diff options
| -rw-r--r-- | UPDATING | 10 | ||||
| -rw-r--r-- | security/logcheck/Makefile | 10 | ||||
| -rw-r--r-- | security/logcheck/distinfo | 6 | ||||
| -rw-r--r-- | security/logcheck/files/patch-etc_logcheck.conf | 14 | ||||
| -rw-r--r-- | security/logcheck/files/patch-etc_logcheck.logfiles | 21 | ||||
| -rw-r--r-- | security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles | 9 | ||||
| -rw-r--r-- | security/logcheck/files/patch-rulefiles_linux_violations.d_sudo | 7 | ||||
| -rw-r--r-- | security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo | 13 | ||||
| -rw-r--r-- | security/logcheck/files/patch-src_logcheck | 94 | ||||
| -rw-r--r-- | security/logcheck/files/pkg-message.in | 2 | ||||
| -rw-r--r-- | security/logcheck/pkg-plist | 3 |
11 files changed, 98 insertions, 91 deletions
@@ -5,6 +5,16 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20230213: + AFFECTS: users of security/logcheck + AUTHOR: yasu@FreeBSD.org + + Since 1.4.1 ${PREFIX}/etc/logcheck/logcheck.logfiles is empty and + files to be checked by logcheck are specified in + ${PREFIX}/etc/logcheck/logcheck.logfiles.d/syslog.logfiles. So if + you previously edited the former, then you should edit the latter + now. + 20230210: AFFECTS: users of mail/fetchmail AUTHOR: fernape@FreeBSD.org diff --git a/security/logcheck/Makefile b/security/logcheck/Makefile index 79c1fa818596..11831dceaf40 100644 --- a/security/logcheck/Makefile +++ b/security/logcheck/Makefile @@ -1,5 +1,5 @@ PORTNAME= logcheck -DISTVERSION= 1.4.0 +DISTVERSION= 1.4.1 CATEGORIES= security MASTER_SITES= DEBIAN_POOL DISTNAME= ${PORTNAME}_${PORTVERSION} @@ -54,7 +54,8 @@ MAN8_FILES= logcheck.8 logtail.8 logtail2.8 REINPLACE_FILES= debian/logcheck.cron.d docs/logcheck.sgml \ docs/logtail2.8 docs/README.logcheck \ docs/README.logcheck-database docs/README.logtail \ - etc/logcheck.conf src/logcheck src/logtail2 + etc/logcheck.conf etc/logcheck.logfiles src/logcheck \ + src/logtail2 RUNDIR= ${BASEDIR}/var/run/${PORTNAME} .include <bsd.port.pre.mk> @@ -71,6 +72,7 @@ do-install: ${STAGEDIR}${DBDIR} \ ${STAGEDIR}${DOCSDIR} \ ${STAGEDIR}${ETCDIR} \ + ${STAGEDIR}${ETCDIR}/logcheck.logfiles.d \ ${STAGEDIR}${EXAMPLESDIR} \ ${STAGEDIR}${RUNDIR} ${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin @@ -80,7 +82,9 @@ do-install: ${INSTALL_DATA} ${WRKSRC}/etc/logcheck.conf \ ${STAGEDIR}${ETCDIR}/logcheck.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles \ - ${STAGEDIR}${ETCDIR}/logcheck.logfiles.sample + ${STAGEDIR}${ETCDIR}/ + ${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles.d/syslog.logfiles \ + ${STAGEDIR}${ETCDIR}/logcheck.logfiles.d/syslog.logfiles.sample .for i in ${CONFIG_DIRS} @${MKDIR} ${STAGEDIR}${ETCDIR}/${i} ${INSTALL_DATA} ${WRKSRC}/rulefiles/linux/${i}/* \ diff --git a/security/logcheck/distinfo b/security/logcheck/distinfo index 1623f327cd29..f8a41fb03453 100644 --- a/security/logcheck/distinfo +++ b/security/logcheck/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1671926319 -SHA256 (logcheck_1.4.0.tar.xz) = dfd95c980727108cc9b8921736af9388dea0f6157688c03e8e39de378107b3dc -SIZE (logcheck_1.4.0.tar.xz) = 135232 +TIMESTAMP = 1676208609 +SHA256 (logcheck_1.4.1.tar.xz) = 6ea06d7a4607c025cb45d7ab230d8b0245b26015a03f13ce109874817ca2d853 +SIZE (logcheck_1.4.1.tar.xz) = 138260 diff --git a/security/logcheck/files/patch-etc_logcheck.conf b/security/logcheck/files/patch-etc_logcheck.conf index 4af58e20395b..b94033de9937 100644 --- a/security/logcheck/files/patch-etc_logcheck.conf +++ b/security/logcheck/files/patch-etc_logcheck.conf @@ -1,4 +1,4 @@ ---- etc/logcheck.conf.orig 2017-01-25 21:08:04 UTC +--- etc/logcheck.conf.orig 2022-12-22 22:41:45 UTC +++ etc/logcheck.conf @@ -9,7 +9,7 @@ # Controls the presence of boilerplate at the top of each message: @@ -20,18 +20,12 @@ # Alternatively, set to "1" to enable cracking.ignore support #SUPPORT_CRACKING_IGNORE=0 -@@ -53,13 +53,7 @@ FQDN=1 +@@ -53,7 +53,7 @@ FQDN=1 # Controls the base directory for rules file location # This must be an absolute path -#RULEDIR="/etc/logcheck" -- --# Controls if syslog-summary is run over each section. --# Alternatively, set to "1" to enable extra summary. --# HINT: syslog-summary needs to be installed. -- --#SYSLOGSUMMARY=0 +#RULEDIR="%%ETCDIR%%" - # Controls Subject: lines on logcheck reports: - + # Controls if syslog-summary is run over each section. + # Alternatively, set to "1" to enable extra summary. diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles index 5b53b848f9ca..1f2f8f8709af 100644 --- a/security/logcheck/files/patch-etc_logcheck.logfiles +++ b/security/logcheck/files/patch-etc_logcheck.logfiles @@ -1,8 +1,15 @@ ---- etc/logcheck.logfiles.orig 2017-01-25 21:08:04 UTC +--- etc/logcheck.logfiles.orig 2023-02-10 21:19:27 UTC +++ etc/logcheck.logfiles -@@ -1,4 +1,4 @@ - # these files will be checked by logcheck - # This has been tuned towards a default syslog install --/var/log/syslog - /var/log/auth.log -+/var/log/messages +@@ -1,10 +1,10 @@ + ## Logs that will be checked by logcheck + # + # This file is empty and all settings are in files (whose name must +-# end in '.logfiles') under /etc/logcheck/logcheck.logfiles.d/ ++# end in '.logfiles') under %%ETCDIR%%/logcheck.logfiles.d/ + # + # It is recommended that you put local settings into +-# /etc/logcheck.d/local.logfiles instead of editing this file ++# %%ETCDIR%%/logcheck.logfiles.d/local.logfiles instead of editing this file + # + # Each line should be: + # - an absolute path to a log diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles new file mode 100644 index 000000000000..34bf4a97f3bd --- /dev/null +++ b/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles @@ -0,0 +1,9 @@ +--- etc/logcheck.logfiles.d/syslog.logfiles.orig 2023-02-10 21:19:27 UTC ++++ etc/logcheck.logfiles.d/syslog.logfiles +@@ -5,5 +5,5 @@ + + # (If your system does not use a syslog daemon you + # can comment these lines out) +-/var/log/syslog + /var/log/auth.log ++/var/log/messages diff --git a/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo b/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo deleted file mode 100644 index c2cd0159f915..000000000000 --- a/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo +++ /dev/null @@ -1,7 +0,0 @@ ---- rulefiles/linux/violations.d/sudo.orig 2022-12-22 23:03:11 UTC -+++ rulefiles/linux/violations.d/sudo -@@ -1,3 +1,3 @@ - ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$ - ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$ --^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: .*$ -+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$ diff --git a/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo b/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo deleted file mode 100644 index 0b1678bfbd30..000000000000 --- a/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo +++ /dev/null @@ -1,13 +0,0 @@ ---- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig 2022-12-22 23:03:11 UTC -+++ rulefiles/linux/violations.ignore.d/logcheck-sudo -@@ -1,5 +1,5 @@ --^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [._[:alnum:]-]+ authenticated as [._[:alnum:]-]+@[.A-Z]+$ --^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ --^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ --^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ --^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [._[:alnum:]-]+$ -+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [._[:alnum:]-]+ authenticated as [._[:alnum:]-]+@[.A-Z]+$ -+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ -+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ -+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ -+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [._[:alnum:]-]+$ diff --git a/security/logcheck/files/patch-src_logcheck b/security/logcheck/files/patch-src_logcheck index a63f76c7e163..cd584e1e9827 100644 --- a/security/logcheck/files/patch-src_logcheck +++ b/security/logcheck/files/patch-src_logcheck @@ -1,31 +1,31 @@ ---- src/logcheck.orig 2017-12-21 16:33:24 UTC +--- src/logcheck.orig 2023-02-13 01:15:18 UTC +++ src/logcheck @@ -24,16 +24,16 @@ - if [ `id -u` = 0 ]; then + if [ "$(id -u)" = 0 ]; then echo "logcheck should not be run as root. Use su to invoke logcheck:" -- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck" -+ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\"" - echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}." +- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${*:+ $*}\" logcheck" ++ echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%LOCALBASE%%/sbin/logcheck${*:+ $*}\" logcheck" + echo "Or use sudo: sudo -u logcheck logcheck${*:+ $*}." # you may want to uncomment that hack to let logcheck invoke itself. - # su -s /bin/bash -c "$0 $*" logcheck + # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck exit 1 fi --if [ ! -f /usr/bin/lockfile-create -o \ -- ! -f /usr/bin/lockfile-remove -o \ -- ! -f /usr/bin/lockfile-touch ]; then -+if [ ! -f %%PREFIX%%/bin/lockfile-create -o \ -+ ! -f %%PREFIX%%/bin/lockfile-remove -o \ -+ ! -f %%PREFIX%%/bin/lockfile-touch ]; then - echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found." +-if [ ! -f /usr/bin/lockfile-create ] || \ +- [ ! -f /usr/bin/lockfile-remove ] || \ +- [ ! -f /usr/bin/lockfile-touch ]; then ++if [ ! -f %%LOCALBASE%%/bin/lockfile-create ] || \ ++ [ ! -f %%LOCALBASE%%/bin/lockfile-remove ] || \ ++ [ ! -f %%LOCALBASE%%/bin/lockfile-touch ]; then + echo "fatal: lockfile-progs is a prerequisite for logcheck, but was not found." exit 1 fi -@@ -69,13 +69,13 @@ EVENTSSUBJECT="System Events" +@@ -71,13 +71,13 @@ EVENTSSUBJECT="System Events" ADDTAG="no" - # Set the default paths + # Default paths -RULEDIR="/etc/logcheck" -CONFFILE="/etc/logcheck/logcheck.conf" -STATEDIR="/var/lib/logcheck" @@ -40,10 +40,10 @@ +LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d" +LOGFILE_FALLBACK="/var/log/messages" +LOGTAIL="%%PREFIX%%/sbin/logtail2" - CAT="/bin/cat" SYSLOG_SUMMARY="/usr/bin/syslog-summary" -@@ -90,7 +90,7 @@ FQDN=0 + # Defaults for options +@@ -92,7 +92,7 @@ FQDN=0 SORTUNIQ=0 SUPPORT_CRACKING_IGNORE=0 SYSLOGSUMMARY=0 @@ -51,45 +51,47 @@ +LOCKDIR=/var/run/logcheck LOCKFILE="$LOCKDIR/logcheck" - # Carry out the clean up tasks -@@ -171,7 +171,7 @@ $message - ${TMPDIR:+Check temporary directory: $TMPDIR + # Allow globs to return zero files +@@ -183,8 +183,8 @@ ${TMPDIR:+"- Check temporary directory: $TMPDIR" } - Also verify that the logcheck user can read all files referenced in --/etc/logcheck/logcheck.logfiles! -+%%ETCDIR%%/logcheck.logfiles! + - verify that the logcheck user can read all + logfiles specified in; +- /etc/logcheck/logcheck.logfiles +- /etc/logcheck/logcheck.logfiled.d/*.logfiles ++ %%ETCDIR%%/logcheck.logfiles ++ %%ETCDIR%%/logcheck.logfiled.d/*.logfiles + - check the system has enough space; (df -h output follows): + $(df -h 2>&1|| :) + - check the settings (environment follows): +@@ -237,7 +237,7 @@ cleanrules() { + error "Could not read $x" + fi + done +- for rulefile in $(run-parts --list "$dir"); do ++ for rulefile in $(ls -1R "$dir"); do + rulefile="$(basename "$rulefile")" + if [ -f "${dir}/${rulefile}" ]; then + debug "cleanrules: ${dir}/${rulefile} -> $cleaned/$rulefile" +@@ -616,9 +616,9 @@ fi - $(export) - EOF -@@ -223,7 +223,7 @@ cleanrules() { - error "Couldn't read $x" - fi - done -- for rulefile in $(run-parts --list "$dir"); do -+ for rulefile in $(ls -1R "$dir"); do - rulefile="$(basename "$rulefile")" - if [ -f "${dir}/${rulefile}" ]; then - debug "cleanrules: ${dir}/${rulefile}" -@@ -538,9 +538,9 @@ fi - - # Hostname either fully qualified or not. + # HOSTNAME is either 'fully qualified' or 'short' if [ "$FQDN" -eq 1 ]; then -- HOSTNAME="$(hostname --fqdn 2>/dev/null)" -+ HOSTNAME="$(hostname -f 2>/dev/null)" +- HOSTNAME="$(hostname --fqdn 2>/dev/null)" ++ HOSTNAME="$(hostname -f 2>/dev/null)" else -- HOSTNAME="$(hostname --short 2>/dev/null)" -+ HOSTNAME="$(hostname -s 2>/dev/null)" +- HOSTNAME="$(hostname --short 2>/dev/null)" ++ HOSTNAME="$(hostname -s 2>/dev/null)" fi # Now check for the other options -@@ -645,8 +645,8 @@ else +@@ -723,8 +723,8 @@ else fi - # Create the secure temporary directory or exit + # Create a secure temporary working directory (or exit) -TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \ -- || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \ +- || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \ +TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \ -+ || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \ - || error "Could not create temporary directory" ++ || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \ + || error "Could not create temporary directory" - # Now clean the rulefiles in the directories + debug "Using working dir: $TMPDIR" diff --git a/security/logcheck/files/pkg-message.in b/security/logcheck/files/pkg-message.in index 4f59a9561302..3c8f957c2ebf 100644 --- a/security/logcheck/files/pkg-message.in +++ b/security/logcheck/files/pkg-message.in @@ -3,7 +3,7 @@ message: <<EOM Please make sure that all files listed in - %%ETCDIR%%/logcheck.logfiles + %%ETCDIR%%/logcheck.logfiles.d/syslog.logfiles are readable to the '%%LOGCHECK_GROUP%%' group (see also /etc/newsyslog.conf), or remove them from the aforementioned logcheck configuration file. diff --git a/security/logcheck/pkg-plist b/security/logcheck/pkg-plist index f97d5789f52b..97bc4b5bdbf6 100644 --- a/security/logcheck/pkg-plist +++ b/security/logcheck/pkg-plist @@ -185,6 +185,7 @@ %%ETCDIR%%/ignore.d.workstation/wpasupplicant %%ETCDIR%%/ignore.d.workstation/xdm %%ETCDIR%%/ignore.d.workstation/xlockmore +%%ETCDIR%%/logcheck.logfiles %%ETCDIR%%/violations.d/kernel %%ETCDIR%%/violations.d/logcheck %%ETCDIR%%/violations.d/smartd @@ -193,7 +194,7 @@ %%ETCDIR%%/violations.ignore.d/logcheck-su %%ETCDIR%%/violations.ignore.d/logcheck-sudo @sample %%ETCDIR%%/logcheck.conf.sample -@sample %%ETCDIR%%/logcheck.logfiles.sample +@sample %%ETCDIR%%/logcheck.logfiles.d/syslog.logfiles.sample @group bin/logcheck-test man/man1/logcheck-test.1.gz |