rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to revision 127 and drop ustreamed patches

Browse Source
This commit is contained in:
Jan Synacek 2013-01-09 09:25:31 +01:00
parent 569a2f59ed
commit 3a1d92e79e
11 changed files with 13 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ logwatch-7.3.6.tar.gz
/logwatch-svn85.tar.xz
/logwatch-svn100.tar.xz
/logwatch-svn110.tar.xz
/logwatch-svn127.tar.xz

30
logwatch-applystddate.patch
View File

@ -1,30 +0,0 @@
Support rsyslog timestamps.
RH-Bugzilla: #583607
--- logwatch-svn110/scripts/shared/applystddate.orig 2011-06-25 19:21:13.000000000 +0200
+++ logwatch-svn110/scripts/shared/applystddate 2012-08-29 10:44:05.355719191 +0200
@@ -25,6 +25,7 @@
# customize the Timefilter by appending a string:
# *ApplyStdDate = "%H:%M %d/%m/%Y"
$SearchDate = TimeFilter($ARGV[0] || '%b %e %H:%M:%S');
+$SearchDateRsyslog = TimeFilter('%Y-%m-%dT%H:%M:%S\.[0-9]+[+-][0-9]{2}:[0-9]{2}');
# The date might be "Dec 09", but it needs to be "Dec 9"...
#$SearchDate =~ s/ 0/ /;
@@ -32,11 +33,15 @@
if ( $Debug > 5 ) {
print STDERR "DEBUG: Inside ApplyStdDate...\n";
print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
+ print STDERR "DEBUG: Looking For: " . $SearchDateRsyslog . "\n";
}
while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ m/^$SearchDate /o) {
print $ThisLine;
+ } elsif ($ThisLine =~ /^$SearchDateRsyslog /o) {
+ $ThisLine =~ s/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})\.[0-9]+[+-][0-9]{2}:[0-9]{2} //o;
+ print POSIX::strftime("%b %e %H:%M:%S", $6, $5, $4, $3+1, $2-1, $1 - 1900) . " " . $ThisLine;
} elsif ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate \d{4}/o) {
print $ThisLine;
}

16
logwatch-http.patch
View File

@ -1,16 +0,0 @@
Make the http script count .hdr files as archives.
RH-Bugzilla: #465212
diff -up logwatch-7.3/scripts/services/http.pom logwatch-7.3/scripts/services/http
--- logwatch-7.3/scripts/services/http.pom 2006-02-28 22:13:00.000000000 -0500
+++ logwatch-7.3/scripts/services/http 2009-10-26 07:27:51.000000000 -0400
@@ -204,7 +204,7 @@ my $content_types = '(';
$content_types = $content_types.'|\.class|\.jsp|\.jar|\.java';
$content_types = $content_types.'|COPYRIGHT|README|FAQ|INSTALL|\.txt)';
my $docs_types = '(\.asc|\.bib|\.djvu|\.doc|\.dot|\.dtd|\.dvi|\.gnumeric|\.mcd|\.mso|\.pdf|\.pps|\.ppt|\.ps|\.rtf|\.sxi|\.tex|\.text|\.tm|\.xls|\.xml)';
-my $archive_types = '(\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.vl2|\.z|\.zip)';
+my $archive_types = '(\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.vl2|\.z|\.zip|\.hdr)';
my $sound_types = '(\.au|\.aud|\.mid|\.mp3|\.ogg|\.pls|\.ram|\.raw|\.rm|\.wav|\.wma|\.wmv|\.xsm)';
my $movie_types = '(\.asf|\.ass|\.avi|\.idx|\.mid|\.mpg|\.mpeg|\.mov|\.qt|\.psb|\.srt|\.ssa|\.smi|\.sub)';
my $winexec_types = '(\.bat|\.com|\.exe|\.dll)';

38
logwatch-manpage.patch
View File

@ -1,38 +0,0 @@
Removes an obsolete '--print' option and fixes a manpage typo.
RH-Bugzilla: #719061
--- logwatch-svn50/logwatch.8.orig 2012-01-04 11:55:14.133706342 +0100
+++ logwatch-svn50/logwatch.8 2012-01-04 12:01:20.054997656 +0100
@@ -43,7 +43,7 @@ Linux and many types of UNIX.
This is the detail level of the report.
.I level
can be a positive integer, or high, med, low, which correspond to the
-integers 10, 5, and 0, repectively.
+integers 10, 5, and 0, respectively.
.IP "\fB--logfile\fR log-file-group"
This will force Logwatch to process only the set of logfiles
defined by
@@ -66,7 +66,6 @@ filters installed.
.IP "\fB--mailto\fR address"
Mail the results to the email address or user specified in
.I address.
-This option overrides the \-\-print option.
.IP "\fB--range\fR range"
You can specify a date-range to process. Common ranges are
.I Yesterday, Today, All,
@@ -124,12 +123,12 @@ the default configuration. See \fBMORE
information.
.RE
.SH EXAMPLES
-.B logwatch --service ftpd-xferlog --range all --detail high --print --archives
+.B logwatch --service ftpd-xferlog --range all --detail high --archives
.RS
This will print out all FTP transfers that are stored in all current and archived
xferlogs.
.RE
-.B logwatch --service pam_pwdb --range yesterday --detail high --print
+.B logwatch --service pam_pwdb --range yesterday --detail high
.RS
This will print out login information for the previous day...
.RE

29
logwatch-pam_unix.patch
View File

@ -1,29 +0,0 @@
Update pam_unix parsing and support gdm-welcome process log messages.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #836183
Author: Gilles Detillieux <grdetil@scrc.umanitoba.ca>
RH-Bugzilla: #846725
--- logwatch-svn110-dist/scripts/services/pam_unix 2012-09-27 10:01:34.177205178 +0200
+++ logwatch-svn110-new/scripts/services/pam_unix 2012-09-27 13:39:49.697365083 +0200
@@ -174,7 +174,7 @@
# ignore this line
} elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s+user=(\S*)$/$2 ($1)/) {
$data{$service}{'Authentication Failures'}{$line}++;
- } elsif ($line =~ s/^authentication failure; .*rhost=(\S*).$/unknown ($1)/) {
+ } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s*$/unknown ($1)/) {
$data{$service}{'Authentication Failures'}{$line}++;
} elsif ($line =~ s/^authentication failure; logname=(\S*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
$data{$service}{'Authentication Failures'}{$line}++;
@@ -227,8 +227,8 @@
if ($line =~ s/^password changed for (.+)/$1/) {
($Detail >= 5) && $data{$service}{'Password changed'}{$line}++;
}
- } elsif (grep $_ eq $service, qw/gdm gdm-password kdm kcheckpass xdm imap dovecot cups/) {
- if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
+ } elsif (grep $_ eq $service, qw/gdm gdm-password gdm-welcome kdm kcheckpass xdm imap dovecot cups/) {
+ if ($line =~ s/^session opened for user (.+) by (?:\(unknown\))?\(uid=\d+\)/$1/) {
($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
} elsif ($line =~ s/^authentication failure;.* user=(.+)$/$1/) {
$data{$service}{'Authentication Failures'}{$line}++;

71
logwatch-pluto.patch
View File

@ -1,71 +0,0 @@
Update Openswan parsing.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #799690
--- logwatch-svn110/scripts/services/pluto 2010-05-01 04:36:08.000000000 +0200
+++ logwatch-svn110-new/scripts/services/pluto 2012-08-29 10:53:35.760260333 +0200
@@ -76,6 +76,12 @@
$today="$month $day";
next unless ($process =~ /pluto/i);
+ $iserror=0;
+
+ if ($conn eq "ERROR:") {
+ $iserror = 1;
+ ($junk,$conn,$msg)=split(/ +/,$msg,3);
+ }
$loglines{$today}++;
@@ -143,7 +149,7 @@
next if($rest =~ /no suitable connection for peer/);
next if($rest =~ /sending encrypted notification/);
next if($rest =~ /enabling possible NAT-traversal with method/);
- next if($rest =~ /received Vendor ID payload/);
+ next if($rest =~ /(received|ignoring) Vendor ID payload/);
next if($rest =~ /ignoring unknown Vendor ID payload/);
next if($rest =~ /Dead Peer Detection \(RFC 3706\): enabled/);
next if($rest =~ /DPD: No response from peer - declaring peer dead/);
@@ -152,6 +158,21 @@
next if($rest =~ /discarding packet received during asynchronous work \(DNS or crypto\) in STATE_(MAIN|QUICK)_../);
next if($rest =~ /STATE_(MAIN|QUICK)_[RI][1-3]: sent [MQ][RI][1-3], expecting [MQ][IR][1-3]/);
next if($rest =~ /STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2/);
+ next if($rest =~ /down-client output/);
+ next if($rest =~ /(restore|update)resolvconf-client output/);
+ next if($rest =~ /transform .* ignored/);
+ next if($rest =~ /multiple DH groups were set in aggressive mode\./);
+ next if($rest =~ /received mode cfg reply/);
+ next if($rest =~ /modecfg: Sending IP request/);
+ next if($rest =~ /setting .* address to/);
+ next if($rest =~ /STATE_XAUTH_I1: XAUTH client - awaiting CFG_set/);
+ next if($rest =~ /initiating Aggressive Mode/);
+ next if($rest =~ /Aggressive mode peer ID is/);
+ next if($rest =~ /protocol\/port in Phase \d ID Payload must be/);
+ next if($rest =~ /XAUTH: Bad Message: /);
+ next if($rest =~ /XAUTH: Answering XAUTH challenge with user/);
+ next if($rest =~ /Received IP4|DNS|subnet /);
+ next if($rest =~ /sendto on .* to .* failed in delete notify/);
$relevantlog{"$today"}++;
print STDERR "Rest is $rest\n" if $debug>1;
@@ -224,6 +245,9 @@
$rekeyfail{$conn}++;
$rekeyfail_ICMPunreachable{$conn}++;
+ } elsif($rest =~ /XAUTH: Successfully Authenticated/) {
+ $xauthsuccess{$conn}++;
+
} elsif($rest =~ /starting keying attempt (.*) of an unlimited number/) {
$lastattempt=$1;
if($maxattempts{$conn} < $lastattempt) {
@@ -272,6 +296,9 @@
if($setupfail{$conn} > 0) {
print "\tSetup failures: ".$setupfail{$conn}."\n";
}
+ if($xauthsuccess{$conn} > 0) {
+ print "\tXAUTH successful connections: ".$xauthsuccess{$conn}."\n";
+ }
if($crlUpdate{$conn} > 0) {
print "\tOverdue CRL update since: ".$crlUpdateSince{$conn}." (".$crlUpdate{$conn}." times)\n";
}

53
logwatch-secure.patch
View File

@ -1,53 +0,0 @@
Update syslog parsing of secure messages.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #836189
--- logwatch-svn110-dist/scripts/services/secure 2012-09-27 10:01:34.178205179 +0200
+++ logwatch-svn110-new/scripts/services/secure 2012-09-27 10:38:06.128565662 +0200
@@ -198,7 +198,7 @@
#Woody - specific, thanks to Michael Stovenour
if ($ThisLine =~ /^PAM_unix[\[\]0-9]*:/i ) { next; }
- if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid < 100\" (was|not) met by user /) or
+ if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid (<|>)=? 1000?\" (was|not) met by user /) or
( $ThisLine =~ /pam_rhosts_auth\[\d+\]: allowed to [^ ]+ as \w+/) or
( $ThisLine =~ /pam_rhosts_auth\([^\)]+\): allowed to [^ ]+ as \w+/) or
( $ThisLine =~ /^(.*)\(pam_unix\)/) or
@@ -226,6 +226,8 @@
( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: authentication failure/) or
( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: check pass; user unknown/) or
( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: session /) or
+ ( $ThisLine =~ /sshd\[\d+\]: Server listening on/) or
+ ( $ThisLine =~ /sshd\[\d+\]: Received signal \d+; terminating/) or
( $ThisLine =~ /^ipop3d\[\d+\]:/) or
( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
@@ -233,6 +235,8 @@
( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or
( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or
+ ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or
+ ( $ThisLine =~ /^login: pam_securetty(.*): cannot determine username/) or
( $ThisLine =~ /^pam_limits\[\d+\]/ ) or
( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or # done in pam_unix
( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or
@@ -261,7 +265,8 @@
( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to session .* \[uid=[0-9]*\]/) or
( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
- ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
+ ( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
+ ( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages
( $ThisLine =~ /groupmod\[\d+\]: group changed in \/etc\/gshadow /) or # Details in other messages
@@ -360,7 +365,7 @@
$NoIP->{$ThisLine}++;
} elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+)\[\d+\]: error: (.+)$/) ) {
$Error{$Service}{$Err}++;
- } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR , .*)$/ ) ) {
+ } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR ([^ ]+)?, .*)$/ ) ) {
$Error{$Service}{$Err}++;
} elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (password mismatch for [^ ]+ in [^ ]+):.*$/ ) ) {
$Error{$Service}{$Err}++;

12
logwatch-sshd.patch
View File

@ -1,12 +0,0 @@
Update sshd log parsing.
--- logwatch-svn50.dist/scripts/services/sshd 2011-01-07 09:16:39.000000000 +1100
+++ logwatch-svn50/scripts/services/sshd 2011-04-30 23:30:48.000000000 +1000
@@ -285,6 +285,7 @@
($ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or
($ThisLine =~ /pam_winbind\(sshd:account\): user .* granted access/) or
($ThisLine =~ /pam_winbind\(sshd:account\): user .* OK/) or
+ ($ThisLine =~ /pam_systemd\(sshd:session\): Moving/) or
($ThisLine =~ /PAM \d+ more authentication failures?;/) or
($ThisLine =~ /^Failed keyboard-interactive for <invalid username> from/ ) or
($ThisLine =~ /^Keyboard-interactive \(PAM\) userauth failed/ ) or

27
logwatch-xvc.patch
View File

@ -1,27 +0,0 @@
Recognize Xen virtual console log messages in syslog.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #595068
--- logwatch-svn110/scripts/services/secure.orig 2012-08-29 10:45:25.000000000 +0200
+++ logwatch-svn110/scripts/services/secure 2012-08-29 10:47:51.228547898 +0200
@@ -377,6 +377,8 @@
$Error{$Service}{$Err}++;
} elsif ( $ThisLine =~ /^login(\[\d+\])*: ROOT LOGIN\s+(ON|on)\s+`?tty[0-9]+/) {
$RootLoginTTY++
+ } elsif ( $ThisLine =~ /^login(\[\d+\])*: ROOT LOGIN\s+(ON|on)\s+`?xvc[0-9]+/) {
+ $RootLoginXVC++
} elsif ( $ThisLine =~ /^com.apple.SecurityServer: authinternal authenticated user root .*/) {
$RootLoginTTY++
} elsif ( (undef,$User) = ($ThisLine =~ /^login: LOGIN ON (tty|pts\/)[0-9]+ BY ([^ ]+)/ )) {
@@ -734,6 +736,10 @@
print "\nRoot logins on ttys: $RootLoginTTY Time(s).\n";
}
+if ($RootLoginXVC) {
+ print "\nRoot logins on xvcs: $RootLoginXVC Time(s).\n";
+}
+
if (keys %UserLogin) {
print "\nUser Logins:\n";
foreach $User (sort {$a cmp $b} keys %UserLogin) {

37
logwatch.spec
View File

@ -1,15 +1,15 @@
Summary: A log file analysis program
Name: logwatch
Version: 7.4.0
Release: 20.20120619svn110%{?dist}
Release: 21.20130102svn127%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
# The source for this package was pulled from upstream's vcs. Use the
# following commands to generate the tarball:
# svn export -r 110 https://logwatch.svn.sourceforge.net/svnroot/logwatch logwatch-svn110
# tar cJvf logwatch-svn110.tar.xz logwatch-svn110
Source0: logwatch-svn110.tar.xz
# svn export -r 127 https://logwatch.svn.sourceforge.net/svnroot/logwatch logwatch-svn127
# tar cJvf logwatch-svn127.tar.xz logwatch-svn127
Source0: logwatch-svn127.tar.xz
#Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# Needs proper fix. Not applied by the upstream.
Patch0: logwatch-vsftpd.patch
@ -17,23 +17,14 @@ Patch0: logwatch-vsftpd.patch
Patch1: logwatch-oldfiles.patch
# Fixes not yet in upstream for DNSSEC messages in named service (rhbz#666394)
Patch3: logwatch-named-dnssec.patch
# Manpage typo + obsolete option
Patch4: logwatch-manpage.patch
Patch5: logwatch-xntpd.patch
Patch6: logwatch-smartd.patch
Patch7: logwatch-dovecot.patch
Patch8: logwatch-sshd.patch
# Rootkit Hunter patch - not applied by upstream
Patch9: logwatch-rkhunter.patch
# Patches 10-15 not yet in upstream
Patch10: logwatch-applystddate.patch
Patch11: logwatch-http.patch
Patch12: logwatch-pluto.patch
Patch13: logwatch-xvc.patch
Patch14: logwatch-secure.patch
Patch15: logwatch-pam_unix.patch
# Not yet upstreamed
Patch16: logwatch-secure-userhelper.patch
# Not upstreamed
# Modified version pending upstream acceptance
Patch17: logwatch-http-error.patch
Requires: textutils sh-utils grep mailx
Requires: perl(Date::Manip)
@ -48,22 +39,13 @@ that you wish with the detail that you wish. Easy to use - works right out
of the package on many systems.
%prep
%setup -q -n logwatch-svn110
%setup -q -n logwatch-svn127
%patch0 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p0
%patch6 -p1
%patch7 -p0
%patch8 -p1
%patch7 -p1
%patch9 -p0
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
rm -f scripts/services/*.orig
@ -156,6 +138,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%{_mandir}/man*/*
%changelog
* Wed Jan 09 2013 Jan Synáček <jsynacek@redhat.com> - 7.4.0-21.20130102svn127
- Update to revision 127 and drop ustreamed patches
* Mon Dec 10 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-20.20120619svn110
- Comment patches

2
sources
View File

@ -1 +1 @@
95ca4f693329dedcfce499440169aacc logwatch-svn110.tar.xz
43b30cb2c17a50df5a10067b85a5a2f1 logwatch-svn127.tar.xz