svn commit: r483081 - in head/security/logcheck: . files
Steve Wills
swills at FreeBSD.org
Sat Oct 27 00:59:53 UTC 2018
Author: swills
Date: Sat Oct 27 00:59:51 2018
New Revision: 483081
URL: https://svnweb.freebsd.org/changeset/ports/483081
Log:
security/logcheck: Add patch for log format change of sudo(1)
PR: 232596
Submitted by: Yasuhiro KIMURA <yasu at utahime.org> (maintainer)
Added:
head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo (contents, props changed)
head/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo (contents, props changed)
head/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo (contents, props changed)
Modified:
head/security/logcheck/Makefile (contents, props changed)
Modified: head/security/logcheck/Makefile
==============================================================================
--- head/security/logcheck/Makefile Sat Oct 27 00:56:29 2018 (r483080)
+++ head/security/logcheck/Makefile Sat Oct 27 00:59:51 2018 (r483081)
@@ -3,6 +3,7 @@
PORTNAME= logcheck
PORTVERSION= 1.3.19
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= DEBIAN_POOL
DISTNAME= ${PORTNAME}_${PORTVERSION}
@@ -18,6 +19,9 @@ RUN_DEPENDS= mime-construct:mail/mime-construct \
lockfile-create:sysutils/lockfile-progs \
bash:shells/bash
+# Enable Perl dependency for logtail script
+USES= perl5 shebangfix tar:xz
+
LOGCHECK_USER= logcheck
LOGCHECK_GROUP= ${LOGCHECK_USER}
USERS= ${LOGCHECK_USER}
@@ -32,9 +36,6 @@ CRON_DESC= Install cron script automatically
.if !defined(BATCH)
OPTIONS_DEFAULT=CRON
.endif
-
-# Enable Perl dependency for logtail script
-USES= perl5 shebangfix tar:xz
WRKSRC= ${WRKDIR}/${DISTNAME:S!_!-!}
BINMODE= 755
Added: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo Sat Oct 27 00:59:51 2018 (r483081)
@@ -0,0 +1,11 @@
+--- rulefiles/linux/ignore.d.server/sudo.orig 2018-05-30 21:59:13 UTC
++++ rulefiles/linux/ignore.d.server/sudo
+@@ -1,4 +1,4 @@
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
Added: head/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo Sat Oct 27 00:59:51 2018 (r483081)
@@ -0,0 +1,7 @@
+--- rulefiles/linux/violations.d/sudo.orig 2018-05-30 21:59:13 UTC
++++ rulefiles/linux/violations.d/sudo
+@@ -1,3 +1,3 @@
+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$
Added: head/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo Sat Oct 27 00:59:51 2018 (r483081)
@@ -0,0 +1,13 @@
+--- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig 2018-05-30 21:59:13 UTC
++++ rulefiles/linux/violations.ignore.d/logcheck-sudo
+@@ -1,5 +1,5 @@
+-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
More information about the svn-ports-all
mailing list