- Resolves: #452044 handle 2.6.25+ audit messages

- add init script logs parsing
2008-06-20 09:47:46 +00:00 · 2008-06-20 09:47:46 +00:00 · 92df6bb9f7
commit 92df6bb9f7
parent d098b49636
3 changed files with 55 additions and 1 deletions
--- a/logwatch-7.3.6-audit3.patch
+++ b/logwatch-7.3.6-audit3.patch
@ -0,0 +1,12 @@
+diff -up logwatch-7.3.6/scripts/services/audit.pom logwatch-7.3.6/scripts/services/audit
+--- logwatch-7.3.6/scripts/services/audit.pom	2008-06-10 14:34:52.000000000 +0200
+++ logwatch-7.3.6/scripts/services/audit	2008-06-20 09:31:34.000000000 +0200
+@@ -79,7 +79,7 @@ while ($ThisLine = <STDIN>) {
+ 	( $ThisLine =~ /^audit\([0-9.]+:[0-9]+\): ( ?(path|cwd|item|name|flags)=["\/A-Za-z0-9]*)*$/) or
+ 	( $ThisLine =~ /: enforcing=[0-9]+ old_enforcing=[0-9]+ auid=[0-9]+/) or
+ 	( $ThisLine =~ /: policy loaded auid=[0-9]+/) or
+-	( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z]+ msg=/) or
+	( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z:.\-]+ msg=/) or
+ 	( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): (selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+| )+$/) or
+         ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+  [0-9]+  [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+  [0-9]+ \(NOTLB\)/) or
+         ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or
--- a/logwatch-7.3.6-init.patch
+++ b/logwatch-7.3.6-init.patch
@ -0,0 +1,33 @@
+diff -up logwatch-7.3.6/scripts/services/init.pom logwatch-7.3.6/scripts/services/init
+--- logwatch-7.3.6/scripts/services/init.pom	2006-12-20 16:25:09.000000000 +0100
+++ logwatch-7.3.6/scripts/services/init	2008-06-20 10:39:00.000000000 +0200
+@@ -34,6 +34,9 @@ while (defined($ThisLine = <STDIN>)) {
+ 	   chomp ($ThisLine);
+ 	   $ReExecInit++;
+    }
+   elsif ( ($Name,$Cause) = ($ThisLine =~ /(.*) main process \([0-9]*\) killed by (.*) /)) {
+       $ProcessKilled{"$Name,$Cause"}++;
+   }
+    else {
+       # report any unmatched entries
+       push @OtherList,$ThisLine;
+@@ -45,10 +48,19 @@ if ((keys %RunLevel) and ($Detail >= 10)
+       print "   Entered or switched to runlevel " . $Level . ": " . $RunLevel{$Level} . " Time(s)\n";
+    }
+ }
+
+ if ($ReExecInit) {
+ 	print "\n\nRe-execs of init: $ReExecInit times\n";
+ }
+ 
+if ((keys %ProcessKilled)) {
+   print "\nKilled processses:\n";
+   foreach (keys %ProcessKilled) {
+      my ($Name,$Cause)=split ",";
+      print "   Process " . $Name. " killed by " . $Cause . ": " . $ProcessKilled{"$Name,$Cause"} . " Time(s)\n";
+   }
+}
+
+ if ($#OtherList >= 0) {
+    print "\n**Unmatched Entries**\n";
+    print @OtherList;
--- a/logwatch.spec
+++ b/logwatch.spec
@ -1,7 +1,7 @@
 Summary: A log file analysis program
 Name: logwatch
 Version: 7.3.6
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: MIT
 Group: Applications/System
 URL: http://www.logwatch.org/
@ -40,6 +40,8 @@ Patch34: logwatch-7.3.6-dovecot_back.patch
 Patch35: logwatch-7.3.6-audit2.patch
 Patch36: logwatch-7.3.6-openvpn2.patch
 Patch37: logwatch-7.3.6-sendmail.patch
+Patch38: logwatch-7.3.6-audit3.patch
+Patch39: logwatch-7.3.6-init.patch

 Requires: textutils sh-utils grep mailx
 Requires: perl(Date::Manip)
@ -88,6 +90,8 @@ of the package on many systems.
 %patch35 -p1
 %patch36 -p1
 %patch37 -p1
+%patch38 -p1
+%patch39 -p1
 rm -f scripts/services/*.orig

 %build
@ -201,6 +205,11 @@ rm -rf %{buildroot}
 %doc License project/CHANGES 

 %changelog
+* Fri Jun 20 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-24
+- Resolves: #452044
+  handle 2.6.25+ audit messages
+- add init script logs parsing
+
 * Tue Jun 10 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-23
 - Resolves: #450494
  MailTo configuration parameter is ignored