From e6cf1ad20348693379d9c1a99be8f6d2fa53b333 Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Tue, 29 Aug 2017 09:26:59 +0200 Subject: [PATCH] refix: sshd log format changed (#1317620) Related: #1317620 --- logwatch-sshd-2.patch | 26 ++++++++++++++++++++++++++ logwatch.spec | 7 ++++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 logwatch-sshd-2.patch diff --git a/logwatch-sshd-2.patch b/logwatch-sshd-2.patch new file mode 100644 index 0000000..dee34e0 --- /dev/null +++ b/logwatch-sshd-2.patch @@ -0,0 +1,26 @@ +Resolves: #1317620 + +--- logwatch-7.4.3/scripts/services/sshd 2017-08-29 09:16:47.087028191 +0200 ++++ logwatch-7.4.3-new/scripts/services/sshd 2017-08-29 09:19:37.372081596 +0200 +@@ -297,7 +297,9 @@ while (defined(my $ThisLine = )) + ($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or + ($ThisLine =~ /Found matching \w+ key:/ ) or + ($ThisLine =~ /User child is on pid \d/ ) or +- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) ++ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or ++ ($ThisLine =~ /Exiting on signal .*$/) or ++ ($ThisLine =~ /Disconnected from (?:[^ ]*) port .*$/) + ) { + # Ignore these + } elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) { +@@ -387,7 +389,9 @@ while (defined(my $ThisLine = )) + $RefusedConnections{$1}++; + } elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) { + $RefusedAuthentication{$Reason}++; +- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) { ++ # Old format: Received disconnect from 192.168.122.1: 11: disconnected by user ++ # New format: Received disconnect from 192.168.122.1 port 43680:11: disconnected by user ++ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*)(?: port \d+)?: ?(.*)$/)) { + # Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO + if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;} + } elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) { diff --git a/logwatch.spec b/logwatch.spec index 585e656..5cda787 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,7 +1,7 @@ Summary: A log file analysis program Name: logwatch Version: 7.4.3 -Release: 5%{?dist} +Release: 6%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ @@ -20,6 +20,7 @@ Patch4: logwatch-postfix.patch Patch5: logwatch-journal.patch # https://sourceforge.net/p/logwatch/git/ci/ed6eb62f40cb97f71f3df4d982682de68cdf1037/ Patch6: logwatch-journald-source.patch +Patch7: logwatch-sshd-2.patch BuildRequires: perl-generators Requires: textutils sh-utils grep mailx Requires: perl(Date::Manip) @@ -43,6 +44,7 @@ of the package on many systems. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 rm -f scripts/services/*.orig %build @@ -142,6 +144,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her %{_mandir}/man*/* %changelog +* Tue Aug 29 2017 Jan Synáček - 7.4.3-6 +- refix: sshd log format changed (#1317620) + * Wed Jul 26 2017 Fedora Release Engineering - 7.4.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild