diff --git a/.gitignore b/.gitignore index 916afa3..3842ed6 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ logwatch-7.3.6.tar.gz /logwatch-svn85.tar.xz /logwatch-svn100.tar.xz /logwatch-svn110.tar.xz +/logwatch-svn127.tar.xz diff --git a/logwatch-applystddate.patch b/logwatch-applystddate.patch deleted file mode 100644 index 296face..0000000 --- a/logwatch-applystddate.patch +++ /dev/null @@ -1,30 +0,0 @@ -Support rsyslog timestamps. - -RH-Bugzilla: #583607 - ---- logwatch-svn110/scripts/shared/applystddate.orig 2011-06-25 19:21:13.000000000 +0200 -+++ logwatch-svn110/scripts/shared/applystddate 2012-08-29 10:44:05.355719191 +0200 -@@ -25,6 +25,7 @@ - # customize the Timefilter by appending a string: - # *ApplyStdDate = "%H:%M %d/%m/%Y" - $SearchDate = TimeFilter($ARGV[0] || '%b %e %H:%M:%S'); -+$SearchDateRsyslog = TimeFilter('%Y-%m-%dT%H:%M:%S\.[0-9]+[+-][0-9]{2}:[0-9]{2}'); - - # The date might be "Dec 09", but it needs to be "Dec 9"... - #$SearchDate =~ s/ 0/ /; -@@ -32,11 +33,15 @@ - if ( $Debug > 5 ) { - print STDERR "DEBUG: Inside ApplyStdDate...\n"; - print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; -+ print STDERR "DEBUG: Looking For: " . $SearchDateRsyslog . "\n"; - } - - while (defined($ThisLine = )) { - if ($ThisLine =~ m/^$SearchDate /o) { - print $ThisLine; -+ } elsif ($ThisLine =~ /^$SearchDateRsyslog /o) { -+ $ThisLine =~ s/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})\.[0-9]+[+-][0-9]{2}:[0-9]{2} //o; -+ print POSIX::strftime("%b %e %H:%M:%S", $6, $5, $4, $3+1, $2-1, $1 - 1900) . " " . $ThisLine; - } elsif ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate \d{4}/o) { - print $ThisLine; - } diff --git a/logwatch-http.patch b/logwatch-http.patch deleted file mode 100644 index 63e660a..0000000 --- a/logwatch-http.patch +++ /dev/null @@ -1,16 +0,0 @@ -Make the http script count .hdr files as archives. - -RH-Bugzilla: #465212 - -diff -up logwatch-7.3/scripts/services/http.pom logwatch-7.3/scripts/services/http ---- logwatch-7.3/scripts/services/http.pom 2006-02-28 22:13:00.000000000 -0500 -+++ logwatch-7.3/scripts/services/http 2009-10-26 07:27:51.000000000 -0400 -@@ -204,7 +204,7 @@ my $content_types = '('; - $content_types = $content_types.'|\.class|\.jsp|\.jar|\.java'; - $content_types = $content_types.'|COPYRIGHT|README|FAQ|INSTALL|\.txt)'; - my $docs_types = '(\.asc|\.bib|\.djvu|\.doc|\.dot|\.dtd|\.dvi|\.gnumeric|\.mcd|\.mso|\.pdf|\.pps|\.ppt|\.ps|\.rtf|\.sxi|\.tex|\.text|\.tm|\.xls|\.xml)'; --my $archive_types = '(\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.vl2|\.z|\.zip)'; -+my $archive_types = '(\.ace|\.bz2|\.cab|\.deb|\.dsc|\.ed2k|\.gz|\.hqx|\.md5|\.rar|\.rpm|\.sig|\.sign|\.tar|\.tbz2|\.tgz|\.vl2|\.z|\.zip|\.hdr)'; - my $sound_types = '(\.au|\.aud|\.mid|\.mp3|\.ogg|\.pls|\.ram|\.raw|\.rm|\.wav|\.wma|\.wmv|\.xsm)'; - my $movie_types = '(\.asf|\.ass|\.avi|\.idx|\.mid|\.mpg|\.mpeg|\.mov|\.qt|\.psb|\.srt|\.ssa|\.smi|\.sub)'; - my $winexec_types = '(\.bat|\.com|\.exe|\.dll)'; diff --git a/logwatch-manpage.patch b/logwatch-manpage.patch deleted file mode 100644 index 69716cb..0000000 --- a/logwatch-manpage.patch +++ /dev/null @@ -1,38 +0,0 @@ -Removes an obsolete '--print' option and fixes a manpage typo. - -RH-Bugzilla: #719061 - ---- logwatch-svn50/logwatch.8.orig 2012-01-04 11:55:14.133706342 +0100 -+++ logwatch-svn50/logwatch.8 2012-01-04 12:01:20.054997656 +0100 -@@ -43,7 +43,7 @@ Linux and many types of UNIX. - This is the detail level of the report. - .I level - can be a positive integer, or high, med, low, which correspond to the --integers 10, 5, and 0, repectively. -+integers 10, 5, and 0, respectively. - .IP "\fB--logfile\fR log-file-group" - This will force Logwatch to process only the set of logfiles - defined by -@@ -66,7 +66,6 @@ filters installed. - .IP "\fB--mailto\fR address" - Mail the results to the email address or user specified in - .I address. --This option overrides the \-\-print option. - .IP "\fB--range\fR range" - You can specify a date-range to process. Common ranges are - .I Yesterday, Today, All, -@@ -124,12 +123,12 @@ the default configuration. See \fBMORE - information. - .RE - .SH EXAMPLES --.B logwatch --service ftpd-xferlog --range all --detail high --print --archives -+.B logwatch --service ftpd-xferlog --range all --detail high --archives - .RS - This will print out all FTP transfers that are stored in all current and archived - xferlogs. - .RE --.B logwatch --service pam_pwdb --range yesterday --detail high --print -+.B logwatch --service pam_pwdb --range yesterday --detail high - .RS - This will print out login information for the previous day... - .RE diff --git a/logwatch-pam_unix.patch b/logwatch-pam_unix.patch deleted file mode 100644 index 7670bf8..0000000 --- a/logwatch-pam_unix.patch +++ /dev/null @@ -1,29 +0,0 @@ -Update pam_unix parsing and support gdm-welcome process log messages. - -Author: Jan Synacek -RH-Bugzilla: #836183 -Author: Gilles Detillieux -RH-Bugzilla: #846725 - ---- logwatch-svn110-dist/scripts/services/pam_unix 2012-09-27 10:01:34.177205178 +0200 -+++ logwatch-svn110-new/scripts/services/pam_unix 2012-09-27 13:39:49.697365083 +0200 -@@ -174,7 +174,7 @@ - # ignore this line - } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s+user=(\S*)$/$2 ($1)/) { - $data{$service}{'Authentication Failures'}{$line}++; -- } elsif ($line =~ s/^authentication failure; .*rhost=(\S*).$/unknown ($1)/) { -+ } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s*$/unknown ($1)/) { - $data{$service}{'Authentication Failures'}{$line}++; - } elsif ($line =~ s/^authentication failure; logname=(\S*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) { - $data{$service}{'Authentication Failures'}{$line}++; -@@ -227,8 +227,8 @@ - if ($line =~ s/^password changed for (.+)/$1/) { - ($Detail >= 5) && $data{$service}{'Password changed'}{$line}++; - } -- } elsif (grep $_ eq $service, qw/gdm gdm-password kdm kcheckpass xdm imap dovecot cups/) { -- if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { -+ } elsif (grep $_ eq $service, qw/gdm gdm-password gdm-welcome kdm kcheckpass xdm imap dovecot cups/) { -+ if ($line =~ s/^session opened for user (.+) by (?:\(unknown\))?\(uid=\d+\)/$1/) { - ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; - } elsif ($line =~ s/^authentication failure;.* user=(.+)$/$1/) { - $data{$service}{'Authentication Failures'}{$line}++; diff --git a/logwatch-pluto.patch b/logwatch-pluto.patch deleted file mode 100644 index 0fd9d11..0000000 --- a/logwatch-pluto.patch +++ /dev/null @@ -1,71 +0,0 @@ -Update Openswan parsing. - -Author: Jan Synacek -RH-Bugzilla: #799690 - ---- logwatch-svn110/scripts/services/pluto 2010-05-01 04:36:08.000000000 +0200 -+++ logwatch-svn110-new/scripts/services/pluto 2012-08-29 10:53:35.760260333 +0200 -@@ -76,6 +76,12 @@ - $today="$month $day"; - - next unless ($process =~ /pluto/i); -+ $iserror=0; -+ -+ if ($conn eq "ERROR:") { -+ $iserror = 1; -+ ($junk,$conn,$msg)=split(/ +/,$msg,3); -+ } - - $loglines{$today}++; - -@@ -143,7 +149,7 @@ - next if($rest =~ /no suitable connection for peer/); - next if($rest =~ /sending encrypted notification/); - next if($rest =~ /enabling possible NAT-traversal with method/); -- next if($rest =~ /received Vendor ID payload/); -+ next if($rest =~ /(received|ignoring) Vendor ID payload/); - next if($rest =~ /ignoring unknown Vendor ID payload/); - next if($rest =~ /Dead Peer Detection \(RFC 3706\): enabled/); - next if($rest =~ /DPD: No response from peer - declaring peer dead/); -@@ -152,6 +158,21 @@ - next if($rest =~ /discarding packet received during asynchronous work \(DNS or crypto\) in STATE_(MAIN|QUICK)_../); - next if($rest =~ /STATE_(MAIN|QUICK)_[RI][1-3]: sent [MQ][RI][1-3], expecting [MQ][IR][1-3]/); - next if($rest =~ /STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2/); -+ next if($rest =~ /down-client output/); -+ next if($rest =~ /(restore|update)resolvconf-client output/); -+ next if($rest =~ /transform .* ignored/); -+ next if($rest =~ /multiple DH groups were set in aggressive mode\./); -+ next if($rest =~ /received mode cfg reply/); -+ next if($rest =~ /modecfg: Sending IP request/); -+ next if($rest =~ /setting .* address to/); -+ next if($rest =~ /STATE_XAUTH_I1: XAUTH client - awaiting CFG_set/); -+ next if($rest =~ /initiating Aggressive Mode/); -+ next if($rest =~ /Aggressive mode peer ID is/); -+ next if($rest =~ /protocol\/port in Phase \d ID Payload must be/); -+ next if($rest =~ /XAUTH: Bad Message: /); -+ next if($rest =~ /XAUTH: Answering XAUTH challenge with user/); -+ next if($rest =~ /Received IP4|DNS|subnet /); -+ next if($rest =~ /sendto on .* to .* failed in delete notify/); - $relevantlog{"$today"}++; - - print STDERR "Rest is $rest\n" if $debug>1; -@@ -224,6 +245,9 @@ - $rekeyfail{$conn}++; - $rekeyfail_ICMPunreachable{$conn}++; - -+ } elsif($rest =~ /XAUTH: Successfully Authenticated/) { -+ $xauthsuccess{$conn}++; -+ - } elsif($rest =~ /starting keying attempt (.*) of an unlimited number/) { - $lastattempt=$1; - if($maxattempts{$conn} < $lastattempt) { -@@ -272,6 +296,9 @@ - if($setupfail{$conn} > 0) { - print "\tSetup failures: ".$setupfail{$conn}."\n"; - } -+ if($xauthsuccess{$conn} > 0) { -+ print "\tXAUTH successful connections: ".$xauthsuccess{$conn}."\n"; -+ } - if($crlUpdate{$conn} > 0) { - print "\tOverdue CRL update since: ".$crlUpdateSince{$conn}." (".$crlUpdate{$conn}." times)\n"; - } diff --git a/logwatch-secure.patch b/logwatch-secure.patch deleted file mode 100644 index 263ea9d..0000000 --- a/logwatch-secure.patch +++ /dev/null @@ -1,53 +0,0 @@ -Update syslog parsing of secure messages. - -Author: Jan Synacek -RH-Bugzilla: #836189 - ---- logwatch-svn110-dist/scripts/services/secure 2012-09-27 10:01:34.178205179 +0200 -+++ logwatch-svn110-new/scripts/services/secure 2012-09-27 10:38:06.128565662 +0200 -@@ -198,7 +198,7 @@ - #Woody - specific, thanks to Michael Stovenour - if ($ThisLine =~ /^PAM_unix[\[\]0-9]*:/i ) { next; } - -- if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid < 100\" (was|not) met by user /) or -+ if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid (<|>)=? 1000?\" (was|not) met by user /) or - ( $ThisLine =~ /pam_rhosts_auth\[\d+\]: allowed to [^ ]+ as \w+/) or - ( $ThisLine =~ /pam_rhosts_auth\([^\)]+\): allowed to [^ ]+ as \w+/) or - ( $ThisLine =~ /^(.*)\(pam_unix\)/) or -@@ -226,6 +226,8 @@ - ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: authentication failure/) or - ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: check pass; user unknown/) or - ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: session /) or -+ ( $ThisLine =~ /sshd\[\d+\]: Server listening on/) or -+ ( $ThisLine =~ /sshd\[\d+\]: Received signal \d+; terminating/) or - ( $ThisLine =~ /^ipop3d\[\d+\]:/) or - ( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or - ( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix -@@ -233,6 +235,8 @@ - ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix - ( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or - ( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or -+ ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or -+ ( $ThisLine =~ /^login: pam_securetty(.*): cannot determine username/) or - ( $ThisLine =~ /^pam_limits\[\d+\]/ ) or - ( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or # done in pam_unix - ( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or -@@ -261,7 +265,8 @@ - ( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to session .* \[uid=[0-9]*\]/) or - ( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or - ( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or -- ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or -+ ( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or -+ ( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or - ( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or - ( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages - ( $ThisLine =~ /groupmod\[\d+\]: group changed in \/etc\/gshadow /) or # Details in other messages -@@ -360,7 +365,7 @@ - $NoIP->{$ThisLine}++; - } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+)\[\d+\]: error: (.+)$/) ) { - $Error{$Service}{$Err}++; -- } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR , .*)$/ ) ) { -+ } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR ([^ ]+)?, .*)$/ ) ) { - $Error{$Service}{$Err}++; - } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (password mismatch for [^ ]+ in [^ ]+):.*$/ ) ) { - $Error{$Service}{$Err}++; diff --git a/logwatch-sshd.patch b/logwatch-sshd.patch deleted file mode 100644 index a079945..0000000 --- a/logwatch-sshd.patch +++ /dev/null @@ -1,12 +0,0 @@ -Update sshd log parsing. - ---- logwatch-svn50.dist/scripts/services/sshd 2011-01-07 09:16:39.000000000 +1100 -+++ logwatch-svn50/scripts/services/sshd 2011-04-30 23:30:48.000000000 +1000 -@@ -285,6 +285,7 @@ - ($ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or - ($ThisLine =~ /pam_winbind\(sshd:account\): user .* granted access/) or - ($ThisLine =~ /pam_winbind\(sshd:account\): user .* OK/) or -+ ($ThisLine =~ /pam_systemd\(sshd:session\): Moving/) or - ($ThisLine =~ /PAM \d+ more authentication failures?;/) or - ($ThisLine =~ /^Failed keyboard-interactive for from/ ) or - ($ThisLine =~ /^Keyboard-interactive \(PAM\) userauth failed/ ) or diff --git a/logwatch-xvc.patch b/logwatch-xvc.patch deleted file mode 100644 index 5d267f9..0000000 --- a/logwatch-xvc.patch +++ /dev/null @@ -1,27 +0,0 @@ -Recognize Xen virtual console log messages in syslog. - -Author: Jan Synacek -RH-Bugzilla: #595068 - ---- logwatch-svn110/scripts/services/secure.orig 2012-08-29 10:45:25.000000000 +0200 -+++ logwatch-svn110/scripts/services/secure 2012-08-29 10:47:51.228547898 +0200 -@@ -377,6 +377,8 @@ - $Error{$Service}{$Err}++; - } elsif ( $ThisLine =~ /^login(\[\d+\])*: ROOT LOGIN\s+(ON|on)\s+`?tty[0-9]+/) { - $RootLoginTTY++ -+ } elsif ( $ThisLine =~ /^login(\[\d+\])*: ROOT LOGIN\s+(ON|on)\s+`?xvc[0-9]+/) { -+ $RootLoginXVC++ - } elsif ( $ThisLine =~ /^com.apple.SecurityServer: authinternal authenticated user root .*/) { - $RootLoginTTY++ - } elsif ( (undef,$User) = ($ThisLine =~ /^login: LOGIN ON (tty|pts\/)[0-9]+ BY ([^ ]+)/ )) { -@@ -734,6 +736,10 @@ - print "\nRoot logins on ttys: $RootLoginTTY Time(s).\n"; - } - -+if ($RootLoginXVC) { -+ print "\nRoot logins on xvcs: $RootLoginXVC Time(s).\n"; -+} -+ - if (keys %UserLogin) { - print "\nUser Logins:\n"; - foreach $User (sort {$a cmp $b} keys %UserLogin) { diff --git a/logwatch.spec b/logwatch.spec index da15611..c40e4a9 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,15 +1,15 @@ Summary: A log file analysis program Name: logwatch Version: 7.4.0 -Release: 20.20120619svn110%{?dist} +Release: 21.20130102svn127%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ # The source for this package was pulled from upstream's vcs. Use the # following commands to generate the tarball: -# svn export -r 110 https://logwatch.svn.sourceforge.net/svnroot/logwatch logwatch-svn110 -# tar cJvf logwatch-svn110.tar.xz logwatch-svn110 -Source0: logwatch-svn110.tar.xz +# svn export -r 127 https://logwatch.svn.sourceforge.net/svnroot/logwatch logwatch-svn127 +# tar cJvf logwatch-svn127.tar.xz logwatch-svn127 +Source0: logwatch-svn127.tar.xz #Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz # Needs proper fix. Not applied by the upstream. Patch0: logwatch-vsftpd.patch @@ -17,23 +17,14 @@ Patch0: logwatch-vsftpd.patch Patch1: logwatch-oldfiles.patch # Fixes not yet in upstream for DNSSEC messages in named service (rhbz#666394) Patch3: logwatch-named-dnssec.patch -# Manpage typo + obsolete option -Patch4: logwatch-manpage.patch Patch5: logwatch-xntpd.patch Patch6: logwatch-smartd.patch Patch7: logwatch-dovecot.patch -Patch8: logwatch-sshd.patch # Rootkit Hunter patch - not applied by upstream Patch9: logwatch-rkhunter.patch -# Patches 10-15 not yet in upstream -Patch10: logwatch-applystddate.patch -Patch11: logwatch-http.patch -Patch12: logwatch-pluto.patch -Patch13: logwatch-xvc.patch -Patch14: logwatch-secure.patch -Patch15: logwatch-pam_unix.patch +# Not yet upstreamed Patch16: logwatch-secure-userhelper.patch -# Not upstreamed +# Modified version pending upstream acceptance Patch17: logwatch-http-error.patch Requires: textutils sh-utils grep mailx Requires: perl(Date::Manip) @@ -48,22 +39,13 @@ that you wish with the detail that you wish. Easy to use - works right out of the package on many systems. %prep -%setup -q -n logwatch-svn110 +%setup -q -n logwatch-svn127 %patch0 -p1 %patch1 -p1 %patch3 -p1 -%patch4 -p1 %patch5 -p0 -%patch6 -p1 -%patch7 -p0 -%patch8 -p1 +%patch7 -p1 %patch9 -p0 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 %patch16 -p1 %patch17 -p1 rm -f scripts/services/*.orig @@ -156,6 +138,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her %{_mandir}/man*/* %changelog +* Wed Jan 09 2013 Jan Synáček - 7.4.0-21.20130102svn127 +- Update to revision 127 and drop ustreamed patches + * Mon Dec 10 2012 Jan Synáček - 7.4.0-20.20120619svn110 - Comment patches diff --git a/sources b/sources index ce46e0f..f738a89 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -95ca4f693329dedcfce499440169aacc logwatch-svn110.tar.xz +43b30cb2c17a50df5a10067b85a5a2f1 logwatch-svn127.tar.xz