diff --git a/logwatch-7.3.6-audit.patch b/logwatch-7.3.6-audit.patch new file mode 100644 index 0000000..0241fa7 --- /dev/null +++ b/logwatch-7.3.6-audit.patch @@ -0,0 +1,12 @@ +--- logwatch-7.3.6/scripts/services/audit.pom 2007-02-16 04:25:17.000000000 +0100 ++++ logwatch-7.3.6/scripts/services/audit 2007-07-04 12:15:55.000000000 +0200 +@@ -82,7 +82,8 @@ while ($ThisLine = ) { + ( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z]+ msg=/) or + ( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): (selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+| )+$/) or + ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/) or +- ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) ++ ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or ++ ( $ThisLine =~ /audit\([0-9.]*:[0-9]*\): bool=.* val=.* old_val=.* auid=[0-9]*/) + ) { + # Ignore these entries + } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) { diff --git a/logwatch-7.3.6-named3.patch b/logwatch-7.3.6-named3.patch new file mode 100644 index 0000000..09f7c57 --- /dev/null +++ b/logwatch-7.3.6-named3.patch @@ -0,0 +1,48 @@ +--- logwatch-7.3.6/scripts/services/named.pom 2007-07-04 12:58:44.000000000 +0200 ++++ logwatch-7.3.6/scripts/services/named 2007-07-04 14:16:20.000000000 +0200 +@@ -172,7 +172,16 @@ while (defined($ThisLine = )) { + ($ThisLine =~ /weak RSASHA1 \(5\) key found \(exponent=3\)/) or + ($ThisLine =~ /Bad file descriptor/) or + ($ThisLine =~ /open: .*: file not found/) or +- ($ThisLine =~ /queries: client [0-9.#:]* view localhost_resolver: query: .* IN .*/) ++ ($ThisLine =~ /queries: client [0-9.#:]* view localhost_resolver: query: .* IN .*/) or ++ ($ThisLine =~ /zone .*: NS '.*' is a CNAME \(illegal\)/) or ++ ($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or ++ ($ThisLine =~ /zone .*: loading from master file .* failed/) or ++ ($ThisLine =~ /zone .*: NS '.*' has no address records/) or ++ ($ThisLine =~ /.*: not a valid number$/) or ++ ($ThisLine =~ /.*: unexpected end of input/) or ++ ($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or ++ ($ThisLine =~ /reloading zones succeeded/) ++ # too many timeouts resolving 'ns-ext.nrt1.isc.org/AAAA' (in '.'?): disabling EDNS: 3 Time(s) + ) { + # Don't care about these... + } elsif ( +@@ -265,6 +274,10 @@ while (defined($ThisLine = )) { + } elsif ( (($Log) = ($ThisLine =~ /(freezing .*zone.*)/)) or + (($Log) = ($ThisLine =~ /(thawing .*zone.*)/)) ) { + $CCMessages2{$Log}++; ++ } elsif (($CCC) = ($ThisLine =~ /unknown control channel command '(.*)'/)) { ++ $UnknownCCCommands{$CCC}++; ++ } elsif (($CCC) = ($ThisLine =~ /received control channel command '(.*)'/)) { ++ $CCCommands{$CCC}++; + } else { + # Report any unmatched entries... + # remove PID from named messages +@@ -494,6 +507,16 @@ if ((keys %CCMessages) or (keys %CCMessa + } + } + ++if ((keys %CCCommands) or (keys %UnknownCCCommands)) { ++ print "\n Received control channel commands\n"; ++ foreach $ThisOne (keys %CCCommands) { ++ print " " . $ThisOne . ": " . $CCCommands{$ThisOne} . " Time(s)\n"; ++ } ++ foreach $ThisOne (keys %UnknownCCCommands) { ++ print " " . $ThisOne . "(unknown command): " . $CCCommands{$ThisOne} . " Time(s)\n"; ++ } ++} ++ + if (keys %OtherList) { + print "\n**Unmatched Entries**\n"; + foreach $line (sort {$a cmp $b} keys %OtherList) { diff --git a/logwatch-7.3.6-pam_unix.patch b/logwatch-7.3.6-pam_unix.patch new file mode 100644 index 0000000..0eaefa5 --- /dev/null +++ b/logwatch-7.3.6-pam_unix.patch @@ -0,0 +1,12 @@ +--- logwatch-7.3.6/scripts/services/pam_unix.pom 2007-07-04 12:34:02.000000000 +0200 ++++ logwatch-7.3.6/scripts/services/pam_unix 2007-07-04 12:46:02.000000000 +0200 +@@ -112,7 +112,8 @@ while ($line = ) { + } + #lowercase the service + $service = lc($service); +- if (($service eq 'sshd') or ($service eq 'login') or ($service eq 'ftp') or ($service eq 'rsh')) { ++ if (($service eq 'sshd') or ($service eq 'login') or ($service eq 'ftp') or ($service eq 'rsh') or ++ ($service eq 'remote') or ($service eq 'rlogin')) { + if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { + ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; + } elsif ($line =~ s/^session opened for user ([^ ]*) by ([^ ]*)\(uid=\d+\)/$1 by $2/) { diff --git a/logwatch.spec b/logwatch.spec index 90d213f..7309819 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,7 +1,7 @@ Summary: A log file analysis program Name: logwatch Version: 7.3.6 -Release: 2%{?dist} +Release: 3%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ @@ -15,6 +15,9 @@ Patch6: logwatch-7.3.4-sshd.patch Patch9: logwatch-7.3.4-sshd3.patch Patch10: logwatch-7.3.4-named.patch Patch11: logwatch-7.3.6-named2.patch +Patch12: logwatch-7.3.6-audit.patch +Patch13: logwatch-7.3.6-pam_unix.patch +Patch14: logwatch-7.3.6-named3.patch Requires: textutils sh-utils grep mailx BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -37,6 +40,9 @@ of the package on many systems. %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 %build @@ -149,6 +155,9 @@ rm -rf %{buildroot} %doc License project/CHANGES %changelog +* Wed Jul 4 2007 Ivana Varekova 7.3.6-3 +- add named, pam_unix and audit service patches + * Mon Jun 4 2007 Ivana Varekova 7.3.6-2 - fix secure script - Resolves: #242201