diff --git a/logwatch-named-dnssec.patch b/logwatch-named-dnssec.patch new file mode 100644 index 0000000..f0633ea --- /dev/null +++ b/logwatch-named-dnssec.patch @@ -0,0 +1,137 @@ +diff -up logwatch-svn46/scripts/services/named.dnssec logwatch-svn46/scripts/services/named +--- logwatch-svn46/scripts/services/named.dnssec 2011-03-28 13:54:24.212725223 +0200 ++++ logwatch-svn46/scripts/services/named 2011-03-28 14:08:21.044509429 +0200 +@@ -228,6 +228,7 @@ while (defined($ThisLine = )) { + ($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or + ($ThisLine =~ /too many timeouts resolving '.*' .*: reducing the advertised EDNS UDP packet size to .* octets/) or + ($ThisLine =~ /reloading zones succeeded/) or ++ ($ThisLine =~ /generating session key/) or + ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or + ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or + ($ThisLine =~ /the working directory is not writable/) or +@@ -249,6 +250,11 @@ while (defined($ThisLine = )) { + ($ThisLine =~ /refresh in progress, refresh check queued/) or + ($ThisLine =~ /refresh: NODATA response from master/) or + ($ThisLine =~ /update with no effect/) or ++ ($ThisLine =~ /reading built-in trusted keys from file/) or ++ ($ThisLine =~ /using built-in trusted-keys/) or ++ ($ThisLine =~ /set up managed keys zone/) or ++ # the following seems okay since it says "success" ++ ($ThisLine =~ /managed-keys-zone .*: No DNSKEY RRSIGs found for '.*': success/) or + # ignore this line because the following line describes the error + ($ThisLine =~ /unexpected error/) + ) { +@@ -269,7 +275,8 @@ while (defined($ThisLine = )) { + $ShutdownNamed++; + } elsif ( $ThisLine =~ /named shutdown failed/ ) { + $ShutdownNamedFail++; +- } elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) { ++ } elsif ( (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?zone transfer '(.+)' denied/ )) or ++ (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?bad zone transfer request: '(.+)':/ )) ) { + $DeniedZoneTransfers{$Host}{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) { + $DeferredZoneTransfers{$Zone}++; +@@ -291,14 +298,13 @@ while (defined($ThisLine = )) { + $ZoneLoaded{$Zone}++; + } elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on|resolving) '(.+)' \(in .+\):\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) { + $LameServer{"$Addr ($Server)"}++; +- } elsif ( ($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ ) ) { ++ } elsif ( (($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ )) or ++ (($Zone) = ( $ThisLine =~ /zone (.+): \(.*\) removed/ )) ) { + $ZoneRemoved{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) { + $ZoneReceivedNotify{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) { + $ZoneReceivedNotify{$Zone}++; +- } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) { +- $ZoneReceivedNotify{$Zone}++; + } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\/IN: refused notify from non-master/ ) ) { + $ZoneRefusedNotify{$Zone}++; + # } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) { +@@ -321,13 +327,13 @@ while (defined($ThisLine = )) { + } elsif ( ($Client) = ( $ThisLine =~ /warning: client (.*) no more TCP clients/ ) ) { + $FullClient = LookupIP ($Client); + $DeniedTCPClient{$FullClient}++; +- } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query \(cache\) denied/ ) ) { ++ } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: (?:view \w+: )?query \(cache\) denied/ ) ) { + $FullClient = LookupIP ($Client); + $DeniedQuery{$FullClient}++; + } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query '.*\/IN' denied/ ) ) { + $FullClient = LookupIP ($Client); + $DeniedQueryNoCache{$FullClient}++; +- } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) { ++ } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: (?:view \w+: )?update '(.*)' denied/)) { + $ViewName = ($ViewName ? "/$ViewName" : ""); + $UpdateDenied{"$Rhost ($Ldom$ViewName)"}++; + } elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update forwarding '(.*)' denied/)) { +@@ -384,6 +390,18 @@ while (defined($ThisLine = )) { + $NoSOA{$Client}++; + } elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) { + $Hints{$Hint}++; ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) { ++ $DNSSECInsec{'__Total__'}++; ++ $DNSSECInsec{$Zone}{$RR}++; ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) { ++ $DNSSECInvalid{'__Total__'}++; ++ $DNSSECInvalid{$Zone}{$RR}++; ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) { ++ $DNSSECBadCache{'__Total__'}++; ++ $DNSSECBadCache{$Zone}{$RR}++; ++ } elsif (($Error,$Host) = ($ThisLine =~ /error \((.*)\) resolving '([^']+)':/)) { ++ $DNSSECError{$Error}{'__Total__'}++; ++ $DNSSECError{$Error}{$Host}++; + } else { + # Report any unmatched entries... + # remove PID from named messages +@@ -713,6 +731,51 @@ if (keys %Hints) { + } + } + ++if (($Detail >= 5) and (keys %DNSSECInsec)) { ++ print "\n DNSSEC Insecure Responses: " . $DNSSECInsec{'__Total__'} . " Time(s)\n"; ++ foreach $Zone (sort keys %DNSSECInsec) { ++ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) { ++ foreach $RR (sort keys %{$DNSSECInsec{$Zone}}) { ++ print " " . "$Zone/$RR: " . $DNSSECInsec{$Zone}{$RR} . " Time(s)\n"; ++ } ++ } ++ } ++} ++ ++if (($Detail >= 5) and (keys %DNSSECInvalid)) { ++ print "\n DNSSEC No Valid Signature: " . $DNSSECInvalid{'__Total__'} . " Time(s)\n"; ++ foreach $Zone (sort keys %DNSSECInvalid) { ++ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) { ++ foreach $RR (sort keys %{$DNSSECInvalid{$Zone}}) { ++ print " " . "$Zone/$RR: " . $DNSSECInvalid{$Zone}{$RR} . " Time(s)\n"; ++ } ++ } ++ } ++} ++ ++if (($Detail >= 5) and (keys %DNSSECBadCache)) { ++ print "\n DNSSEC Bad Cache hit: " . $DNSSECBadCache{'__Total__'} . " Time(s)\n"; ++ foreach $Zone (sort keys %DNSSECBadCache) { ++ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) { ++ foreach $RR (sort keys %{$DNSSECBadCache{$Zone}}) { ++ print " " . "$Zone/$RR: " . $DNSSECBadCache{$Zone}{$RR} . " Time(s)\n"; ++ } ++ } ++ } ++} ++ ++if (($Detail >= 5) and (keys %DNSSECError)) { ++ print "\n DNS Errors:\n"; ++ foreach $Error (sort keys %DNSSECError) { ++ print " $Error: " . $DNSSECError{$Error}{'__Total__'} . " Time(s)\n"; ++ if ($Detail >= 10) { ++ foreach $Host (sort keys %{$DNSSECError{$Error}}) { ++ print " " . "$Host: " . $DNSSECError{$Error}{$Host} . " Time(s)\n" unless ($Host eq '__Total__'); ++ } ++ } ++ } ++} ++ + if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { diff --git a/logwatch-postfix.patch b/logwatch-postfix.patch deleted file mode 100644 index 8082331..0000000 --- a/logwatch-postfix.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff -up logwatch-7.3.6/scripts/services/postfix.pom logwatch-7.3.6/scripts/services/postfix ---- logwatch-7.3.6/scripts/services/postfix.pom 2007-05-14 19:27:27.000000000 +0200 -+++ logwatch-7.3.6/scripts/services/postfix 2008-10-29 13:37:05.000000000 +0100 -@@ -693,7 +693,7 @@ while ( <> ) { - - my ($helo, $relay, $from, $origto, $to, $domain, $status, - $type, $reason, $reason2, $filter, $site, $cmd, $qid, $p2, -- $rej_action, $host, $hostip); -+ $rej_action, $host, $hostip, $size); - - # ^fatal: ... - if ( ($reason) = ($p1 =~ /^fatal: (.*)$/ )) { -@@ -769,8 +769,9 @@ while ( <> ) { - #TD disconnect from mail.example.com[2001:dead:beef::1] - $Totals{'Disconnection'}++; - } -- elsif (($host,$hostip,$reason) = ($p1 =~ /^connect to ([^[]*)\[($re_IP)\]: (.*)$/o)) { -+ elsif (($host,$hostip,$reason) = ($p1 =~ /^connect to ([^[]*)\[($re_IP)\]:?[0-9]*: (.*)$/o)) { - # all "connect to" messages indicate a problem with the connection -+ #TD connect to mail.bues.ru[82.146.62.193]:25: Connection refused - #TD connect to example.org[10.0.0.1]: Connection refused (port 25) - #TD connect to mail.sample.com[10.0.0.1]: No route to host (port 25) - #TD connect to sample.net[192.168.0.1]: read timeout (port 25) -@@ -1521,6 +1522,11 @@ while ( <> ) { - $Totals{'RejectMilter'}++; - #$Counts{'RejectMilter'}{$cmd}{formathost($hostip,$host)}{$reason}{$p3}++; - $Counts{'RejectMilter'}{$cmd}{formathost($hostip,$host)}{$reason}++; -+ -+ } elsif ( ($host,$hostip,$reason) = ($p1 =~ /host ([^ ]*)\[([^ ]*)\] refused to talk to me: [0-9]* .*: Connection refused. (.*)/)) { -+ # TD host mx10.hanmail.net[211.43.197.142] refused to talk to me: 554 5.7.1 CCRX 80.95.96.6: Connection refused. Your IP address is blocked(anti-spam) -+ $Totals{'ConnectToFailure'}++; -+ $Counts{'ConnectToFailure'}{$reason}{formathost($hostip,$host)}++; - - } else { - # keep this as the last condition in this else clause -@@ -1530,8 +1536,9 @@ while ( <> ) { - # end of $re_QID section - - # see also ConnectionLost in $re_QID section -- elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) from ([^[]*)\[($re_IP|unknown)\]$/o )) { -+ elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP|unknown)\]$/o )) { - unless ($hostip =~ /unknown/) { -+ #TD lost connection after DATA (0 bytes) from mail.example.com[192.168.0.1] - #TD lost connection after CONNECT from mail.example.com[192.168.0.1] - $Totals{'ConnectionLost'}++; - $Counts{'ConnectionLost'}{"\u$reason"}{formathost($hostip,$host)}++; -@@ -1570,7 +1577,8 @@ while ( <> ) { - } - - # see also TimeoutInbound in $re_QID section -- elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) from ([^[]*)\[($re_IP)\]$/o)) { -+ elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP)\]$/o)) { -+ #TD timeout after DATA (0 bytes) from unknown[85.102.182.31] - #TD timeout after RSET from example.com[192.168.0.1] - $Totals{'TimeoutInbound'}++; - $Counts{'TimeoutInbound'}{"\u$reason"}{formathost($hostip,$host)}++; -@@ -1593,7 +1601,8 @@ while ( <> ) { - - ### smtpd_tls_loglevel >= 1 - # Server TLS messages -- elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) { -+ elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted|Anonymous) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) { -+ #DT Anonymous TLS connection established from fractal.kaosol.net[216.150.215.72]: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits) - #TD TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) - # Postfix 2.5+: status: Untrusted or Trusted - #TD Untrusted TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) -@@ -1625,12 +1634,18 @@ while ( <> ) { - $Totals{'TlsUnverified'}++; - $Counts{'TlsUnverified'}{$cert}++; - -+ } elsif ( ($cert) = ($p1 =~ /: Untrusted: (subject_CN=.*)/)) { -+ #TD Untrusted: subject_CN=EXAMPLE-MAIL, issuer=EXAMPLE-MAIL, -+ $Totals{'TlsUnverified'}++; -+ $Counts{'TlsUnverified'}{$cert}++; -+ - } elsif ( ($p1 =~ m/(lookup )?table ([^ ]+ )?has changed -- (restarting|exiting)$/)) { - #TD table hash:/etc/postfix/helo_checks has changed -- restarting - $Totals{'TableChanged'}++; - -- } elsif ( ($cmd,$host,$hostip) = ($p1 =~ /too many errors after ([^ ]*) from ([^[]*)\[($re_IP)\]$/o)) { -+ } elsif ( ($cmd,$size,$host,$hostip) = ($p1 =~ /too many errors after ([^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP)\]$/o)) { - #TD too many errors after AUTH from sample.net[10.0.0.1] -+ #TD too many errors after DATA (0 bytes) from aasq46.neoplus.adsl.tpnet.pl[83.5.228.46] - $Totals{'TooManyErrors'}++; - $Counts{'TooManyErrors'}{"After $cmd"}{formathost($hostip,$host)}++; - -@@ -2163,7 +2178,7 @@ sub cleanhostreply($ $ $ $) { - #print "HOSTREPLY: \"$hostreply\"\n"; - if (($host,$r1) = ($hostreply =~ /host (\S+) said: $re_DSN[\- ]"?(.*)"?$/o)) { - # Strip recipient address from host's reply - we already have it in $recip. -- $r1 =~ s/[<(]?$recip[>)]?\W*//ig; -+ $r1 =~ s/[<(]?\Q$recip\E[>)]?\W*//ig; - - # Strip and capture "in reply to XYZ command" from host's reply - if ($r1 =~ s/\s*[(]?(in reply to .* command)[)]?//) { diff --git a/logwatch.spec b/logwatch.spec index 97dc8dd..68f5d8a 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,7 +1,7 @@ Summary: A log file analysis program Name: logwatch Version: 7.3.6 -Release: 67.20110228svn46%{?dist} +Release: 68.20110228svn46%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ @@ -15,12 +15,10 @@ Source0: logwatch-svn46.tar.xz Patch0: logwatch-vsftpd.patch # Not applied by upstream. Patch1: logwatch-oldfiles.patch -# Cannot be applied, as the postfix service has been reverted to some -# older version by upstream due to licensing issues. Some parts are -# solved by upstream. -#Patch2: logwatch-postfix.patch # Fixes not yet in upstream for /var/log/secure (rhbz#673760) -Patch3: logwatch-secure.patch +Patch2: logwatch-secure.patch +# Fixes not yet in upstream for DNSSEC messages in named service (rhbz#666394) +Patch3: logwatch-named-dnssec.patch Requires: textutils sh-utils grep mailx Requires: perl(Date::Manip) BuildArchitectures: noarch @@ -35,6 +33,7 @@ of the package on many systems. %setup -q -n logwatch-svn46 %patch0 -p1 %patch1 -p1 +%patch2 -p1 %patch3 -p1 rm -f scripts/services/*.orig @@ -130,6 +129,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her %doc LICENSE %changelog +* Mon Mar 28 2011 Karel Klíč - 7.3.6-68.20110228svn46 +- Added -named-dnessec patch to handle DNSSEC messages in named (rhbz#666394) + * Sun Mar 6 2011 Frank Crawford - 7.3.6-67.20110228svn46 - Handle additional messages in /var/log/secure (rhbz#673760)