From f8e66252623744d806e49b21b359be0abc4d047c Mon Sep 17 00:00:00 2001 From: Frank Crawford Date: Sun, 4 Sep 2022 19:40:28 +1000 Subject: [PATCH] Add patch for F36 updates --- logwatch-f36.patch | 278 +++++++++++++++++++++++++++++++++++++++++++++ logwatch.spec | 5 +- 2 files changed, 282 insertions(+), 1 deletion(-) create mode 100644 logwatch-f36.patch diff --git a/logwatch-f36.patch b/logwatch-f36.patch new file mode 100644 index 0000000..f0b17d5 --- /dev/null +++ b/logwatch-f36.patch @@ -0,0 +1,278 @@ +diff --git a/conf/services/fail2ban.conf b/conf/services/fail2ban.conf +index 706c493..443232e 100644 +--- a/conf/services/fail2ban.conf ++++ b/conf/services/fail2ban.conf +@@ -38,7 +38,3 @@ LogFile = messages + # Default length is 80. + # This can be disabled by setting the length to 0 or -1. + # $fail2ban_error_length = 80 +- +-# Set this to true if actionflush is set to true to avoid the following message: +-# ERROR: Lost track of flushing services +-# $fail2ban_ignore_flushing = 1 +diff --git a/scripts/services/dovecot b/scripts/services/dovecot +index 00a3c7c..b01f3de 100644 +--- a/scripts/services/dovecot ++++ b/scripts/services/dovecot +@@ -134,7 +134,6 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ /discarded duplicate forward to/) or + ($ThisLine =~ /discarding vacation response/) or + ($ThisLine =~ /discarded vacation reply to/) or +- ($ThisLine =~ /Warning: Shutting down logging/) or + ($ThisLine =~ /Debug:/) or + ($ThisLine =~ /Plaintext authentication disabled/) or + ($ThisLine =~ /^$dovecottag imap\(\w+\): Mailbox renamed:/) or +diff --git a/scripts/services/fail2ban b/scripts/services/fail2ban +index 175ab8c..4f53f8f 100644 +--- a/scripts/services/fail2ban ++++ b/scripts/services/fail2ban +@@ -29,7 +29,6 @@ use Logwatch ':all'; + my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; + my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; + my $IgnoreHost = $ENV{'sshd_ignore_host'} || ""; +-my $IgnoreFlushing = $ENV{'fail2ban_ignore_flushing'} || ""; + my $ErrLen = $ENV{'fail2ban_error_length'} || 80; + my $DebugCounter = 0; + my $ReInitializations = 0; +@@ -41,7 +40,7 @@ my %WarningList = (); + my %InfoList = (); + my %NoticeList = (); + my %OtherList = (); +-my %Flushing = (); # keep track of which services being flushed ++my %Flushing = (); # keep track of which services being flushed + + my %ServicesBans = (); + my %ServicesFound = (); +@@ -53,8 +52,8 @@ $Action, $Host, $Message, + $NumFailures, $Service + ); + if ( $Debug >= 5 ) { +- print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n"; +- $DebugCounter = 1; ++ print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n"; ++ $DebugCounter = 1; + } + + while (defined(my $ThisLine = )) { +@@ -89,12 +88,12 @@ while (defined(my $ThisLine = )) { + if ( $Debug >= 6 ) { + print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n"; + } +- if (exists $Flushing{$Service}) { +- if ($Action =~ /Unban/) { +- $ServicesBans{$Service}{$Host}{'FlushUnban'}++; ++ if (exists $Flushing{$Service}) { ++ if ($Action =~ /Unban/) { ++ $ServicesBans{$Service}{$Host}{'FlushUnban'}++; + $ServicesBans{$Service}{"(all)"}{'FlushUnban'}++; +- } elsif ( ! $IgnoreFlushing ) { +- print STDERR "ERROR: Lost track of flushing services\n"; ++ } else { ++ print STDERR "ERROR: Lost track of flushing services\n"; + } + } else { + $ServicesBans{$Service}{$Host}{$Action}++; +@@ -116,7 +115,7 @@ while (defined(my $ThisLine = )) { + } elsif ($ThisLine =~ /ERROR.*returned \d+$/) { + push @ActionErrors, "$ThisLine\n"; + } elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or +- ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) { ++ ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) { + $ReInitializations++; + } elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) { + # just ignore - this will be fixed within fail2ban and is harmless warning +@@ -126,26 +125,26 @@ while (defined(my $ThisLine = )) { + $ServicesIgnored{$Service}{$Host}++; + # Generic messages + } elsif ( ($Message) = ($ThisLine =~ / ERROR (.*)$/)) { +- # Fail2ban can dump huge error messages in its logs +- if ($ErrLen > 3 && length($Message) > $ErrLen) { ++ # Fail2ban can dump huge error messages in its logs ++ if ($ErrLen > 3 && length($Message) > $ErrLen) { + $ErrorList{substr($Message,0,$ErrLen-3).'...'}++; +- } else { ++ } else { + $ErrorList{$Message}++; + } + } elsif ( ($Message) = ($ThisLine =~ / WARNING (.*)$/)) { + $WarningList{$Message}++; + } elsif ( ($Message) = ($ThisLine =~ / INFO (.*)$/)) { + $InfoList{$Message}++; +- if ( ($Service) = ($Message =~ /Jail \'(.*)\' stopped/)) { +- delete $Flushing{$Service}; ++ if ( ($Service) = ($Message =~ /Jail \'(.*)\' stopped/)) { ++ delete $Flushing{$Service}; + } +- if ( ($Service) = ($Message =~ /Stopping all jails|Exiting Fail2ban/)) { +- %Flushing = (); ++ if ( ($Service) = ($Message =~ /Stopping all jails|Exiting Fail2ban/)) { ++ %Flushing = (); + } + } elsif ( ($Message) = ($ThisLine =~ / NOTICE (.*)$/)) { + $NoticeList{$Message}++; +- if ( ($Service) = ($Message =~ /\[(.*)\] Flush ticket/)) { +- $Flushing{$Service} = 1; ++ if ( ($Service) = ($Message =~ /\[(.*)\] Flush ticket/)) { ++ $Flushing{$Service} = 1; + } + } else { + # Report any unmatched entries... +diff --git a/scripts/services/named b/scripts/services/named +index 6a85dee..2c94b30 100644 +--- a/scripts/services/named ++++ b/scripts/services/named +@@ -129,7 +129,6 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ /configuring command channel from/) or + ($ThisLine =~ /interface ignored/) or + ($ThisLine =~ /no IPv6 interfaces found/) or +- ($ThisLine =~ /IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately/) or + ($ThisLine =~ /using \d+ UDP listeners? per interface/) or + ($ThisLine =~ /^running/) or + ($ThisLine =~ /^exiting/) or +@@ -167,7 +166,6 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or + ($ThisLine =~ /zone .*: loading from master file .* failed/) or + ($ThisLine =~ /zone .*: NS '.*' has no address records/) or +- ($ThisLine =~ /zone .* \(signed\): receive_secure_serial: unchanged/) or + ($ThisLine =~ /.*: not a valid number$/) or + ($ThisLine =~ /^(.*: )?unexpected end of input/) or + ($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or +@@ -175,8 +173,7 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ /reloading zones succeeded/) or + ($ThisLine =~ /generating session key/) or + ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or +- ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or +- ($ThisLine =~ /success resolving '.*' after disabling qname minimization due to 'failure'/) or ++ ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or + ($ThisLine =~ /the working directory is not writable/) or + ($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or + ($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or +@@ -208,7 +205,7 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ /using built-in trusted-keys/) or + ($ThisLine =~ /using built-in keys instead/) or + ($ThisLine =~ /set up managed keys zone/) or +- ($ThisLine =~ /managed-keys-zone.*[Kk]ey .*now trusted/) or ++ ($ThisLine =~ /managed-keys-zone.*key now trusted/) or + ($ThisLine =~ /forwarding update for zone/) or + ($ThisLine =~ /forwarded dynamic update: master [^ ]* returned: (NXRRSET|YXDOMAIN)/) or + ($ThisLine =~ /using .* as GeoIP directory/) or +@@ -419,28 +416,28 @@ while (defined(my $ThisLine = )) { + } elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit slip response to (\S+)(?: for (\S+))? (.*) +\(/)) { + $Zone = "None" unless defined($Zone); + $LimitSlip{$Zone}{$Response}{$Net}{$Client}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) { + $DNSSECInsec{'__Total__'}++; + $DNSSECInsec{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) { + $DNSSECInvalid{'__Total__'}++; + $DNSSECInvalid{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) { + $DNSSECBadCache{'__Total__'}++; + $DNSSECBadCache{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) { + $DNSSECInvalid{'__Total__'}++; + $DNSSECInvalid{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) { + $DNSSECInsec{'__Total__'}++; + $DNSSECInsec{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): no valid signature found/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): no valid signature found/)) { + $DNSSECInvalid{'__Total__'}++; + $DNSSECInvalid{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) { + $DNSSECInvalid{'__Total__'}++; + $DNSSECInvalid{$Zone}{$RR}++; +- } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): bad cache hit/)) { ++ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): bad cache hit/)) { + $DNSSECBadCache{'__Total__'}++; + $DNSSECBadCache{$Zone}{$RR}++; + } elsif (($Error,$Host) = ($ThisLine =~ /^(?:error \()?(.*)\)? resolving '([^']+)':/)) { +diff --git a/scripts/services/nut b/scripts/services/nut +index c31e291..a55a764 100644 +--- a/scripts/services/nut ++++ b/scripts/services/nut +@@ -64,9 +64,7 @@ while (defined(my $ThisLine = )) { + or $ThisLine =~ /^upsdrvctl: Using subdriver:/ + or $ThisLine =~ /^upsdrvctl: using '.*' to set battery low state/ + or $ThisLine =~ /^upsd: listening on / +- or $ThisLine =~ /^upsd: mainloop: Interrupted system call/ + or $ThisLine =~ /^upsd: Network UPS Tools upsd/ +- or $ThisLine =~ /^upsd: fopen \S+\/upsd.pid: No such file or directory/ + or $ThisLine =~ /^upsmon: Connected to/ + or $ThisLine =~ /^upsmon: Connecting in SSL to/ + or $ThisLine =~ /^upsmon: Certificate verification is disabled/ +diff --git a/scripts/services/systemd b/scripts/services/systemd +index e3d63a3..3ba8ab7 100644 +--- a/scripts/services/systemd ++++ b/scripts/services/systemd +@@ -84,7 +84,6 @@ while (defined(my $ThisLine = )) { + # Extransous scope messages with LanSweeper - revisit with EL8.4 + $ThisLine =~ /: Failed to add PIDs to scope's control group: No such process/ or + $ThisLine =~ /scope: Failed with result 'resources'/ or +- $ThisLine =~ /session-[[:xdigit:]]+\.scope: Deactivated successfully\./ or + $ThisLine =~ /^Found device / or + $ThisLine =~ /Found dependency on / or + $ThisLine =~ /Got automount request for \/proc\// or +@@ -116,7 +115,7 @@ while (defined(my $ThisLine = )) { + $ThisLine =~ /^systemd .* running in system mode/ or + # This is preceeded by a more descriptive message + $ThisLine =~ /^This usually indicates unclean termination of a previous run, or service implementation deficiencies\.$/ or +- $ThisLine =~ /Transaction (for .*)?is destructive/ or ++ $ThisLine =~ /Transaction is destructive\./ or + $ThisLine =~ /^Unit .* is bound to inactive unit .*\. Stopping, too\./ or + $ThisLine =~ /Unit (.* is )?not needed anymore\. Stopping\./ or + $ThisLine =~ /[Ss]tart(-pre)? operation timed out\. Terminating\./ or +@@ -192,7 +191,7 @@ while (defined(my $ThisLine = )) { + } elsif (($target) = ($ThisLine =~ /^Reached target (.*)\.$/)) { + $Target{$target}++; + $LastTarget = $target; +- } elsif (($session, $user) = ($ThisLine =~ /^Started (?:session-[[:xdigit:]]+\.scope - )?Session ([[:xdigit:]]+) of [uU]ser (.*)\.$/)) { ++ } elsif (($session, $user) = ($ThisLine =~ /^Started Session ([[:xdigit:]]+) of [uU]ser (.*)\.$/)) { + $UserSession{$user}->{$session}++; + } elsif (($service) = ($ThisLine =~ /^Activated (.*)\.$/)) { + $Activated{$service}++; +diff --git a/scripts/services/xntpd b/scripts/services/xntpd +index ad40274..0e6c330 100644 +--- a/scripts/services/xntpd ++++ b/scripts/services/xntpd +@@ -89,13 +89,6 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ m/0\.0\.0\.0 [[:xdigit:]]{4} [[:xdigit:]]{2} /) or # startup + ($ThisLine =~ m/Soliciting .*server/) or # startup + ($ThisLine =~ m/kernel reports .*: Clock Unsynchronized/) or # startup +- ($ThisLine =~ m/Starting/) or # startup +- ($ThisLine =~ m/(Built|Running) with /) or # startup +- ($ThisLine =~ m/successfully locked into RAM/) or # startup +- ($ThisLine =~ m/Using SO_TIMESTAMPNS/) or # startup +- ($ThisLine =~ m/MRU \d+ entries, \d+ hash bits, \d+ bytes/) or # startup +- ($ThisLine =~ m/readconfig: parsing file:/) or # startup +- ($ThisLine =~ m/Using system default root certificates\./) or # startup + ($ThisLine =~ m/select([^\)]) error: Interrupted system call/) or + ($ThisLine =~ m/signal_no_reset: signal \d+ had flags \d+/) or + ($ThisLine =~ /Deleting interface \#[0-9]+ [^,]*, [^,]*, interface stats: received=.*, sent=.*, dropped=.*, active_time=.* secs/) or +@@ -106,11 +99,6 @@ while (defined(my $ThisLine = )) { + ($ThisLine =~ /.* interface .* -> .*/) or + ($ThisLine =~ /.* local addr .* -> .*/) or + ($ThisLine =~ /Deferring DNS for/) or +- ($ThisLine =~ /DNS: dns_take_status: /) or +- ($ThisLine =~ /DNS: dns_probe: \S+, cast_flags:.+, flags:/) or +- ($ThisLine =~ /DNS: dns_check: processing /) or +- ($ThisLine =~ /DNS: (Server|Pool) taking: /) or +- ($ThisLine =~ /SYNC: Found \d+ servers, suggest minsane /) or + ($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or + ($ThisLine =~ /peers refreshed$/) or + ($ThisLine =~ /restrict: error in address/) or +@@ -131,8 +119,6 @@ while (defined(my $ThisLine = )) { + push @TimeReset, $TimeStep; + } elsif ( (undef,$TimeStep) = ($ThisLine =~ /(step|adjust) time server [^ ]+ offset ([^ ]+) sec$/ )) { + push @TimeReset, $TimeStep; +- } elsif ( ($TimeStep) = ($ThisLine =~ /time stepped by ([^ ]+)$/ )) { +- push @TimeReset, $TimeStep; + } elsif ( ($TimeStep) = ($ThisLine =~ /adjusting local clock by ([^ ]+)s$/ )) { + # Jacob Joseph (12/8/06) + push @TimeReset, $TimeStep; diff --git a/logwatch.spec b/logwatch.spec index 9e23857..f901b9d 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -2,10 +2,12 @@ Summary: Analyzes and Reports on system logs Name: logwatch Version: 7.7 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: https://sourceforge.net/projects/logwatch/ Source0: https://sourceforge.net/projects/logwatch/files/%{name}-%{version}/%{name}-%{version}.tar.gz +# Changes for F36 that didn't make it into 7.7 - drop when 7.8 is released +Patch0: logwatch-f36.patch BuildRequires: perl-generators Requires: grep Requires: perl(Date::Manip) @@ -29,6 +31,7 @@ of the package on many systems. %prep %setup -q +%patch0 -p1 %build