From fcbb7792b2a1f78c4947064631bdb0db1ac240ab Mon Sep 17 00:00:00 2001 From: Jan Synacek Date: Fri, 31 Jul 2015 12:46:17 +0200 Subject: [PATCH] Update to revision 293 And drop upstreamed patches. --- .gitignore | 1 + logwatch-dovecot.patch | 36 --------- logwatch-named-dnssec.patch | 142 --------------------------------- logwatch-rkhunter.patch | 48 ----------- logwatch-secure-username.patch | 18 ----- logwatch-xntpd.patch | 41 ---------- logwatch.spec | 28 +++---- sources | 2 +- 8 files changed, 11 insertions(+), 305 deletions(-) delete mode 100644 logwatch-dovecot.patch delete mode 100644 logwatch-named-dnssec.patch delete mode 100644 logwatch-rkhunter.patch delete mode 100644 logwatch-secure-username.patch delete mode 100644 logwatch-xntpd.patch diff --git a/.gitignore b/.gitignore index 9950ac9..52a5367 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ logwatch-7.3.6.tar.gz /logwatch-svn140.tar.xz /logwatch-svn198.tar.xz /logwatch-svn242.tar.xz +/logwatch-svn293.tar.xz diff --git a/logwatch-dovecot.patch b/logwatch-dovecot.patch deleted file mode 100644 index 111e998..0000000 --- a/logwatch-dovecot.patch +++ /dev/null @@ -1,36 +0,0 @@ -Update dovecot log parsing. - -Author: Frank Crawford -Author: Karel Klic -RH-Bugzilla: #645962 - ---- logwatch-svn127/scripts/services/dovecot.orig 2012-12-30 17:24:53.000000000 +0100 -+++ logwatch-svn127/scripts/services/dovecot 2013-01-09 09:09:45.256236296 +0100 -@@ -150,7 +150,7 @@ while (defined($ThisLine = )) { - # We don't care about these - } elsif ( $ThisLine =~ /Killed with signal /) { - $End++; -- } elsif ( $ThisLine =~ /Dovecot (v\d[^ ]* |)starting up( \(core dumps disabled\))?$/) { -+ } elsif ( $ThisLine =~ /Dovecot (v\d[^ ]* |)starting up( \(.*\))?$/) { - $Restarts++; - $End = 0; - } elsif ( ( ($User, $Host) = ( $ThisLine =~ /^pop3-login: Login: (.*?) \[(.*)\]/ ) ) or -@@ -181,15 +181,15 @@ while (defined($ThisLine = )) { - } - - # 'lda' for dovecot 2.0, 'deliver' for earlier versions -- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): msgid=.*: saved mail to (\S+)/ ) ) { -+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): msgid=.*: saved mail to (.*)/ ) ) { - $Deliver{$User}{$Mailbox}++; - - # For Sieve-based delivery -- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda\(|deliver\(|lmtp\(\d+, )(.*)\): (?:[^:]+: )?sieve: msgid=.*: stored mail into mailbox '([^']*)'/ ) ) { -+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) { - $Deliver{$User}{$Mailbox}++; - - # LMTP-based delivery -- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp\(\d+, (.*)\): [^:]+: msgid=.*: saved mail to (\S+)/ ) ) { -+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag lmtp\(\d+, (.*)\): [^:]+: msgid=.*: saved mail to (.*)/ ) ) { - # dovecot: [ID 583609 mail.info] lmtp(12782, cloyce@headgear.org): jBt1EfjCMk3uMQAAm9eMBA: msgid=<4D32DB1F.3080707@c-dot.co.uk>: saved mail to INBOX - $Deliver{$User}{$Mailbox}++; - diff --git a/logwatch-named-dnssec.patch b/logwatch-named-dnssec.patch deleted file mode 100644 index ee663ee..0000000 --- a/logwatch-named-dnssec.patch +++ /dev/null @@ -1,142 +0,0 @@ -Handle DNSSEC messages in named. - -Author: Frank Crawford -RH-Bugzilla: #666394 -Backported-By: Jan Synacek - ---- logwatch-svn242/scripts/services/named 2014-09-09 18:08:00.000000000 +0200 -+++ logwatch-svn242-new/scripts/services/named 2014-09-24 07:54:13.582370611 +0200 -@@ -116,6 +116,7 @@ - ($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or - ($ThisLine =~ /too many timeouts resolving '.*' .*: reducing the advertised EDNS UDP packet size to .* octets/) or - ($ThisLine =~ /reloading zones succeeded/) or -+ ($ThisLine =~ /generating session key/) or - ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or - ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or - ($ThisLine =~ /the working directory is not writable/) or -@@ -137,6 +138,11 @@ - ($ThisLine =~ /refresh in progress, refresh check queued/) or - ($ThisLine =~ /refresh: NODATA response from master/) or - ($ThisLine =~ /update with no effect/) or -+ ($ThisLine =~ /reading built-in trusted keys from file/) or -+ ($ThisLine =~ /using built-in trusted-keys/) or -+ ($ThisLine =~ /set up managed keys zone/) or -+ # the following seems okay since it says "success" -+ ($ThisLine =~ /managed-keys-zone .*: No DNSKEY RRSIGs found for '.*': success/) or - ($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* no valid signature found/) or - ($ThisLine =~ /^sizing zone task pool based on \d+ zones/) or - ($ThisLine =~ /^BIND \d+ is maintained by Internet Systems Consortium/) or -@@ -169,7 +175,8 @@ - $ShutdownNamed++; - } elsif ( $ThisLine =~ /named shutdown failed/ ) { - $ShutdownNamedFail++; -- } elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) { -+ } elsif ( (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?zone transfer '(.+)' denied/ )) or -+ (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?bad zone transfer request: '(.+)':/ )) ) { - $DeniedZoneTransfers{$Host}{$Zone}++; - } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) { - $DeferredZoneTransfers{$Zone}++; -@@ -195,14 +202,13 @@ - $ConnectionRefused{$Addr}{$Server}++; - } elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on|resolving) '(.+)' \(in .+\):\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) { - $LameServer{$Addr}{$Server}++; -- } elsif ( ($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ ) ) { -+ } elsif ( (($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ )) or -+ (($Zone) = ( $ThisLine =~ /zone (.+): \(.*\) removed/ )) ) { - $ZoneRemoved{$Zone}++; - } elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) { - $ZoneReceivedNotify{$Zone}++; - } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) { - $ZoneReceivedNotify{$Zone}++; -- } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) { -- $ZoneReceivedNotify{$Zone}++; - } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\/IN: refused notify from non-master/ ) ) { - $ZoneRefusedNotify{$Zone}++; - # } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) { -@@ -225,13 +231,13 @@ - } elsif ( ($Client) = ( $ThisLine =~ /warning: client (.*) no more TCP clients/ ) ) { - $FullClient = LookupIP ($Client); - $DeniedTCPClient{$FullClient}++; -- } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query \(cache\) denied/ ) ) { -+ } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: (?:view \w+: )?query \(cache\) denied/ ) ) { - $FullClient = LookupIP ($Client); - $DeniedQuery{$FullClient}++; - } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query '.*\/IN' denied/ ) ) { - $FullClient = LookupIP ($Client); - $DeniedQueryNoCache{$FullClient}++; -- } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) { -+ } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: (?:view \w+: )?update '(.*)' denied/)) { - $ViewName = ($ViewName ? "/$ViewName" : ""); - $UpdateDenied{"$Rhost ($Ldom$ViewName)"}++; - } elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update forwarding '(.*)' denied/)) { -@@ -288,6 +294,18 @@ - $NoSOA{$Client}++; - } elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) { - $Hints{$Hint}++; -+ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) { -+ $DNSSECInsec{'__Total__'}++; -+ $DNSSECInsec{$Zone}{$RR}++; -+ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) { -+ $DNSSECInvalid{'__Total__'}++; -+ $DNSSECInvalid{$Zone}{$RR}++; -+ } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) { -+ $DNSSECBadCache{'__Total__'}++; -+ $DNSSECBadCache{$Zone}{$RR}++; -+ } elsif (($Error,$Host) = ($ThisLine =~ /error \((.*)\) resolving '([^']+)':/)) { -+ $DNSSECError{$Error}{'__Total__'}++; -+ $DNSSECError{$Error}{$Host}++; - } elsif ($ThisLine =~ /^samba_dlz:/) { - if ( ($Rhost, $Error) = ($ThisLine =~ /disallowing update of signer=.* name=(.*) type=.* error=(.*)/ )) { - $UpdateDenied{"$Rhost ($Error)"}++; -@@ -648,6 +666,51 @@ - } - } - -+if (($Detail >= 5) and (keys %DNSSECInsec)) { -+ print "\n DNSSEC Insecure Responses: " . $DNSSECInsec{'__Total__'} . " Time(s)\n"; -+ foreach $Zone (sort keys %DNSSECInsec) { -+ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) { -+ foreach $RR (sort keys %{$DNSSECInsec{$Zone}}) { -+ print " " . "$Zone/$RR: " . $DNSSECInsec{$Zone}{$RR} . " Time(s)\n"; -+ } -+ } -+ } -+} -+ -+if (($Detail >= 5) and (keys %DNSSECInvalid)) { -+ print "\n DNSSEC No Valid Signature: " . $DNSSECInvalid{'__Total__'} . " Time(s)\n"; -+ foreach $Zone (sort keys %DNSSECInvalid) { -+ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) { -+ foreach $RR (sort keys %{$DNSSECInvalid{$Zone}}) { -+ print " " . "$Zone/$RR: " . $DNSSECInvalid{$Zone}{$RR} . " Time(s)\n"; -+ } -+ } -+ } -+} -+ -+if (($Detail >= 5) and (keys %DNSSECBadCache)) { -+ print "\n DNSSEC Bad Cache hit: " . $DNSSECBadCache{'__Total__'} . " Time(s)\n"; -+ foreach $Zone (sort keys %DNSSECBadCache) { -+ if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) { -+ foreach $RR (sort keys %{$DNSSECBadCache{$Zone}}) { -+ print " " . "$Zone/$RR: " . $DNSSECBadCache{$Zone}{$RR} . " Time(s)\n"; -+ } -+ } -+ } -+} -+ -+if (($Detail >= 5) and (keys %DNSSECError)) { -+ print "\n DNS Errors:\n"; -+ foreach $Error (sort keys %DNSSECError) { -+ print " $Error: " . $DNSSECError{$Error}{'__Total__'} . " Time(s)\n"; -+ if ($Detail >= 10) { -+ foreach $Host (sort keys %{$DNSSECError{$Error}}) { -+ print " " . "$Host: " . $DNSSECError{$Error}{$Host} . " Time(s)\n" unless ($Host eq '__Total__'); -+ } -+ } -+ } -+} -+ - if (keys %OtherList) { - print "\n**Unmatched Entries**\n"; - foreach $line (sort {$a cmp $b} keys %OtherList) { diff --git a/logwatch-rkhunter.patch b/logwatch-rkhunter.patch deleted file mode 100644 index a6cad29..0000000 --- a/logwatch-rkhunter.patch +++ /dev/null @@ -1,48 +0,0 @@ -RootkitHunter support. - -Author: Jan Synacek -RH-Bugzilla: #818926 - -Index: scripts/services/secure -=================================================================== ---- scripts/services/secure (revision 110) -+++ scripts/services/secure (working copy) -@@ -180,6 +180,7 @@ - $PwdChange = 0; - $RequestKeyFailures = 0; - %OtherList = (); -+%RootkitHunter = (); - use Logwatch ':ip'; - - while (defined($ThisLine = )) { -@@ -519,6 +520,14 @@ - $e=''; - } - $KerbList{$response}{$type}{$from}{$service}{$client}{$e}++; -+ } elsif ($ThisLine =~ /Rootkit Hunter:/ ) { -+ if ($ThisLine =~ /Please inspect this machine/) { -+ $RootkitHunter{'inspect'}++; -+ } elsif ($ThisLine =~ /check started/) { -+ $RootkitHunter{'runs'}++; -+ } elsif (my ($mins, $secs) = ($ThisLine =~ /Scanning took ([0-9]*) minutes? and ([0-9]*) seconds?/)) { -+ $RootkitHunter{'time'}+= $mins*60 + $secs; -+ } - } else { - # Unmatched entries... - $ThisLine =~ s/\[\d+\]:/:/; -@@ -908,6 +917,15 @@ - } - } - -+if (keys %RootkitHunter) { -+ use integer; -+ my ($mins, $secs) = ($RootkitHunter{'time'} / 60, $RootkitHunter{'time'} % 60); -+ print "\nRootkitHunter:\n"; -+ print " Runs: $RootkitHunter{'runs'}\n"; -+ print " Suggested Inspection: $RootkitHunter{'inspect'} Time(s)\n"; -+ print " Total Runtime: $mins minute(s) $secs second(s)\n"; -+} -+ - if (keys %OtherList) { - print "\n**Unmatched Entries**\n"; - foreach $line (sort {$a cmp $b} keys %OtherList) { diff --git a/logwatch-secure-username.patch b/logwatch-secure-username.patch deleted file mode 100644 index 6c9deb3..0000000 --- a/logwatch-secure-username.patch +++ /dev/null @@ -1,18 +0,0 @@ -Weaken username regexp restriction. Usernames can include more characters than -just letters (e.g. _ or [0-9]). - -Author: Jan Synacek -Reported-By: Robert Scheck -RH-Bugzilla: #894272 - ---- logwatch-svn127-dist/scripts/services/secure 2013-01-11 10:38:15.778804473 +0100 -+++ logwatch-svn127/scripts/services/secure 2013-01-11 10:49:13.381323119 +0100 -@@ -247,7 +247,7 @@ while (defined($ThisLine = )) { - ( $ThisLine =~ /userhelper\[\d+\]: running '([^ ]+)' with [^ ]+ context/) or - ( $ThisLine =~ /pam_timestamp\(.*:session\): updated timestamp file `\/var\/run\/sudo.*'/) or - ( $ThisLine =~ /[^ ]*: pam_keyinit(.*:.*): Unable to change GID to [0-9]* temporarily/) or -- ( $ThisLine =~ /password check failed for user \([a-zA-Z]*\)/) or -+ ( $ThisLine =~ /password check failed for user \(\S*\)/) or - ( $ThisLine =~ /PAM pam_set_item: attempt to set conv\(\) to NULL/) or - ( $ThisLine =~ /PAM pam_get_item: nowhere to place requested item/) or - ( $ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or diff --git a/logwatch-xntpd.patch b/logwatch-xntpd.patch deleted file mode 100644 index b21cd1b..0000000 --- a/logwatch-xntpd.patch +++ /dev/null @@ -1,41 +0,0 @@ -Update ntpd log parsing. - -RH-Bugzilla: #673756 - ---- scripts/services/xntpd 2014-09-09 13:27:00.000000000 +0200 -+++ scripts/services/xntpd 2014-09-24 08:00:29.929655076 +0200 -@@ -67,6 +67,7 @@ - ($ThisLine =~ m/tickadj = /) or # startup - ($ThisLine =~ m/precision = /) or # startup - ($ThisLine =~ m/ (succeeded|failed)/) or # startup -+ ($ThisLine =~ m/sendto\(\S+\): Success/) or # startup - ($ThisLine =~ m/kernel time (discipline|sync) status/) or # startup - ($ThisLine =~ m/kernel time sync (dis|en)abled /) or # startup - ($ThisLine =~ m/frequency initialized/) or # startup -@@ -79,6 +80,8 @@ - ($ThisLine =~ /Listening on interface .* Disabled/) or - ($ThisLine =~ /Listen and drop on /) or - ($ThisLine =~ /Listening on routing socket on/) or -+ ($ThisLine =~ /.* interface .* -> \(null\)/) or -+ ($ThisLine =~ /Deferring DNS for/) or - ($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or - ($ThisLine =~ /peers refreshed$/) or - ($ThisLine =~ /restrict: error in address/) or -@@ -102,7 +105,7 @@ - } elsif ( my (undef,$TimeStep) = ($ThisLine =~ /(offset) ([^ ]+) sec/ )) { - push @TimeReset, $TimeStep; - # MEv end no leadin to line -- } elsif ( my ($ListenOn) = ($ThisLine =~ /Listening on interface (.*)(?: Enabled)?/ )) { -+ } elsif ( my ($ListenOn) = ($ThisLine =~ /Listening on interface(?: #\d+)? (.*)(?: Enabled)?/ )) { - $Interfaces{$ListenOn}++; - } elsif ( my ($ListenOn) = ($ThisLine =~ /Listen normally on \d+ (.*)/ )) { - $Interfaces{$ListenOn}++; -@@ -121,7 +124,7 @@ - $TwoInst{$name}++; - } elsif ( my ($Error) = ($ThisLine =~ /(no server(s reachable| suitable for synchronization found))/ )) { - $Errors{$Error}++; -- } elsif ( my ($Error) = ($ThisLine =~ /(can't find host \S+|no servers can be used, exiting)/ )) { -+ } elsif ( my ($Error) = ($ThisLine =~ /([Cc]an't find host \S+|no servers can be used, exiting)/ )) { - $Errors{$Error}++; - } elsif ( my ($Error) = ($ThisLine =~ /(sendto\(\S+\): Network is unreachable)/ )) { - $Errors{$Error}++; diff --git a/logwatch.spec b/logwatch.spec index d400c0b..23aabe1 100644 --- a/logwatch.spec +++ b/logwatch.spec @@ -1,30 +1,22 @@ -%global revision 242 +%global revision 293 Summary: A log file analysis program Name: logwatch Version: 7.4.1 -Release: 3.20140924svn%{revision}%{?dist} +Release: 4.20150731svn%{revision}%{?dist} License: MIT Group: Applications/System URL: http://www.logwatch.org/ # The source for this package was pulled from upstream's vcs. Use the # following commands to generate the tarball: -# svn export -r 242 https://svn.code.sf.net/p/logwatch/code/ logwatch-svn242 -# tar --transform "s/trunk/logwatch-svn242/" -cJvf logwatch-svn242.tar.xz -C logwatch-svn242 trunk +# svn export -r 293 https://svn.code.sf.net/p/logwatch/code/ logwatch-svn293 +# tar --transform "s/trunk/logwatch-svn293/" -cJvf logwatch-svn293.tar.xz -C logwatch-svn293 trunk Source0: logwatch-svn%{revision}.tar.xz #Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz # Needs proper fix. Not applied by the upstream. Patch0: logwatch-vsftpd.patch # Not applied by upstream. Patch1: logwatch-oldfiles.patch -# Fixes not yet in upstream for DNSSEC messages in named service (rhbz#666394) -Patch3: logwatch-named-dnssec.patch -Patch5: logwatch-xntpd.patch -Patch7: logwatch-dovecot.patch -# Rootkit Hunter patch - not applied by upstream -Patch9: logwatch-rkhunter.patch -# Not yet upstreamed -Patch16: logwatch-secure-userhelper.patch -Patch18: logwatch-secure-username.patch +Patch2: logwatch-secure-userhelper.patch Requires: textutils sh-utils grep mailx Requires: perl(Date::Manip) Requires: perl(Sys::CPU) @@ -42,12 +34,7 @@ of the package on many systems. %setup -q -n logwatch-svn%{revision} %patch0 -p1 %patch1 -p1 -%patch3 -p1 -%patch5 -p0 -%patch7 -p1 -%patch9 -p0 -%patch16 -p1 -%patch18 -p1 +%patch2 -p1 rm -f scripts/services/*.orig %build @@ -147,6 +134,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her %{_mandir}/man*/* %changelog +* Fri Jul 31 2015 Jan Synáček - 7.4.1-4.20150731svn293 +- Update to revision 293 + * Wed Jun 17 2015 Fedora Release Engineering - 7.4.1-3.20140924svn242 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild diff --git a/sources b/sources index f70cb27..8ff09d1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -915e9f929d495e586cfa687ba5f5d84c logwatch-svn242.tar.xz +3c756a31647034c835f0ce0e7381d193 logwatch-svn293.tar.xz