Attachment #220480 for bug #251778

View | Details | Raw Unified | Return to bug 251778
Collapse All | Expand All

Lines 3-8 Link Here

(-)security/logcheck/Makefile (+1 lines)
3		3
4	PORTNAME= logcheck	4	PORTNAME= logcheck
5	PORTVERSION= 1.3.20	5	PORTVERSION= 1.3.20
		6	PORTREVISION= 1
6	CATEGORIES= security	7	CATEGORIES= security
7	MASTER_SITES= DEBIAN_POOL	8	MASTER_SITES= DEBIAN_POOL
8	DISTNAME= ${PORTNAME}_${PORTVERSION}	9	DISTNAME= ${PORTNAME}_${PORTVERSION}

Lines 1-5 Link Here

(-)security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh (-1 / +10 lines)
1	--- rulefiles/linux/ignore.d.server/ssh.orig 2017-01-25 21:08:04 UTC	1	--- rulefiles/linux/ignore.d.server/ssh.orig 2019-03-01 22:27:31 UTC
2	+++ rulefiles/linux/ignore.d.server/ssh	2	+++ rulefiles/linux/ignore.d.server/ssh
		3	@@ -14,7 +14,7 @@
		4	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh\|ssh2)( \[preauth\])?)?$
		5	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
		6	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: \| port [[:digit:]]+:)11: (disconnected by user\|Closed due to user request\.)$
		7	-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$
		8	+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,255} \[preauth\]$
		9	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
		10	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
		11	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+$
3	@@ -27,8 +27,8 @@	12	@@ -27,8 +27,8 @@
4	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ check pass; user unknown$	13	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ check pass; user unknown$
5	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ bad username \[[^]]+\]$	14	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: $pam_unix$ bad username \[[^]]+\]$

Line 0 Link Here

(-)security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix (+10 lines)
	1	--- rulefiles/linux/ignore.d.paranoid/postfix.orig 2015-12-10 18:14:10 UTC
	2	+++ rulefiles/linux/ignore.d.paranoid/postfix
	3	@@ -1,5 +1,5 @@
	4	-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(local\|pipe\|virtual)\[[[:digit:]]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, \|)relay=[^[:space:]]+, delay=[.[:digit:]]+, (delays=[.[:digit:]/]+, dsn=[.[:digit:]]+, )?status=[[:alnum:]]+ $.*$$
	5	-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-\|)message-id=<[^[:space:]]+>$
	6	+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(local\|pipe\|virtual)\[[[:digit:]]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, )?relay=[^[:space:]]+, delay=[.[:digit:]]+, (delays=[.[:digit:]/]+, dsn=[.[:digit:]]+, )?status=[[:alnum:]]+ $.*$$
	7	+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-)?message-id=<[^[:space:]]+>$
	8	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/nqmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ $queue active$$
	9	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/pickup\[[[:digit:]]+\]: [[:alnum:]]+: uid=[[:digit:]]+ from=[^[:space:]]+$
	10	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/qmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ $queue active$$

Line 0 Link Here

(-)security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp (+22 lines)
	1	--- rulefiles/linux/ignore.d.server/dhcp.orig 2017-01-14 11:42:45 UTC
	2	+++ rulefiles/linux/ignore.d.server/dhcp
	3	@@ -10,13 +10,13 @@
	4	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ ($[\($._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
	5	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCP(NAK\|RELEASE\|INFORM) (on\|from) ([.0-9]{7,15}\|[:[:alnum:].]+)$
	6	#Added for dhcp 3
	7	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ ($[._[:alnum:]-]+$ \|)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$
	8	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ ($[._[:alnum:]-]+$ \|)via [._[:alnum:]-]+$
	9	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} ($[.0-9]{7,15}$ \|)from [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?\|: lease owned by peer\.?\|: wrong network\.?\|: lease [.0-9]{7,15} unavailable\.?)?$
	10	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ ($[._[:alnum:]-]+$ \|)via [._[:alnum:]-]+$
	11	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ ($[._[:alnum:]-]+$ \|)via [._[:alnum:]-]+$
	12	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$
	13	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+$
	14	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} ($[.0-9]{7,15}$ )?from [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?\|: lease owned by peer\.?\|: wrong network\.?\|: lease [.0-9]{7,15} unavailable\.?)?$
	15	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+$
	16	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+$
	17	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$
	18	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ ($[._[:alnum:]-]+$ \|)via [._[:alnum:]-]+ $(not \|)found$$
	19	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ ($[._[:alnum:]-]+$ )?via [._[:alnum:]-]+ $(not )?found$$
	20	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to [.0-9]{7,15}( $([:[:xdigit:]]+\|<no client hardware address>)$ via [._[:alnum:]-]+)?$
	21	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing\|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own $\+/-$[[:digit:]]+\|misbal [[:digit:]]+))?$
	22	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$

Line 0 Link Here

(-)security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs (+7 lines)
	1	--- rulefiles/linux/ignore.d.server/nfs.orig 2015-12-10 18:14:10 UTC
	2	+++ rulefiles/linux/ignore.d.server/nfs
	3	@@ -1,2 +1,2 @@
	4	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un\|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-])+ $(/[._[:alnum:]-])+$$
	5	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un\|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-])+ $(/[._[:alnum:]-])+$$
	6	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un)?mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-])+ $(/[._[:alnum:]-])+$$
	7	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un)?mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-])+ $(/[._[:alnum:]-])+$$

Lines 1-5 Link Here

(-)security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix (+9 lines)
1	--- rulefiles/linux/ignore.d.server/postfix.orig 2019-03-01 15:22:43 UTC	1	--- rulefiles/linux/ignore.d.server/postfix.orig 2019-03-01 15:22:43 UTC
2	+++ rulefiles/linux/ignore.d.server/postfix	2	+++ rulefiles/linux/ignore.d.server/postfix
		3	@@ -8,7 +8,7 @@
		4	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/anvil\[[[:digit:]]+\]: statistics: max (message\|recipient\|connection) (count\|rate) [/[:digit:]s]+ for $([.:[:xdigit:]]+)?(smtp(s)?\|25\|submission\|587):([.:[:xdigit:]]+\|unknown)$ at \w{3} [ :[:digit:]]{11}$
		5	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/anvil\[[[:digit:]]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :[:digit:]]{11}$
		6	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [[:xdigit:]]+: sender (delay\|non-delivery\|delivery status) notification: [[:xdigit:]]+$
		7	-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-\|)message-id=<?[^>]+>?( $added by [^[:space:]]+$)?$
		8	+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-)?message-id=<?[^>]+>?( $added by [^[:space:]]+$)?$
		9	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: milter-discard: END-OF-MESSAGE from [-._[:alnum:]]+\[([.[:digit:]]+\|[:[:xdigit:]]+)\]: milter triggers DISCARD action; from=<[^[:space:]]> to=<[^[:space:]]> proto=E?SMTP helo=<[^[:space:]]+>$
		10	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:upper:][:digit:]]+: reject: header [^[:space:]]+:.+ from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=E?SMTP helo=<[^[:space:]]+>: .+$
		11	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:xdigit:]]+: milter-reject: END-OF-MESSAGE from [-._[:alnum:]]+\[[.[:digit:]]+\]: [45]\.7\.1 (virus [-._/[:alnum:]]+ detected by ClamAV - http://www\.clamav\.net\|Command rejected); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$
3	@@ -60,7 +60,7 @@	12	@@ -60,7 +60,7 @@
4	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: [^[:space:]]+ offered null AUTH mechanism list$	13	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: [^[:space:]]+ offered null AUTH mechanism list$
5	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: mailer loop: best MX for [^[:space:]]+ is local$	14	^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: mailer loop: best MX for [^[:space:]]+ is local$

Line 0 Link Here

(-)security/logcheck/files/patch-rulefiles_linux_violations.d_kernel (+6 lines)
	1	--- rulefiles/linux/violations.d/kernel.orig 2015-12-10 18:14:10 UTC
	2	+++ rulefiles/linux/violations.d/kernel
	3	@@ -1,2 +1,2 @@
	4	-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error $bad sector$: status=0x[[:xdigit:]]+ { DriveReady SeekComplete Error }$
	5	+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error $bad sector$: status=0x[[:xdigit:]]+ \{ DriveReady SeekComplete Error \}$
	6	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? end_request: I/O error, dev [[:alnum:]]+, sector [[:digit:]]+

Return to bug 251778