From owner-svn-ports-head@freebsd.org Sun Feb 7 20:05:28 2021 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 35EF5535FDF; Sun, 7 Feb 2021 20:05:28 +0000 (UTC) (envelope-from nc@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DYgBH6lDWz3K7G; Sun, 7 Feb 2021 20:05:27 +0000 (UTC) (envelope-from nc@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C79DA20DE; Sun, 7 Feb 2021 20:05:27 +0000 (UTC) (envelope-from nc@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 117K5RVv001371; Sun, 7 Feb 2021 20:05:27 GMT (envelope-from nc@FreeBSD.org) Received: (from nc@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 117K5QQg001363; Sun, 7 Feb 2021 20:05:26 GMT (envelope-from nc@FreeBSD.org) Message-Id: <202102072005.117K5QQg001363@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: nc set sender to nc@FreeBSD.org using -f From: Neel Chauhan Date: Sun, 7 Feb 2021 20:05:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r564643 - in head/security/logcheck: . files X-SVN-Group: ports-head X-SVN-Commit-Author: nc X-SVN-Commit-Paths: in head/security/logcheck: . files X-SVN-Commit-Revision: 564643 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2021 20:05:28 -0000 Author: nc Date: Sun Feb 7 20:05:26 2021 New Revision: 564643 URL: https://svnweb.freebsd.org/changeset/ports/564643 Log: security/logcheck: Update to 1.3.22 Also, unconditionally enable the CRON option by default. Changes: https://salsa.debian.org/debian/logcheck/-/blob/debian/1.3.22/debian/changelog PR: 253223 Submitted by: Yasuhiro Kimura (maintainer) Modified: head/security/logcheck/Makefile head/security/logcheck/distinfo head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo head/security/logcheck/pkg-plist Modified: head/security/logcheck/Makefile ============================================================================== --- head/security/logcheck/Makefile Sun Feb 7 19:57:45 2021 (r564642) +++ head/security/logcheck/Makefile Sun Feb 7 20:05:26 2021 (r564643) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= logcheck -PORTVERSION= 1.3.20 -PORTREVISION= 1 +PORTVERSION= 1.3.22 CATEGORIES= security MASTER_SITES= DEBIAN_POOL DISTNAME= ${PORTNAME}_${PORTVERSION} @@ -33,9 +32,7 @@ RUNDIR= ${BASEDIR}/var/run/${PORTNAME} OPTIONS_DEFINE= CRON DOCS EXAMPLES CRON_DESC= Install cron script automatically -.if !defined(BATCH) OPTIONS_DEFAULT=CRON -.endif WRKSRC= ${WRKDIR}/${PORTNAME} BINMODE= 755 Modified: head/security/logcheck/distinfo ============================================================================== --- head/security/logcheck/distinfo Sun Feb 7 19:57:45 2021 (r564642) +++ head/security/logcheck/distinfo Sun Feb 7 20:05:26 2021 (r564643) @@ -1,3 +1,3 @@ -TIMESTAMP = 1551524817 -SHA256 (logcheck_1.3.20.tar.xz) = 9fb6d02b933470d0b1d1efb54ea186e0d0d27336f9d146be592f65ce60dfb3e6 -SIZE (logcheck_1.3.20.tar.xz) = 132004 +TIMESTAMP = 1612336082 +SHA256 (logcheck_1.3.22.tar.xz) = 7bb5de44d945b1ec6556c90ad8e9cb4e6355fc44b6c5653effe00495ec55e84e +SIZE (logcheck_1.3.22.tar.xz) = 133456 Modified: head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh ============================================================================== --- head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh Sun Feb 7 19:57:45 2021 (r564642) +++ head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh Sun Feb 7 20:05:26 2021 (r564643) @@ -1,22 +1,11 @@ ---- rulefiles/linux/ignore.d.server/ssh.orig 2019-03-01 22:27:31 UTC +--- rulefiles/linux/ignore.d.server/ssh.orig 2021-01-28 19:50:10 UTC +++ rulefiles/linux/ignore.d.server/ssh @@ -14,7 +14,7 @@ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]{1,5}( (ssh|ssh2)( \[preauth\])?)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]+:)11: (disconnected by user|Closed due to user request\.)$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]{1,5}:)11: (disconnected by user|Closed due to user request\.|Bye Bye \[preauth\])$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,255} \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+$ -@@ -27,8 +27,8 @@ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$ --^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ --^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ -+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: authentication error for( illegal user)? [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ -+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: unknown user for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: ssh_msg_send: write$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Timeout before authentication for [:[:alnum:].]+$ - ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: (Connection (timed out|reset by peer)|Broken pipe)$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from( (invalid|authenticating))?( user [^[:space:]]+)? [:[:xdigit:].]+ port [[:digit:]]{1,5}( \[preauth\])?$ Modified: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo ============================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo Sun Feb 7 19:57:45 2021 (r564642) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo Sun Feb 7 20:05:26 2021 (r564643) @@ -1,11 +1,11 @@ ---- rulefiles/linux/ignore.d.server/sudo.orig 2018-05-30 21:59:13 UTC +--- rulefiles/linux/ignore.d.server/sudo.orig 2021-01-30 08:46:14 UTC +++ rulefiles/linux/ignore.d.server/sudo @@ -1,4 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ --^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+(\(uid=[[:digit:]]+\))? by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ -+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+(\(uid=[[:digit:]]+\))? by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ Modified: head/security/logcheck/pkg-plist ============================================================================== --- head/security/logcheck/pkg-plist Sun Feb 7 19:57:45 2021 (r564642) +++ head/security/logcheck/pkg-plist Sun Feb 7 20:05:26 2021 (r564643) @@ -135,6 +135,7 @@ %%ETCDIR%%/ignore.d.server/sympa %%ETCDIR%%/ignore.d.server/syslogd %%ETCDIR%%/ignore.d.server/systemd +%%ETCDIR%%/ignore.d.server/systemd-logind %%ETCDIR%%/ignore.d.server/systemd-timesyncd %%ETCDIR%%/ignore.d.server/teapop %%ETCDIR%%/ignore.d.server/telnetd