FreeBSD Bugzilla – Attachment 198536 Details for
Bug 232596
security/logcheck: Add patch to deal with log format change of sudo(1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch file
security_logcheck.patch (text/plain), 4.96 KB, created by
Yasuhiro Kimura
on 2018-10-24 07:49:51 UTC
(
hide
)
Description:
patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2018-10-24 07:49:51 UTC
Size:
4.96 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 482743) >+++ Makefile (working copy) >@@ -3,6 +3,7 @@ > > PORTNAME= logcheck > PORTVERSION= 1.3.19 >+PORTREVISION= 1 > CATEGORIES= security > MASTER_SITES= DEBIAN_POOL > DISTNAME= ${PORTNAME}_${PORTVERSION} >@@ -18,6 +19,9 @@ > lockfile-create:sysutils/lockfile-progs \ > bash:shells/bash > >+# Enable Perl dependency for logtail script >+USES= perl5 shebangfix tar:xz >+ > LOGCHECK_USER= logcheck > LOGCHECK_GROUP= ${LOGCHECK_USER} > USERS= ${LOGCHECK_USER} >@@ -33,9 +37,6 @@ > OPTIONS_DEFAULT=CRON > .endif > >-# Enable Perl dependency for logtail script >-USES= perl5 shebangfix tar:xz >- > WRKSRC= ${WRKDIR}/${DISTNAME:S!_!-!} > BINMODE= 755 > SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \ >Index: files/patch-rulefiles_linux_ignore.d.server_sudo >=================================================================== >--- files/patch-rulefiles_linux_ignore.d.server_sudo (nonexistent) >+++ files/patch-rulefiles_linux_ignore.d.server_sudo (working copy) >@@ -0,0 +1,11 @@ >+--- rulefiles/linux/ignore.d.server/sudo.orig 2018-05-30 21:59:13 UTC >++++ rulefiles/linux/ignore.d.server/sudo >+@@ -1,4 +1,4 @@ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ >Index: files/patch-rulefiles_linux_violations.d_sudo >=================================================================== >--- files/patch-rulefiles_linux_violations.d_sudo (nonexistent) >+++ files/patch-rulefiles_linux_violations.d_sudo (working copy) >@@ -0,0 +1,7 @@ >+--- rulefiles/linux/violations.d/sudo.orig 2018-05-30 21:59:13 UTC >++++ rulefiles/linux/violations.d/sudo >+@@ -1,3 +1,3 @@ >+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$ >+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$ >Index: files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo >=================================================================== >--- files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo (nonexistent) >+++ files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo (working copy) >@@ -0,0 +1,13 @@ >+--- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig 2018-05-30 21:59:13 UTC >++++ rulefiles/linux/violations.ignore.d/logcheck-sudo >+@@ -1,5 +1,5 @@ >+-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ >+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ >++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ >++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=198536">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
yasu
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 232596
: 198536