+++ ./rulefiles/linux/ignore.d.server/ssh 2011-11-23 14:25:31.000000000 -0500 >-@@ -21,8 +21,8 @@ >+--- rulefiles/linux/ignore.d.server/ssh.orig 2017-01-25 21:08:04 UTC >++++ rulefiles/linux/ignore.d.server/ssh >+@@ -27,8 +27,8 @@ > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$ > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$ > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$ >Index: files/patch-src_logcheck >=================================================================== >--- files/patch-src_logcheck (nonexistent) >+++ files/patch-src_logcheck (working copy) >@@ -0,0 +1,153 @@ >+--- src/logcheck.orig 2017-07-11 09:46:25 UTC >++++ src/logcheck >+@@ -24,17 +24,10 @@ >+ >+ if [ `id -u` = 0 ]; then >+ echo "logcheck should not be run as root. Use su to invoke logcheck:" >+- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck" >++ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\"" >+ echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}." >+ # you may want to uncomment that hack to let logcheck invoke itself. >+- # su -s /bin/bash -c "$0 $*" logcheck >+- exit 1 >+-fi >+- >+-if [ ! -f /usr/bin/lockfile-create -o \ >+- ! -f /usr/bin/lockfile-remove -o \ >+- ! -f /usr/bin/lockfile-touch ]; then >+- echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found." >++ # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck >+ exit 1 >+ fi >+ >+@@ -69,13 +62,13 @@ EVENTSSUBJECT="System Events" >+ ADDTAG="no" >+ >+ # Set the default paths >+-RULEDIR="/etc/logcheck" >+-CONFFILE="/etc/logcheck/logcheck.conf" >+-STATEDIR="/var/lib/logcheck" >+-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles" >+-LOGFILES_LIST_D="/etc/logcheck/logcheck.logfiles.d" >+-LOGFILE_FALLBACK="/var/log/syslog" >+-LOGTAIL="/usr/sbin/logtail2" >++RULEDIR="%%ETCDIR%%" >++CONFFILE="%%ETCDIR%%/logcheck.conf" >++STATEDIR="%%DBDIR%%" >++LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles" >++LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d" >++LOGFILE_FALLBACK="/var/log/messages" >++LOGTAIL="%%PREFIX%%/sbin/logtail2" >+ CAT="/bin/cat" >+ SYSLOG_SUMMARY="/usr/bin/syslog-summary" >+ >+@@ -90,20 +83,15 @@ FQDN=0 >+ SORTUNIQ=0 >+ SUPPORT_CRACKING_IGNORE=0 >+ SYSLOGSUMMARY=0 >+-LOCKDIR=/run/lock/logcheck >++LOCKDIR=/var/run/logcheck >+ LOCKFILE="$LOCKDIR/logcheck" >+ >+ # Carry out the clean up tasks >+ cleanup() { >+ >+- if [ -n "$LOCK" ]; then >+- debug "cleanup: Killing lockfile-touch - $LOCK" >+- kill "$LOCK" && unset LOCK >+- fi >+- >+- if [ -f "$LOCKFILE.lock" ]; then >+- debug "cleanup: Removing lockfile: $LOCKFILE.lock" >+- lockfile-remove "$LOCKFILE" >++ if [ -f "$LOCKFILE" ]; then >++ debug "cleanup: Removing lockfile: $LOCKFILE" >++ rm -f "$LOCKFILE" >+ fi >+ >+ if [ -d "$TMPDIR" ]; then >+@@ -145,14 +133,9 @@ error() { >+ if [ "$2" = "noclean" ]; then >+ debug "error: Not removing lockfile" >+ else >+- if [ -n "$LOCK" ]; then >+- debug "error: Killing lockfile-touch - $LOCK" >+- kill "$LOCK" && unset LOCK >+- fi >+- >+- if [ -f "$LOCKFILE.lock" ]; then >+- debug "error: Removing lockfile: $LOCKFILE.lock" >+- lockfile-remove "$LOCKFILE" >++ if [ -f "$LOCKFILE" ]; then >++ debug "error: Removing lockfile: $LOCKFILE" >++ rm -f "$LOCKFILE" >+ fi >+ >+ fi >+@@ -171,7 +154,7 @@ $message >+ ${TMPDIR:+Check temporary directory: $TMPDIR >+ } >+ Also verify that the logcheck user can read all files referenced in >+-/etc/logcheck/logcheck.logfiles! >++%%ETCDIR%%/logcheck.logfiles! >+ >+ $(export) >+ EOF >+@@ -223,7 +206,7 @@ cleanrules() { >+ error "Couldn't read $x" >+ fi >+ done >+- for rulefile in $(run-parts --list "$dir"); do >++ for rulefile in $(ls -1R "$dir"); do >+ rulefile="$(basename "$rulefile")" >+ if [ -f "${dir}/${rulefile}" ]; then >+ debug "cleanrules: ${dir}/${rulefile}" >+@@ -538,9 +521,9 @@ fi >+ >+ # Hostname either fully qualified or not. >+ if [ "$FQDN" -eq 1 ]; then >+- HOSTNAME="$(hostname --fqdn 2>/dev/null)" >++ HOSTNAME="$(hostname -f 2>/dev/null)" >+ else >+- HOSTNAME="$(hostname --short 2>/dev/null)" >++ HOSTNAME="$(hostname -s 2>/dev/null)" >+ fi >+ >+ # Now check for the other options >+@@ -623,30 +606,25 @@ fi >+ >+ trap 'cleanup' 0 >+ >+-debug "Trying to get lockfile: $LOCKFILE.lock" >++debug "Trying to get lockfile: $LOCKFILE" >+ if [ ! -d "$LOCKDIR" ]; then >+ mkdir -m 0755 "$LOCKDIR" >+ fi >+-lockfile-create --retry 1 "$LOCKFILE" > /dev/null 2>&1 >++lockfile -r 1 "$LOCKFILE" > /dev/null 2>&1 >+ >+ >+ if [ $? -eq 1 ]; then >+ trap 0 >+- if [ -e "${LOCKFILE}.lock" ]; then >++ if [ -e "${LOCKFILE}" ]; then >+ error "Another logcheck process is still running" "noclean" >+ else >+- error "Failed to get lockfile: $LOCKFILE.lock" "noclean" >++ error "Failed to get lockfile: $LOCKFILE" "noclean" >+ fi >+- >+-else >+- debug "Running lockfile-touch $LOCKFILE.lock" >+- lockfile-touch "$LOCKFILE" & >+- LOCK="$!" >+ fi >+ >+ # Create the secure temporary directory or exit >+-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \ >+- || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \ >++TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \ >++ || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \ >+ || error "Could not create temporary directory" >+ >+ # Now clean the rulefiles in the directories >Index: files/patch-src_logtail2 >=================================================================== >--- files/patch-src_logtail2 (nonexistent) >+++ files/patch-src_logtail2 (working copy) >@@ -0,0 +1,11 @@ >+--- src/logtail2.orig 2017-07-11 09:46:25 UTC >++++ src/logtail2 >+@@ -109,7 +109,7 @@ sub determine_rotated_logfile { >+ # function with dateext magic added. >+ >+ #print "determine_rotated_logfile $filename $inode\n"; >+- for my $codefile (glob("/usr/share/logtail/detectrotate/*.dtr")) { >++ for my $codefile (glob("%%DATADIR%%/detectrotate/*.dtr")) { >+ my $func = do $codefile; >+ if (!$func) { >+ print STDERR "cannot compile $codefile: $!"; >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 445458) >+++ pkg-plist (working copy) >@@ -1,4 +1,7 @@ > @mode 640 >+%%DATADIR%%/detectrotate/10-savelog.dtr >+%%DATADIR%%/detectrotate/20-logrotate.dtr >+%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr > %%ETCDIR%%/cracking.d/kernel > %%ETCDIR%%/cracking.d/rlogind > %%ETCDIR%%/cracking.d/rsh >@@ -131,6 +134,8 @@ > %%ETCDIR%%/ignore.d.server/sudo > %%ETCDIR%%/ignore.d.server/sympa > %%ETCDIR%%/ignore.d.server/syslogd >+%%ETCDIR%%/ignore.d.server/systemd >+%%ETCDIR%%/ignore.d.server/systemd-timesyncd > %%ETCDIR%%/ignore.d.server/teapop > %%ETCDIR%%/ignore.d.server/telnetd > %%ETCDIR%%/ignore.d.server/tftpd >@@ -179,6 +184,8 @@ > %%ETCDIR%%/ignore.d.workstation/wpasupplicant > %%ETCDIR%%/ignore.d.workstation/xdm > %%ETCDIR%%/ignore.d.workstation/xlockmore >+%%ETCDIR%%/logcheck.conf.sample >+%%ETCDIR%%/logcheck.logfiles.sample > %%ETCDIR%%/violations.d/kernel > %%ETCDIR%%/violations.d/logcheck > %%ETCDIR%%/violations.d/smartd >@@ -186,11 +193,6 @@ > %%ETCDIR%%/violations.d/sudo > %%ETCDIR%%/violations.ignore.d/logcheck-su > %%ETCDIR%%/violations.ignore.d/logcheck-sudo >-%%ETCDIR%%/logcheck.conf.sample >-%%ETCDIR%%/logcheck.logfiles.sample >-%%DATADIR%%/detectrotate/10-savelog.dtr >-%%DATADIR%%/detectrotate/20-logrotate.dtr >-%%DATADIR%%/detectrotate/30-logrotate-dateext.dtr > @mode > man/man8/logcheck.8.gz > man/man8/logtail.8.gz
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=184253">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
yasu
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 220609
:
184238
|
184253
|
184281
|
184295