rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

ignore a couple of normal auditd startup messages

Browse Source
This commit is contained in:
Pavel Šimovec 2023-06-27 14:47:32 +02:00
parent 66dae2d0a9
commit 8b245ee53c
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
auditd-startup-messages.patch Normal file
View File

@ -0,0 +1,19 @@
--- a/scripts/services/audit 2022/01/22 17:22:03
+++ b/scripts/services/audit 2022/01/22 17:35:34
@@ -134,10 +134,13 @@
( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): table=/) or
( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/) or
- ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ )
+ ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ ) or
+ ( $ThisLine =~ /No plugins found, not dispatching events/ )
) {
# Ignore these entries
- } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
+ } elsif (( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/ ) or
+ ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): state=initialized / )
+ ) {
$NumberOfInits++;
} elsif ( $ThisLine =~ /Init complete, audit pid set to: [0-9]+/) {
$NumberOfDStartsPid++;

8
logwatch.spec
View File

@ -1,7 +1,7 @@
Summary: A log file analysis program
Name: logwatch
Version: 7.4.3
Release: 14%{?dist}
Release: 15%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
@ -27,6 +27,7 @@ Patch8: logwatch-dovecot.patch
Patch9: logwatch-pam-unix.patch
Patch10: logwatch-failed-login.patch
Patch11: systemd-noise-filter.patch
Patch12: auditd-startup-messages.patch
BuildRequires: perl-generators
Requires: grep mailx
@ -56,6 +57,7 @@ of the package on many systems.
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
rm -f scripts/services/*.orig
%build
@ -155,6 +157,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%{_mandir}/man*/*
%changelog
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-15
- ignore a couple of normal auditd startup messages
- Resolves: rhbz#2043942
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-14
- patch to logwatch systemd script to add some filtering
- Resolves: rhbz#2043109