git: 3e32a170426a - main - security/logcheck: Update to 1.4.1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Feb 2023 07:04:26 UTC
The branch main has been updated by yasu:
URL: https://cgit.FreeBSD.org/ports/commit/?id=3e32a170426ad29de3d09675d6a413e6cf779c85
commit 3e32a170426ad29de3d09675d6a413e6cf779c85
Author: Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2023-02-13 01:27:22 +0000
Commit: Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2023-02-13 07:03:57 +0000
security/logcheck: Update to 1.4.1
ChangeLog: https://salsa.debian.org/debian/logcheck/-/blob/debian/1.4.1/debian/changelog
---
UPDATING | 10 +++
security/logcheck/Makefile | 10 ++-
security/logcheck/distinfo | 6 +-
security/logcheck/files/patch-etc_logcheck.conf | 14 +---
.../logcheck/files/patch-etc_logcheck.logfiles | 21 +++--
.../patch-etc_logcheck.logfiles.d_syslog.logfiles | 9 +++
.../files/patch-rulefiles_linux_violations.d_sudo | 7 --
...lefiles_linux_violations.ignore.d_logcheck-sudo | 13 ---
security/logcheck/files/patch-src_logcheck | 94 +++++++++++-----------
security/logcheck/files/pkg-message.in | 2 +-
security/logcheck/pkg-plist | 3 +-
11 files changed, 98 insertions(+), 91 deletions(-)
diff --git a/UPDATING b/UPDATING
index dd43ed083939..97843ae46b90 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,16 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20230213:
+ AFFECTS: users of security/logcheck
+ AUTHOR: yasu@FreeBSD.org
+
+ Since 1.4.1 ${PREFIX}/etc/logcheck/logcheck.logfiles is empty and
+ files to be checked by logcheck are specified in
+ ${PREFIX}/etc/logcheck/logcheck.logfiles.d/syslog.logfiles. So if
+ you previously edited the former, then you should edit the latter
+ now.
+
20230210:
AFFECTS: users of mail/fetchmail
AUTHOR: fernape@FreeBSD.org
diff --git a/security/logcheck/Makefile b/security/logcheck/Makefile
index 79c1fa818596..11831dceaf40 100644
--- a/security/logcheck/Makefile
+++ b/security/logcheck/Makefile
@@ -1,5 +1,5 @@
PORTNAME= logcheck
-DISTVERSION= 1.4.0
+DISTVERSION= 1.4.1
CATEGORIES= security
MASTER_SITES= DEBIAN_POOL
DISTNAME= ${PORTNAME}_${PORTVERSION}
@@ -54,7 +54,8 @@ MAN8_FILES= logcheck.8 logtail.8 logtail2.8
REINPLACE_FILES= debian/logcheck.cron.d docs/logcheck.sgml \
docs/logtail2.8 docs/README.logcheck \
docs/README.logcheck-database docs/README.logtail \
- etc/logcheck.conf src/logcheck src/logtail2
+ etc/logcheck.conf etc/logcheck.logfiles src/logcheck \
+ src/logtail2
RUNDIR= ${BASEDIR}/var/run/${PORTNAME}
.include <bsd.port.pre.mk>
@@ -71,6 +72,7 @@ do-install:
${STAGEDIR}${DBDIR} \
${STAGEDIR}${DOCSDIR} \
${STAGEDIR}${ETCDIR} \
+ ${STAGEDIR}${ETCDIR}/logcheck.logfiles.d \
${STAGEDIR}${EXAMPLESDIR} \
${STAGEDIR}${RUNDIR}
${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin
@@ -80,7 +82,9 @@ do-install:
${INSTALL_DATA} ${WRKSRC}/etc/logcheck.conf \
${STAGEDIR}${ETCDIR}/logcheck.conf.sample
${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles \
- ${STAGEDIR}${ETCDIR}/logcheck.logfiles.sample
+ ${STAGEDIR}${ETCDIR}/
+ ${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles.d/syslog.logfiles \
+ ${STAGEDIR}${ETCDIR}/logcheck.logfiles.d/syslog.logfiles.sample
.for i in ${CONFIG_DIRS}
@${MKDIR} ${STAGEDIR}${ETCDIR}/${i}
${INSTALL_DATA} ${WRKSRC}/rulefiles/linux/${i}/* \
diff --git a/security/logcheck/distinfo b/security/logcheck/distinfo
index 1623f327cd29..f8a41fb03453 100644
--- a/security/logcheck/distinfo
+++ b/security/logcheck/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1671926319
-SHA256 (logcheck_1.4.0.tar.xz) = dfd95c980727108cc9b8921736af9388dea0f6157688c03e8e39de378107b3dc
-SIZE (logcheck_1.4.0.tar.xz) = 135232
+TIMESTAMP = 1676208609
+SHA256 (logcheck_1.4.1.tar.xz) = 6ea06d7a4607c025cb45d7ab230d8b0245b26015a03f13ce109874817ca2d853
+SIZE (logcheck_1.4.1.tar.xz) = 138260
diff --git a/security/logcheck/files/patch-etc_logcheck.conf b/security/logcheck/files/patch-etc_logcheck.conf
index 4af58e20395b..b94033de9937 100644
--- a/security/logcheck/files/patch-etc_logcheck.conf
+++ b/security/logcheck/files/patch-etc_logcheck.conf
@@ -1,4 +1,4 @@
---- etc/logcheck.conf.orig 2017-01-25 21:08:04 UTC
+--- etc/logcheck.conf.orig 2022-12-22 22:41:45 UTC
+++ etc/logcheck.conf
@@ -9,7 +9,7 @@
# Controls the presence of boilerplate at the top of each message:
@@ -20,18 +20,12 @@
# Alternatively, set to "1" to enable cracking.ignore support
#SUPPORT_CRACKING_IGNORE=0
-@@ -53,13 +53,7 @@ FQDN=1
+@@ -53,7 +53,7 @@ FQDN=1
# Controls the base directory for rules file location
# This must be an absolute path
-#RULEDIR="/etc/logcheck"
--
--# Controls if syslog-summary is run over each section.
--# Alternatively, set to "1" to enable extra summary.
--# HINT: syslog-summary needs to be installed.
--
--#SYSLOGSUMMARY=0
+#RULEDIR="%%ETCDIR%%"
- # Controls Subject: lines on logcheck reports:
-
+ # Controls if syslog-summary is run over each section.
+ # Alternatively, set to "1" to enable extra summary.
diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles
index 5b53b848f9ca..1f2f8f8709af 100644
--- a/security/logcheck/files/patch-etc_logcheck.logfiles
+++ b/security/logcheck/files/patch-etc_logcheck.logfiles
@@ -1,8 +1,15 @@
---- etc/logcheck.logfiles.orig 2017-01-25 21:08:04 UTC
+--- etc/logcheck.logfiles.orig 2023-02-10 21:19:27 UTC
+++ etc/logcheck.logfiles
-@@ -1,4 +1,4 @@
- # these files will be checked by logcheck
- # This has been tuned towards a default syslog install
--/var/log/syslog
- /var/log/auth.log
-+/var/log/messages
+@@ -1,10 +1,10 @@
+ ## Logs that will be checked by logcheck
+ #
+ # This file is empty and all settings are in files (whose name must
+-# end in '.logfiles') under /etc/logcheck/logcheck.logfiles.d/
++# end in '.logfiles') under %%ETCDIR%%/logcheck.logfiles.d/
+ #
+ # It is recommended that you put local settings into
+-# /etc/logcheck.d/local.logfiles instead of editing this file
++# %%ETCDIR%%/logcheck.logfiles.d/local.logfiles instead of editing this file
+ #
+ # Each line should be:
+ # - an absolute path to a log
diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles
new file mode 100644
index 000000000000..34bf4a97f3bd
--- /dev/null
+++ b/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles
@@ -0,0 +1,9 @@
+--- etc/logcheck.logfiles.d/syslog.logfiles.orig 2023-02-10 21:19:27 UTC
++++ etc/logcheck.logfiles.d/syslog.logfiles
+@@ -5,5 +5,5 @@
+
+ # (If your system does not use a syslog daemon you
+ # can comment these lines out)
+-/var/log/syslog
+ /var/log/auth.log
++/var/log/messages
diff --git a/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo b/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo
deleted file mode 100644
index c2cd0159f915..000000000000
--- a/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo
+++ /dev/null
@@ -1,7 +0,0 @@
---- rulefiles/linux/violations.d/sudo.orig 2022-12-22 23:03:11 UTC
-+++ rulefiles/linux/violations.d/sudo
-@@ -1,3 +1,3 @@
- ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
- ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: .*$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$
diff --git a/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo b/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo
deleted file mode 100644
index 0b1678bfbd30..000000000000
--- a/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo
+++ /dev/null
@@ -1,13 +0,0 @@
---- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig 2022-12-22 23:03:11 UTC
-+++ rulefiles/linux/violations.ignore.d/logcheck-sudo
-@@ -1,5 +1,5 @@
--^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [._[:alnum:]-]+ authenticated as [._[:alnum:]-]+@[.A-Z]+$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [._[:alnum:]-]+$
-+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [._[:alnum:]-]+ authenticated as [._[:alnum:]-]+@[.A-Z]+$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [._[:alnum:]-]+$
diff --git a/security/logcheck/files/patch-src_logcheck b/security/logcheck/files/patch-src_logcheck
index a63f76c7e163..cd584e1e9827 100644
--- a/security/logcheck/files/patch-src_logcheck
+++ b/security/logcheck/files/patch-src_logcheck
@@ -1,31 +1,31 @@
---- src/logcheck.orig 2017-12-21 16:33:24 UTC
+--- src/logcheck.orig 2023-02-13 01:15:18 UTC
+++ src/logcheck
@@ -24,16 +24,16 @@
- if [ `id -u` = 0 ]; then
+ if [ "$(id -u)" = 0 ]; then
echo "logcheck should not be run as root. Use su to invoke logcheck:"
-- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
-+ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
- echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
+- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${*:+ $*}\" logcheck"
++ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%LOCALBASE%%/sbin/logcheck${*:+ $*}\" logcheck"
+ echo "Or use sudo: sudo -u logcheck logcheck${*:+ $*}."
# you may want to uncomment that hack to let logcheck invoke itself.
- # su -s /bin/bash -c "$0 $*" logcheck
+ # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
exit 1
fi
--if [ ! -f /usr/bin/lockfile-create -o \
-- ! -f /usr/bin/lockfile-remove -o \
-- ! -f /usr/bin/lockfile-touch ]; then
-+if [ ! -f %%PREFIX%%/bin/lockfile-create -o \
-+ ! -f %%PREFIX%%/bin/lockfile-remove -o \
-+ ! -f %%PREFIX%%/bin/lockfile-touch ]; then
- echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
+-if [ ! -f /usr/bin/lockfile-create ] || \
+- [ ! -f /usr/bin/lockfile-remove ] || \
+- [ ! -f /usr/bin/lockfile-touch ]; then
++if [ ! -f %%LOCALBASE%%/bin/lockfile-create ] || \
++ [ ! -f %%LOCALBASE%%/bin/lockfile-remove ] || \
++ [ ! -f %%LOCALBASE%%/bin/lockfile-touch ]; then
+ echo "fatal: lockfile-progs is a prerequisite for logcheck, but was not found."
exit 1
fi
-@@ -69,13 +69,13 @@ EVENTSSUBJECT="System Events"
+@@ -71,13 +71,13 @@ EVENTSSUBJECT="System Events"
ADDTAG="no"
- # Set the default paths
+ # Default paths
-RULEDIR="/etc/logcheck"
-CONFFILE="/etc/logcheck/logcheck.conf"
-STATEDIR="/var/lib/logcheck"
@@ -40,10 +40,10 @@
+LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
+LOGFILE_FALLBACK="/var/log/messages"
+LOGTAIL="%%PREFIX%%/sbin/logtail2"
- CAT="/bin/cat"
SYSLOG_SUMMARY="/usr/bin/syslog-summary"
-@@ -90,7 +90,7 @@ FQDN=0
+ # Defaults for options
+@@ -92,7 +92,7 @@ FQDN=0
SORTUNIQ=0
SUPPORT_CRACKING_IGNORE=0
SYSLOGSUMMARY=0
@@ -51,45 +51,47 @@
+LOCKDIR=/var/run/logcheck
LOCKFILE="$LOCKDIR/logcheck"
- # Carry out the clean up tasks
-@@ -171,7 +171,7 @@ $message
- ${TMPDIR:+Check temporary directory: $TMPDIR
+ # Allow globs to return zero files
+@@ -183,8 +183,8 @@ ${TMPDIR:+"- Check temporary directory: $TMPDIR"
}
- Also verify that the logcheck user can read all files referenced in
--/etc/logcheck/logcheck.logfiles!
-+%%ETCDIR%%/logcheck.logfiles!
+ - verify that the logcheck user can read all
+ logfiles specified in;
+- /etc/logcheck/logcheck.logfiles
+- /etc/logcheck/logcheck.logfiled.d/*.logfiles
++ %%ETCDIR%%/logcheck.logfiles
++ %%ETCDIR%%/logcheck.logfiled.d/*.logfiles
+ - check the system has enough space; (df -h output follows):
+ $(df -h 2>&1|| :)
+ - check the settings (environment follows):
+@@ -237,7 +237,7 @@ cleanrules() {
+ error "Could not read $x"
+ fi
+ done
+- for rulefile in $(run-parts --list "$dir"); do
++ for rulefile in $(ls -1R "$dir"); do
+ rulefile="$(basename "$rulefile")"
+ if [ -f "${dir}/${rulefile}" ]; then
+ debug "cleanrules: ${dir}/${rulefile} -> $cleaned/$rulefile"
+@@ -616,9 +616,9 @@ fi
- $(export)
- EOF
-@@ -223,7 +223,7 @@ cleanrules() {
- error "Couldn't read $x"
- fi
- done
-- for rulefile in $(run-parts --list "$dir"); do
-+ for rulefile in $(ls -1R "$dir"); do
- rulefile="$(basename "$rulefile")"
- if [ -f "${dir}/${rulefile}" ]; then
- debug "cleanrules: ${dir}/${rulefile}"
-@@ -538,9 +538,9 @@ fi
-
- # Hostname either fully qualified or not.
+ # HOSTNAME is either 'fully qualified' or 'short'
if [ "$FQDN" -eq 1 ]; then
-- HOSTNAME="$(hostname --fqdn 2>/dev/null)"
-+ HOSTNAME="$(hostname -f 2>/dev/null)"
+- HOSTNAME="$(hostname --fqdn 2>/dev/null)"
++ HOSTNAME="$(hostname -f 2>/dev/null)"
else
-- HOSTNAME="$(hostname --short 2>/dev/null)"
-+ HOSTNAME="$(hostname -s 2>/dev/null)"
+- HOSTNAME="$(hostname --short 2>/dev/null)"
++ HOSTNAME="$(hostname -s 2>/dev/null)"
fi
# Now check for the other options
-@@ -645,8 +645,8 @@ else
+@@ -723,8 +723,8 @@ else
fi
- # Create the secure temporary directory or exit
+ # Create a secure temporary working directory (or exit)
-TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
-- || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
+- || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
+TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
-+ || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
- || error "Could not create temporary directory"
++ || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
+ || error "Could not create temporary directory"
- # Now clean the rulefiles in the directories
+ debug "Using working dir: $TMPDIR"
diff --git a/security/logcheck/files/pkg-message.in b/security/logcheck/files/pkg-message.in
index 4f59a9561302..3c8f957c2ebf 100644
--- a/security/logcheck/files/pkg-message.in
+++ b/security/logcheck/files/pkg-message.in
@@ -3,7 +3,7 @@
message: <<EOM
Please make sure that all files listed in
- %%ETCDIR%%/logcheck.logfiles
+ %%ETCDIR%%/logcheck.logfiles.d/syslog.logfiles
are readable to the '%%LOGCHECK_GROUP%%' group (see also /etc/newsyslog.conf),
or remove them from the aforementioned logcheck configuration file.
diff --git a/security/logcheck/pkg-plist b/security/logcheck/pkg-plist
index f97d5789f52b..97bc4b5bdbf6 100644
--- a/security/logcheck/pkg-plist
+++ b/security/logcheck/pkg-plist
@@ -185,6 +185,7 @@
%%ETCDIR%%/ignore.d.workstation/wpasupplicant
%%ETCDIR%%/ignore.d.workstation/xdm
%%ETCDIR%%/ignore.d.workstation/xlockmore
+%%ETCDIR%%/logcheck.logfiles
%%ETCDIR%%/violations.d/kernel
%%ETCDIR%%/violations.d/logcheck
%%ETCDIR%%/violations.d/smartd
@@ -193,7 +194,7 @@
%%ETCDIR%%/violations.ignore.d/logcheck-su
%%ETCDIR%%/violations.ignore.d/logcheck-sudo
@sample %%ETCDIR%%/logcheck.conf.sample
-@sample %%ETCDIR%%/logcheck.logfiles.sample
+@sample %%ETCDIR%%/logcheck.logfiles.d/syslog.logfiles.sample
@group
bin/logcheck-test
man/man1/logcheck-test.1.gz