Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Feb 2023 07:04:26 GMT
From:      Yasuhiro Kimura <yasu@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 3e32a170426a - main - security/logcheck: Update to 1.4.1
Message-ID:  <202302130704.31D74Q1g053660@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by yasu:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3e32a170426ad29de3d09675d6a413e6cf779c85

commit 3e32a170426ad29de3d09675d6a413e6cf779c85
Author:     Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2023-02-13 01:27:22 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2023-02-13 07:03:57 +0000

    security/logcheck: Update to 1.4.1
    
    ChangeLog:      https://salsa.debian.org/debian/logcheck/-/blob/debian/1.4.1/debian/changelog
---
 UPDATING                                           | 10 +++
 security/logcheck/Makefile                         | 10 ++-
 security/logcheck/distinfo                         |  6 +-
 security/logcheck/files/patch-etc_logcheck.conf    | 14 +---
 .../logcheck/files/patch-etc_logcheck.logfiles     | 21 +++--
 .../patch-etc_logcheck.logfiles.d_syslog.logfiles  |  9 +++
 .../files/patch-rulefiles_linux_violations.d_sudo  |  7 --
 ...lefiles_linux_violations.ignore.d_logcheck-sudo | 13 ---
 security/logcheck/files/patch-src_logcheck         | 94 +++++++++++-----------
 security/logcheck/files/pkg-message.in             |  2 +-
 security/logcheck/pkg-plist                        |  3 +-
 11 files changed, 98 insertions(+), 91 deletions(-)

diff --git a/UPDATING b/UPDATING
index dd43ed083939..97843ae46b90 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,16 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20230213:
+  AFFECTS: users of security/logcheck
+  AUTHOR: yasu@FreeBSD.org
+
+  Since 1.4.1 ${PREFIX}/etc/logcheck/logcheck.logfiles is empty and
+  files to be checked by logcheck are specified in
+  ${PREFIX}/etc/logcheck/logcheck.logfiles.d/syslog.logfiles. So if
+  you previously edited the former, then you should edit the latter
+  now.
+
 20230210:
   AFFECTS: users of mail/fetchmail
   AUTHOR: fernape@FreeBSD.org
diff --git a/security/logcheck/Makefile b/security/logcheck/Makefile
index 79c1fa818596..11831dceaf40 100644
--- a/security/logcheck/Makefile
+++ b/security/logcheck/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	logcheck
-DISTVERSION=	1.4.0
+DISTVERSION=	1.4.1
 CATEGORIES=	security
 MASTER_SITES=	DEBIAN_POOL
 DISTNAME=	${PORTNAME}_${PORTVERSION}
@@ -54,7 +54,8 @@ MAN8_FILES=		logcheck.8 logtail.8 logtail2.8
 REINPLACE_FILES=	debian/logcheck.cron.d docs/logcheck.sgml \
 			docs/logtail2.8 docs/README.logcheck \
 			docs/README.logcheck-database docs/README.logtail \
-			etc/logcheck.conf src/logcheck src/logtail2
+			etc/logcheck.conf etc/logcheck.logfiles src/logcheck \
+			src/logtail2
 RUNDIR=			${BASEDIR}/var/run/${PORTNAME}
 
 .include <bsd.port.pre.mk>
@@ -71,6 +72,7 @@ do-install:
 		  ${STAGEDIR}${DBDIR} \
 		  ${STAGEDIR}${DOCSDIR} \
 		  ${STAGEDIR}${ETCDIR} \
+		  ${STAGEDIR}${ETCDIR}/logcheck.logfiles.d \
 		  ${STAGEDIR}${EXAMPLESDIR} \
 		  ${STAGEDIR}${RUNDIR}
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin
@@ -80,7 +82,9 @@ do-install:
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.conf \
 		${STAGEDIR}${ETCDIR}/logcheck.conf.sample
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles \
-		${STAGEDIR}${ETCDIR}/logcheck.logfiles.sample
+		${STAGEDIR}${ETCDIR}/
+	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles.d/syslog.logfiles \
+		${STAGEDIR}${ETCDIR}/logcheck.logfiles.d/syslog.logfiles.sample
 .for i in ${CONFIG_DIRS}
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/${i}
 	${INSTALL_DATA} ${WRKSRC}/rulefiles/linux/${i}/* \
diff --git a/security/logcheck/distinfo b/security/logcheck/distinfo
index 1623f327cd29..f8a41fb03453 100644
--- a/security/logcheck/distinfo
+++ b/security/logcheck/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1671926319
-SHA256 (logcheck_1.4.0.tar.xz) = dfd95c980727108cc9b8921736af9388dea0f6157688c03e8e39de378107b3dc
-SIZE (logcheck_1.4.0.tar.xz) = 135232
+TIMESTAMP = 1676208609
+SHA256 (logcheck_1.4.1.tar.xz) = 6ea06d7a4607c025cb45d7ab230d8b0245b26015a03f13ce109874817ca2d853
+SIZE (logcheck_1.4.1.tar.xz) = 138260
diff --git a/security/logcheck/files/patch-etc_logcheck.conf b/security/logcheck/files/patch-etc_logcheck.conf
index 4af58e20395b..b94033de9937 100644
--- a/security/logcheck/files/patch-etc_logcheck.conf
+++ b/security/logcheck/files/patch-etc_logcheck.conf
@@ -1,4 +1,4 @@
---- etc/logcheck.conf.orig	2017-01-25 21:08:04 UTC
+--- etc/logcheck.conf.orig	2022-12-22 22:41:45 UTC
 +++ etc/logcheck.conf
 @@ -9,7 +9,7 @@
  # Controls the presence of boilerplate at the top of each message:
@@ -20,18 +20,12 @@
  # Alternatively, set to "1" to enable cracking.ignore support
  
  #SUPPORT_CRACKING_IGNORE=0
-@@ -53,13 +53,7 @@ FQDN=1
+@@ -53,7 +53,7 @@ FQDN=1
  # Controls the base directory for rules file location
  # This must be an absolute path
  
 -#RULEDIR="/etc/logcheck"
--
--# Controls if syslog-summary is run over each section.
--# Alternatively, set to "1" to enable extra summary.
--# HINT: syslog-summary needs to be installed.
--
--#SYSLOGSUMMARY=0
 +#RULEDIR="%%ETCDIR%%"
  
- # Controls Subject: lines on logcheck reports:
- 
+ # Controls if syslog-summary is run over each section.
+ # Alternatively, set to "1" to enable extra summary.
diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles
index 5b53b848f9ca..1f2f8f8709af 100644
--- a/security/logcheck/files/patch-etc_logcheck.logfiles
+++ b/security/logcheck/files/patch-etc_logcheck.logfiles
@@ -1,8 +1,15 @@
---- etc/logcheck.logfiles.orig	2017-01-25 21:08:04 UTC
+--- etc/logcheck.logfiles.orig	2023-02-10 21:19:27 UTC
 +++ etc/logcheck.logfiles
-@@ -1,4 +1,4 @@
- # these files will be checked by logcheck
- # This has been tuned towards a default syslog install
--/var/log/syslog
- /var/log/auth.log
-+/var/log/messages
+@@ -1,10 +1,10 @@
+ ## Logs that will be checked by logcheck
+ #
+ # This file is empty and all settings are in files (whose name must
+-# end in '.logfiles') under /etc/logcheck/logcheck.logfiles.d/
++# end in '.logfiles') under %%ETCDIR%%/logcheck.logfiles.d/
+ #
+ # It is recommended that you put local settings into
+-# /etc/logcheck.d/local.logfiles instead of editing this file
++# %%ETCDIR%%/logcheck.logfiles.d/local.logfiles instead of editing this file
+ #
+ # Each line should be:
+ # - an absolute path to a log
diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles
new file mode 100644
index 000000000000..34bf4a97f3bd
--- /dev/null
+++ b/security/logcheck/files/patch-etc_logcheck.logfiles.d_syslog.logfiles
@@ -0,0 +1,9 @@
+--- etc/logcheck.logfiles.d/syslog.logfiles.orig	2023-02-10 21:19:27 UTC
++++ etc/logcheck.logfiles.d/syslog.logfiles
+@@ -5,5 +5,5 @@
+ 
+ # (If your system does not use a syslog daemon you
+ # can comment these lines out)
+-/var/log/syslog
+ /var/log/auth.log
++/var/log/messages
diff --git a/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo b/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo
deleted file mode 100644
index c2cd0159f915..000000000000
--- a/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo
+++ /dev/null
@@ -1,7 +0,0 @@
---- rulefiles/linux/violations.d/sudo.orig	2022-12-22 23:03:11 UTC
-+++ rulefiles/linux/violations.d/sudo
-@@ -1,3 +1,3 @@
- ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
- ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: .*$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$
diff --git a/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo b/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo
deleted file mode 100644
index 0b1678bfbd30..000000000000
--- a/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo
+++ /dev/null
@@ -1,13 +0,0 @@
---- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig	2022-12-22 23:03:11 UTC
-+++ rulefiles/linux/violations.ignore.d/logcheck-sudo
-@@ -1,5 +1,5 @@
--^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [._[:alnum:]-]+ authenticated as [._[:alnum:]-]+@[.A-Z]+$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
--^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [._[:alnum:]-]+$
-+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [._[:alnum:]-]+ authenticated as [._[:alnum:]-]+@[.A-Z]+$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
-+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [._[:alnum:]-]+$
diff --git a/security/logcheck/files/patch-src_logcheck b/security/logcheck/files/patch-src_logcheck
index a63f76c7e163..cd584e1e9827 100644
--- a/security/logcheck/files/patch-src_logcheck
+++ b/security/logcheck/files/patch-src_logcheck
@@ -1,31 +1,31 @@
---- src/logcheck.orig	2017-12-21 16:33:24 UTC
+--- src/logcheck.orig	2023-02-13 01:15:18 UTC
 +++ src/logcheck
 @@ -24,16 +24,16 @@
  
- if [ `id -u` = 0 ]; then
+ if [ "$(id -u)" = 0 ]; then
      echo "logcheck should not be run as root. Use su to invoke logcheck:"
--    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
-+    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%PREFIX%%/sbin/logcheck${@:+ $@}\""
-     echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
+-    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${*:+ $*}\" logcheck"
++    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%LOCALBASE%%/sbin/logcheck${*:+ $*}\" logcheck"
+     echo "Or use sudo: sudo -u logcheck logcheck${*:+ $*}."
      # you may want to uncomment that hack to let logcheck invoke itself.
 -    # su -s /bin/bash -c "$0 $*" logcheck
 +    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
      exit 1
  fi
  
--if [ ! -f /usr/bin/lockfile-create -o \
--     ! -f /usr/bin/lockfile-remove -o \
--     ! -f /usr/bin/lockfile-touch ]; then
-+if [ ! -f %%PREFIX%%/bin/lockfile-create -o \
-+     ! -f %%PREFIX%%/bin/lockfile-remove -o \
-+     ! -f %%PREFIX%%/bin/lockfile-touch ]; then
-     echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
+-if [ ! -f /usr/bin/lockfile-create ] || \
+-   [ ! -f /usr/bin/lockfile-remove ] || \
+-   [ ! -f /usr/bin/lockfile-touch ]; then
++if [ ! -f %%LOCALBASE%%/bin/lockfile-create ] || \
++   [ ! -f %%LOCALBASE%%/bin/lockfile-remove ] || \
++   [ ! -f %%LOCALBASE%%/bin/lockfile-touch ]; then
+     echo "fatal: lockfile-progs is a prerequisite for logcheck, but was not found."
      exit 1
  fi
-@@ -69,13 +69,13 @@ EVENTSSUBJECT="System Events"
+@@ -71,13 +71,13 @@ EVENTSSUBJECT="System Events"
  ADDTAG="no"
  
- # Set the default paths
+ # Default paths
 -RULEDIR="/etc/logcheck"
 -CONFFILE="/etc/logcheck/logcheck.conf"
 -STATEDIR="/var/lib/logcheck"
@@ -40,10 +40,10 @@
 +LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
 +LOGFILE_FALLBACK="/var/log/messages"
 +LOGTAIL="%%PREFIX%%/sbin/logtail2"
- CAT="/bin/cat"
  SYSLOG_SUMMARY="/usr/bin/syslog-summary"
  
-@@ -90,7 +90,7 @@ FQDN=0
+ # Defaults for options
+@@ -92,7 +92,7 @@ FQDN=0
  SORTUNIQ=0
  SUPPORT_CRACKING_IGNORE=0
  SYSLOGSUMMARY=0
@@ -51,45 +51,47 @@
 +LOCKDIR=/var/run/logcheck
  LOCKFILE="$LOCKDIR/logcheck"
  
- # Carry out the clean up tasks
-@@ -171,7 +171,7 @@ $message
- ${TMPDIR:+Check temporary directory: $TMPDIR
+ # Allow globs to return zero files
+@@ -183,8 +183,8 @@ ${TMPDIR:+"- Check temporary directory: $TMPDIR"
  }
- Also verify that the logcheck user can read all files referenced in
--/etc/logcheck/logcheck.logfiles!
-+%%ETCDIR%%/logcheck.logfiles!
+ - verify that the logcheck user can read all
+ logfiles specified in;
+-  /etc/logcheck/logcheck.logfiles
+-  /etc/logcheck/logcheck.logfiled.d/*.logfiles
++  %%ETCDIR%%/logcheck.logfiles
++  %%ETCDIR%%/logcheck.logfiled.d/*.logfiles
+ - check the system has enough space; (df -h output follows):
+ $(df -h 2>&1|| :)
+ - check the settings (environment follows):
+@@ -237,7 +237,7 @@ cleanrules() {
+ 								error "Could not read $x"
+ 						fi
+ 				done
+-				for rulefile in $(run-parts --list "$dir"); do
++				for rulefile in $(ls -1R "$dir"); do
+ 						rulefile="$(basename "$rulefile")"
+ 						if [ -f "${dir}/${rulefile}" ]; then
+ 								debug "cleanrules: ${dir}/${rulefile} -> $cleaned/$rulefile"
+@@ -616,9 +616,9 @@ fi
  
- $(export)
- EOF
-@@ -223,7 +223,7 @@ cleanrules() {
- 			error "Couldn't read $x"
- 		fi
- 	done
--	for rulefile in $(run-parts --list "$dir"); do
-+	for rulefile in $(ls -1R "$dir"); do
- 	    rulefile="$(basename "$rulefile")"
- 	    if [ -f "${dir}/${rulefile}" ]; then
- 		debug "cleanrules: ${dir}/${rulefile}"
-@@ -538,9 +538,9 @@ fi
- 
- # Hostname either fully qualified or not.
+ # HOSTNAME is either 'fully qualified' or 'short'
  if [ "$FQDN" -eq 1 ]; then
--        HOSTNAME="$(hostname --fqdn 2>/dev/null)"
-+        HOSTNAME="$(hostname -f 2>/dev/null)"
+-		HOSTNAME="$(hostname --fqdn 2>/dev/null)"
++		HOSTNAME="$(hostname -f 2>/dev/null)"
  else
--        HOSTNAME="$(hostname --short 2>/dev/null)"
-+        HOSTNAME="$(hostname -s 2>/dev/null)"
+-		HOSTNAME="$(hostname --short 2>/dev/null)"
++		HOSTNAME="$(hostname -s 2>/dev/null)"
  fi
  
  # Now check for the other options
-@@ -645,8 +645,8 @@ else
+@@ -723,8 +723,8 @@ else
  fi
  
- # Create the secure temporary directory or exit
+ # Create a secure temporary working directory (or exit)
 -TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
--    || TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
+-		|| TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
 +TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
-+    || TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
-     || error "Could not create temporary directory"
++		|| TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
+ 		|| error "Could not create temporary directory"
  
- # Now clean the rulefiles in the directories
+ debug "Using working dir: $TMPDIR"
diff --git a/security/logcheck/files/pkg-message.in b/security/logcheck/files/pkg-message.in
index 4f59a9561302..3c8f957c2ebf 100644
--- a/security/logcheck/files/pkg-message.in
+++ b/security/logcheck/files/pkg-message.in
@@ -3,7 +3,7 @@
   message: <<EOM
 Please make sure that all files listed in
 
-  %%ETCDIR%%/logcheck.logfiles
+  %%ETCDIR%%/logcheck.logfiles.d/syslog.logfiles
 
 are readable to the '%%LOGCHECK_GROUP%%' group (see also /etc/newsyslog.conf),
 or remove them from the aforementioned logcheck configuration file.
diff --git a/security/logcheck/pkg-plist b/security/logcheck/pkg-plist
index f97d5789f52b..97bc4b5bdbf6 100644
--- a/security/logcheck/pkg-plist
+++ b/security/logcheck/pkg-plist
@@ -185,6 +185,7 @@
 %%ETCDIR%%/ignore.d.workstation/wpasupplicant
 %%ETCDIR%%/ignore.d.workstation/xdm
 %%ETCDIR%%/ignore.d.workstation/xlockmore
+%%ETCDIR%%/logcheck.logfiles
 %%ETCDIR%%/violations.d/kernel
 %%ETCDIR%%/violations.d/logcheck
 %%ETCDIR%%/violations.d/smartd
@@ -193,7 +194,7 @@
 %%ETCDIR%%/violations.ignore.d/logcheck-su
 %%ETCDIR%%/violations.ignore.d/logcheck-sudo
 @sample %%ETCDIR%%/logcheck.conf.sample
-@sample %%ETCDIR%%/logcheck.logfiles.sample
+@sample %%ETCDIR%%/logcheck.logfiles.d/syslog.logfiles.sample
 @group
 bin/logcheck-test
 man/man1/logcheck-test.1.gz



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302130704.31D74Q1g053660>