rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to revision 293

Browse Source 
And drop upstreamed patches.
This commit is contained in:
Jan Synacek 2015-07-31 12:46:17 +02:00
parent e6af92a14a
commit fcbb7792b2
8 changed files with 11 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ logwatch-7.3.6.tar.gz
/logwatch-svn140.tar.xz
/logwatch-svn198.tar.xz
/logwatch-svn242.tar.xz
/logwatch-svn293.tar.xz

36
logwatch-dovecot.patch
View File

@ -1,36 +0,0 @@
Update dovecot log parsing.
Author: Frank Crawford <frank@crawford.emu.id.au>
Author: Karel Klic <kklic@redhat.com>
RH-Bugzilla: #645962
--- logwatch-svn127/scripts/services/dovecot.orig 2012-12-30 17:24:53.000000000 +0100
+++ logwatch-svn127/scripts/services/dovecot 2013-01-09 09:09:45.256236296 +0100
@@ -150,7 +150,7 @@ while (defined($ThisLine = <STDIN>)) {
# We don't care about these
} elsif ( $ThisLine =~ /Killed with signal /) {
$End++;
- } elsif ( $ThisLine =~ /Dovecot (v\d[^ ]* |)starting up( \(core dumps disabled\))?$/) {
+ } elsif ( $ThisLine =~ /Dovecot (v\d[^ ]* |)starting up( \(.*\))?$/) {
$Restarts++;
$End = 0;
} elsif ( ( ($User, $Host) = ( $ThisLine =~ /^pop3-login: Login: (.*?) \[(.*)\]/ ) ) or
@@ -181,15 +181,15 @@ while (defined($ThisLine = <STDIN>)) {
}
# 'lda' for dovecot 2.0, 'deliver' for earlier versions
- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): msgid=.*: saved mail to (\S+)/ ) ) {
+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): msgid=.*: saved mail to (.*)/ ) ) {
$Deliver{$User}{$Mailbox}++;
# For Sieve-based delivery
- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda\(|deliver\(|lmtp\(\d+, )(.*)\): (?:[^:]+: )?sieve: msgid=.*: stored mail into mailbox '([^']*)'/ ) ) {
+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
$Deliver{$User}{$Mailbox}++;
# LMTP-based delivery
- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp\(\d+, (.*)\): [^:]+: msgid=.*: saved mail to (\S+)/ ) ) {
+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp\(\d+, (.*)\): [^:]+: msgid=.*: saved mail to (.*)/ ) ) {
# dovecot: [ID 583609 mail.info] lmtp(12782, cloyce@headgear.org): jBt1EfjCMk3uMQAAm9eMBA: msgid=<4D32DB1F.3080707@c-dot.co.uk>: saved mail to INBOX
$Deliver{$User}{$Mailbox}++;

142
logwatch-named-dnssec.patch
View File

@ -1,142 +0,0 @@
Handle DNSSEC messages in named.
Author: Frank Crawford <frank@crawford.emu.id.au>
RH-Bugzilla: #666394
Backported-By: Jan Synacek <jsynacek@redhat.com>
--- logwatch-svn242/scripts/services/named 2014-09-09 18:08:00.000000000 +0200
+++ logwatch-svn242-new/scripts/services/named 2014-09-24 07:54:13.582370611 +0200
@@ -116,6 +116,7 @@
($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or
($ThisLine =~ /too many timeouts resolving '.*' .*: reducing the advertised EDNS UDP packet size to .* octets/) or
($ThisLine =~ /reloading zones succeeded/) or
+ ($ThisLine =~ /generating session key/) or
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or
($ThisLine =~ /the working directory is not writable/) or
@@ -137,6 +138,11 @@
($ThisLine =~ /refresh in progress, refresh check queued/) or
($ThisLine =~ /refresh: NODATA response from master/) or
($ThisLine =~ /update with no effect/) or
+ ($ThisLine =~ /reading built-in trusted keys from file/) or
+ ($ThisLine =~ /using built-in trusted-keys/) or
+ ($ThisLine =~ /set up managed keys zone/) or
+ # the following seems okay since it says "success"
+ ($ThisLine =~ /managed-keys-zone .*: No DNSKEY RRSIGs found for '.*': success/) or
($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* no valid signature found/) or
($ThisLine =~ /^sizing zone task pool based on \d+ zones/) or
($ThisLine =~ /^BIND \d+ is maintained by Internet Systems Consortium/) or
@@ -169,7 +175,8 @@
$ShutdownNamed++;
} elsif ( $ThisLine =~ /named shutdown failed/ ) {
$ShutdownNamedFail++;
- } elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) {
+ } elsif ( (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?zone transfer '(.+)' denied/ )) or
+ (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?bad zone transfer request: '(.+)':/ )) ) {
$DeniedZoneTransfers{$Host}{$Zone}++;
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) {
$DeferredZoneTransfers{$Zone}++;
@@ -195,14 +202,13 @@
$ConnectionRefused{$Addr}{$Server}++;
} elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on|resolving) '(.+)' \(in .+\):\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) {
$LameServer{$Addr}{$Server}++;
- } elsif ( ($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ ) ) {
+ } elsif ( (($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ )) or
+ (($Zone) = ( $ThisLine =~ /zone (.+): \(.*\) removed/ )) ) {
$ZoneRemoved{$Zone}++;
} elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) {
$ZoneReceivedNotify{$Zone}++;
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) {
$ZoneReceivedNotify{$Zone}++;
- } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) {
- $ZoneReceivedNotify{$Zone}++;
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\/IN: refused notify from non-master/ ) ) {
$ZoneRefusedNotify{$Zone}++;
# } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) {
@@ -225,13 +231,13 @@
} elsif ( ($Client) = ( $ThisLine =~ /warning: client (.*) no more TCP clients/ ) ) {
$FullClient = LookupIP ($Client);
$DeniedTCPClient{$FullClient}++;
- } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query \(cache\) denied/ ) ) {
+ } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: (?:view \w+: )?query \(cache\) denied/ ) ) {
$FullClient = LookupIP ($Client);
$DeniedQuery{$FullClient}++;
} elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query '.*\/IN' denied/ ) ) {
$FullClient = LookupIP ($Client);
$DeniedQueryNoCache{$FullClient}++;
- } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) {
+ } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: (?:view \w+: )?update '(.*)' denied/)) {
$ViewName = ($ViewName ? "/$ViewName" : "");
$UpdateDenied{"$Rhost ($Ldom$ViewName)"}++;
} elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update forwarding '(.*)' denied/)) {
@@ -288,6 +294,18 @@
$NoSOA{$Client}++;
} elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) {
$Hints{$Hint}++;
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) {
+ $DNSSECInsec{'__Total__'}++;
+ $DNSSECInsec{$Zone}{$RR}++;
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) {
+ $DNSSECInvalid{'__Total__'}++;
+ $DNSSECInvalid{$Zone}{$RR}++;
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) {
+ $DNSSECBadCache{'__Total__'}++;
+ $DNSSECBadCache{$Zone}{$RR}++;
+ } elsif (($Error,$Host) = ($ThisLine =~ /error \((.*)\) resolving '([^']+)':/)) {
+ $DNSSECError{$Error}{'__Total__'}++;
+ $DNSSECError{$Error}{$Host}++;
} elsif ($ThisLine =~ /^samba_dlz:/) {
if ( ($Rhost, $Error) = ($ThisLine =~ /disallowing update of signer=.* name=(.*) type=.* error=(.*)/ )) {
$UpdateDenied{"$Rhost ($Error)"}++;
@@ -648,6 +666,51 @@
}
}
+if (($Detail >= 5) and (keys %DNSSECInsec)) {
+ print "\n DNSSEC Insecure Responses: " . $DNSSECInsec{'__Total__'} . " Time(s)\n";
+ foreach $Zone (sort keys %DNSSECInsec) {
+ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) {
+ foreach $RR (sort keys %{$DNSSECInsec{$Zone}}) {
+ print " " . "$Zone/$RR: " . $DNSSECInsec{$Zone}{$RR} . " Time(s)\n";
+ }
+ }
+ }
+}
+
+if (($Detail >= 5) and (keys %DNSSECInvalid)) {
+ print "\n DNSSEC No Valid Signature: " . $DNSSECInvalid{'__Total__'} . " Time(s)\n";
+ foreach $Zone (sort keys %DNSSECInvalid) {
+ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) {
+ foreach $RR (sort keys %{$DNSSECInvalid{$Zone}}) {
+ print " " . "$Zone/$RR: " . $DNSSECInvalid{$Zone}{$RR} . " Time(s)\n";
+ }
+ }
+ }
+}
+
+if (($Detail >= 5) and (keys %DNSSECBadCache)) {
+ print "\n DNSSEC Bad Cache hit: " . $DNSSECBadCache{'__Total__'} . " Time(s)\n";
+ foreach $Zone (sort keys %DNSSECBadCache) {
+ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) {
+ foreach $RR (sort keys %{$DNSSECBadCache{$Zone}}) {
+ print " " . "$Zone/$RR: " . $DNSSECBadCache{$Zone}{$RR} . " Time(s)\n";
+ }
+ }
+ }
+}
+
+if (($Detail >= 5) and (keys %DNSSECError)) {
+ print "\n DNS Errors:\n";
+ foreach $Error (sort keys %DNSSECError) {
+ print " $Error: " . $DNSSECError{$Error}{'__Total__'} . " Time(s)\n";
+ if ($Detail >= 10) {
+ foreach $Host (sort keys %{$DNSSECError{$Error}}) {
+ print " " . "$Host: " . $DNSSECError{$Error}{$Host} . " Time(s)\n" unless ($Host eq '__Total__');
+ }
+ }
+ }
+}
+
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach $line (sort {$a cmp $b} keys %OtherList) {

48
logwatch-rkhunter.patch
View File

@ -1,48 +0,0 @@
RootkitHunter support.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #818926
Index: scripts/services/secure
===================================================================
--- scripts/services/secure (revision 110)
+++ scripts/services/secure (working copy)
@@ -180,6 +180,7 @@
$PwdChange = 0;
$RequestKeyFailures = 0;
%OtherList = ();
+%RootkitHunter = ();
use Logwatch ':ip';
while (defined($ThisLine = <STDIN>)) {
@@ -519,6 +520,14 @@
$e='';
}
$KerbList{$response}{$type}{$from}{$service}{$client}{$e}++;
+ } elsif ($ThisLine =~ /Rootkit Hunter:/ ) {
+ if ($ThisLine =~ /Please inspect this machine/) {
+ $RootkitHunter{'inspect'}++;
+ } elsif ($ThisLine =~ /check started/) {
+ $RootkitHunter{'runs'}++;
+ } elsif (my ($mins, $secs) = ($ThisLine =~ /Scanning took ([0-9]*) minutes? and ([0-9]*) seconds?/)) {
+ $RootkitHunter{'time'}+= $mins*60 + $secs;
+ }
} else {
# Unmatched entries...
$ThisLine =~ s/\[\d+\]:/:/;
@@ -908,6 +917,15 @@
}
}
+if (keys %RootkitHunter) {
+ use integer;
+ my ($mins, $secs) = ($RootkitHunter{'time'} / 60, $RootkitHunter{'time'} % 60);
+ print "\nRootkitHunter:\n";
+ print " Runs: $RootkitHunter{'runs'}\n";
+ print " Suggested Inspection: $RootkitHunter{'inspect'} Time(s)\n";
+ print " Total Runtime: $mins minute(s) $secs second(s)\n";
+}
+
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach $line (sort {$a cmp $b} keys %OtherList) {

18
logwatch-secure-username.patch
View File

@ -1,18 +0,0 @@
Weaken username regexp restriction. Usernames can include more characters than
just letters (e.g. _ or [0-9]).
Author: Jan Synacek <jsynacek@redhat.com>
Reported-By: Robert Scheck
RH-Bugzilla: #894272
--- logwatch-svn127-dist/scripts/services/secure 2013-01-11 10:38:15.778804473 +0100
+++ logwatch-svn127/scripts/services/secure 2013-01-11 10:49:13.381323119 +0100
@@ -247,7 +247,7 @@ while (defined($ThisLine = <STDIN>)) {
( $ThisLine =~ /userhelper\[\d+\]: running '([^ ]+)' with [^ ]+ context/) or
( $ThisLine =~ /pam_timestamp\(.*:session\): updated timestamp file `\/var\/run\/sudo.*'/) or
( $ThisLine =~ /[^ ]*: pam_keyinit(.*:.*): Unable to change GID to [0-9]* temporarily/) or
- ( $ThisLine =~ /password check failed for user \([a-zA-Z]*\)/) or
+ ( $ThisLine =~ /password check failed for user \(\S*\)/) or
( $ThisLine =~ /PAM pam_set_item: attempt to set conv\(\) to NULL/) or
( $ThisLine =~ /PAM pam_get_item: nowhere to place requested item/) or
( $ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or

41
logwatch-xntpd.patch
View File

@ -1,41 +0,0 @@
Update ntpd log parsing.
RH-Bugzilla: #673756
--- scripts/services/xntpd 2014-09-09 13:27:00.000000000 +0200
+++ scripts/services/xntpd 2014-09-24 08:00:29.929655076 +0200
@@ -67,6 +67,7 @@
($ThisLine =~ m/tickadj = /) or # startup
($ThisLine =~ m/precision = /) or # startup
($ThisLine =~ m/ (succeeded|failed)/) or # startup
+ ($ThisLine =~ m/sendto\(\S+\): Success/) or # startup
($ThisLine =~ m/kernel time (discipline|sync) status/) or # startup
($ThisLine =~ m/kernel time sync (dis|en)abled /) or # startup
($ThisLine =~ m/frequency initialized/) or # startup
@@ -79,6 +80,8 @@
($ThisLine =~ /Listening on interface .* Disabled/) or
($ThisLine =~ /Listen and drop on /) or
($ThisLine =~ /Listening on routing socket on/) or
+ ($ThisLine =~ /.* interface .* -> \(null\)/) or
+ ($ThisLine =~ /Deferring DNS for/) or
($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or
($ThisLine =~ /peers refreshed$/) or
($ThisLine =~ /restrict: error in address/) or
@@ -102,7 +105,7 @@
} elsif ( my (undef,$TimeStep) = ($ThisLine =~ /(offset) ([^ ]+) sec/ )) {
push @TimeReset, $TimeStep;
# MEv end no leadin to line
- } elsif ( my ($ListenOn) = ($ThisLine =~ /Listening on interface (.*)(?: Enabled)?/ )) {
+ } elsif ( my ($ListenOn) = ($ThisLine =~ /Listening on interface(?: #\d+)? (.*)(?: Enabled)?/ )) {
$Interfaces{$ListenOn}++;
} elsif ( my ($ListenOn) = ($ThisLine =~ /Listen normally on \d+ (.*)/ )) {
$Interfaces{$ListenOn}++;
@@ -121,7 +124,7 @@
$TwoInst{$name}++;
} elsif ( my ($Error) = ($ThisLine =~ /(no server(s reachable| suitable for synchronization found))/ )) {
$Errors{$Error}++;
- } elsif ( my ($Error) = ($ThisLine =~ /(can't find host \S+|no servers can be used, exiting)/ )) {
+ } elsif ( my ($Error) = ($ThisLine =~ /([Cc]an't find host \S+|no servers can be used, exiting)/ )) {
$Errors{$Error}++;
} elsif ( my ($Error) = ($ThisLine =~ /(sendto\(\S+\): Network is unreachable)/ )) {
$Errors{$Error}++;

28
logwatch.spec
View File

@ -1,30 +1,22 @@
%global revision 242
%global revision 293
Summary: A log file analysis program
Name: logwatch
Version: 7.4.1
Release: 3.20140924svn%{revision}%{?dist}
Release: 4.20150731svn%{revision}%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
# The source for this package was pulled from upstream's vcs. Use the
# following commands to generate the tarball:
# svn export -r 242 https://svn.code.sf.net/p/logwatch/code/ logwatch-svn242
# tar --transform "s/trunk/logwatch-svn242/" -cJvf logwatch-svn242.tar.xz -C logwatch-svn242 trunk
# svn export -r 293 https://svn.code.sf.net/p/logwatch/code/ logwatch-svn293
# tar --transform "s/trunk/logwatch-svn293/" -cJvf logwatch-svn293.tar.xz -C logwatch-svn293 trunk
Source0: logwatch-svn%{revision}.tar.xz
#Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# Needs proper fix. Not applied by the upstream.
Patch0: logwatch-vsftpd.patch
# Not applied by upstream.
Patch1: logwatch-oldfiles.patch
# Fixes not yet in upstream for DNSSEC messages in named service (rhbz#666394)
Patch3: logwatch-named-dnssec.patch
Patch5: logwatch-xntpd.patch
Patch7: logwatch-dovecot.patch
# Rootkit Hunter patch - not applied by upstream
Patch9: logwatch-rkhunter.patch
# Not yet upstreamed
Patch16: logwatch-secure-userhelper.patch
Patch18: logwatch-secure-username.patch
Patch2: logwatch-secure-userhelper.patch
Requires: textutils sh-utils grep mailx
Requires: perl(Date::Manip)
Requires: perl(Sys::CPU)
@ -42,12 +34,7 @@ of the package on many systems.
%setup -q -n logwatch-svn%{revision}
%patch0 -p1
%patch1 -p1
%patch3 -p1
%patch5 -p0
%patch7 -p1
%patch9 -p0
%patch16 -p1
%patch18 -p1
%patch2 -p1
rm -f scripts/services/*.orig
%build
@ -147,6 +134,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%{_mandir}/man*/*
%changelog
* Fri Jul 31 2015 Jan Synáček <jsynacek@redhat.com> - 7.4.1-4.20150731svn293
- Update to revision 293
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.4.1-3.20140924svn242
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
915e9f929d495e586cfa687ba5f5d84c logwatch-svn242.tar.xz
3c756a31647034c835f0ce0e7381d193 logwatch-svn293.tar.xz