From 92df6bb9f75e13e4dbf2d7e2e57ddb12469450a8 Mon Sep 17 00:00:00 2001 From: Ivana Varekova Date: Fri, 20 Jun 2008 09:47:46 +0000 Subject: [PATCH] - Resolves: #452044 handle 2.6.25+ audit messages - add init script logs parsing --- logwatch-7.3.6-audit3.patch | 12 ++++++++++++ logwatch-7.3.6-init.patch | 33 +++++++++++++++++++++++++++++++++ logwatch.spec | 11 ++++++++++- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 logwatch-7.3.6-audit3.patch create mode 100644 logwatch-7.3.6-init.patch diff --git a/logwatch-7.3.6-audit3.patch b/logwatch-7.3.6-audit3.patch new file mode 100644 index 0000000..6054fed --- /dev/null +++ b/logwatch-7.3.6-audit3.patch @@ -0,0 +1,12 @@ +diff -up logwatch-7.3.6/scripts/services/audit.pom logwatch-7.3.6/scripts/services/audit +--- logwatch-7.3.6/scripts/services/audit.pom 2008-06-10 14:34:52.000000000 +0200 ++++ logwatch-7.3.6/scripts/services/audit 2008-06-20 09:31:34.000000000 +0200 +@@ -79,7 +79,7 @@ while ($ThisLine = ) { + ( $ThisLine =~ /^audit\([0-9.]+:[0-9]+\): ( ?(path|cwd|item|name|flags)=["\/A-Za-z0-9]*)*$/) or + ( $ThisLine =~ /: enforcing=[0-9]+ old_enforcing=[0-9]+ auid=[0-9]+/) or + ( $ThisLine =~ /: policy loaded auid=[0-9]+/) or +- ( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z]+ msg=/) or ++ ( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z:.\-]+ msg=/) or + ( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): (selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+| )+$/) or + ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/) or + ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or diff --git a/logwatch-7.3.6-init.patch b/logwatch-7.3.6-init.patch new file mode 100644 index 0000000..2093f1c --- /dev/null +++ b/logwatch-7.3.6-init.patch @@ -0,0 +1,33 @@ +diff -up logwatch-7.3.6/scripts/services/init.pom logwatch-7.3.6/scripts/services/init +--- logwatch-7.3.6/scripts/services/init.pom 2006-12-20 16:25:09.000000000 +0100 ++++ logwatch-7.3.6/scripts/services/init 2008-06-20 10:39:00.000000000 +0200 +@@ -34,6 +34,9 @@ while (defined($ThisLine = )) { + chomp ($ThisLine); + $ReExecInit++; + } ++ elsif ( ($Name,$Cause) = ($ThisLine =~ /(.*) main process \([0-9]*\) killed by (.*) /)) { ++ $ProcessKilled{"$Name,$Cause"}++; ++ } + else { + # report any unmatched entries + push @OtherList,$ThisLine; +@@ -45,10 +48,19 @@ if ((keys %RunLevel) and ($Detail >= 10) + print " Entered or switched to runlevel " . $Level . ": " . $RunLevel{$Level} . " Time(s)\n"; + } + } ++ + if ($ReExecInit) { + print "\n\nRe-execs of init: $ReExecInit times\n"; + } + ++if ((keys %ProcessKilled)) { ++ print "\nKilled processses:\n"; ++ foreach (keys %ProcessKilled) { ++ my ($Name,$Cause)=split ","; ++ print " Process " . $Name. " killed by " . $Cause . ": " . $ProcessKilled{"$Name,$Cause"} . " Time(s)\n"; ++ } ++} ++ + if ($#OtherList >= 0) { + print "\n**Unmatched Entries**\n"; + print @OtherList; diff --git a/logwatch.spec b/logwatch.spec index 5584d45..8230af1 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,7 +1,7 @@ Summary: A log file analysis program Name: logwatch Version: 7.3.6 -Release: 23%{?dist} +Release: 24%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ @@ -40,6 +40,8 @@ Patch34: logwatch-7.3.6-dovecot_back.patch Patch35: logwatch-7.3.6-audit2.patch Patch36: logwatch-7.3.6-openvpn2.patch Patch37: logwatch-7.3.6-sendmail.patch +Patch38: logwatch-7.3.6-audit3.patch +Patch39: logwatch-7.3.6-init.patch Requires: textutils sh-utils grep mailx Requires: perl(Date::Manip) @@ -88,6 +90,8 @@ of the package on many systems. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 +%patch39 -p1 rm -f scripts/services/*.orig %build @@ -201,6 +205,11 @@ rm -rf %{buildroot} %doc License project/CHANGES %changelog +* Fri Jun 20 2008 Ivana Varekova 7.3.6-24 +- Resolves: #452044 + handle 2.6.25+ audit messages +- add init script logs parsing + * Tue Jun 10 2008 Ivana Varekova 7.3.6-23 - Resolves: #450494 MailTo configuration parameter is ignored