From 8b245ee53ccc259f0bc1bac825a17f9cf8932770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20=C5=A0imovec?= Date: Tue, 27 Jun 2023 14:47:32 +0200 Subject: [PATCH] ignore a couple of normal auditd startup messages --- auditd-startup-messages.patch | 19 +++++++++++++++++++ logwatch.spec | 8 +++++++- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 auditd-startup-messages.patch diff --git a/auditd-startup-messages.patch b/auditd-startup-messages.patch new file mode 100644 index 0000000..5e809db --- /dev/null +++ b/auditd-startup-messages.patch @@ -0,0 +1,19 @@ +--- a/scripts/services/audit 2022/01/22 17:22:03 ++++ b/scripts/services/audit 2022/01/22 17:35:34 +@@ -134,10 +134,13 @@ + ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): table=/) or + ( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or + ( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/) or +- ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ ) ++ ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ ) or ++ ( $ThisLine =~ /No plugins found, not dispatching events/ ) + ) { + # Ignore these entries +- } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) { ++ } elsif (( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/ ) or ++ ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): state=initialized / ) ++ ) { + $NumberOfInits++; + } elsif ( $ThisLine =~ /Init complete, audit pid set to: [0-9]+/) { + $NumberOfDStartsPid++; + diff --git a/logwatch.spec b/logwatch.spec index 02562d1..4f231e8 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,7 +1,7 @@ Summary: A log file analysis program Name: logwatch Version: 7.4.3 -Release: 14%{?dist} +Release: 15%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ @@ -27,6 +27,7 @@ Patch8: logwatch-dovecot.patch Patch9: logwatch-pam-unix.patch Patch10: logwatch-failed-login.patch Patch11: systemd-noise-filter.patch +Patch12: auditd-startup-messages.patch BuildRequires: perl-generators Requires: grep mailx @@ -56,6 +57,7 @@ of the package on many systems. %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 rm -f scripts/services/*.orig %build @@ -155,6 +157,10 @@ echo "# Configuration overrides for specific logfiles/services may be placed her %{_mandir}/man*/* %changelog +* Tue Jun 27 2023 Pavel Šimovec - 7.4.3-15 +- ignore a couple of normal auditd startup messages +- Resolves: rhbz#2043942 + * Tue Jun 27 2023 Pavel Šimovec - 7.4.3-14 - patch to logwatch systemd script to add some filtering - Resolves: rhbz#2043109