Site Navigation

Date:      Sat, 27 Oct 2018 00:59:51 +0000 (UTC)
From:      Steve Wills <swills@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r483081 - in head/security/logcheck: . files
Message-ID:  <201810270059.w9R0xpKB013838@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: swills
Date: Sat Oct 27 00:59:51 2018
New Revision: 483081
URL: https://svnweb.freebsd.org/changeset/ports/483081

Log:
  security/logcheck: Add patch for log format change of sudo(1)
  
  PR:		232596
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org> (maintainer)

Added:
  head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo   (contents, props changed)
  head/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo   (contents, props changed)
  head/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo   (contents, props changed)
Modified:
  head/security/logcheck/Makefile   (contents, props changed)

Modified: head/security/logcheck/Makefile
==============================================================================
--- head/security/logcheck/Makefile	Sat Oct 27 00:56:29 2018	(r483080)
+++ head/security/logcheck/Makefile	Sat Oct 27 00:59:51 2018	(r483081)
@@ -3,6 +3,7 @@
 
 PORTNAME=	logcheck
 PORTVERSION=	1.3.19
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	DEBIAN_POOL
 DISTNAME=	${PORTNAME}_${PORTVERSION}
@@ -18,6 +19,9 @@ RUN_DEPENDS=	mime-construct:mail/mime-construct \
 		lockfile-create:sysutils/lockfile-progs \
 		bash:shells/bash
 
+# Enable Perl dependency for logtail script
+USES=		perl5 shebangfix tar:xz
+
 LOGCHECK_USER=	logcheck
 LOGCHECK_GROUP=	${LOGCHECK_USER}
 USERS=		${LOGCHECK_USER}
@@ -32,9 +36,6 @@ CRON_DESC=	Install cron script automatically
 .if !defined(BATCH)
 OPTIONS_DEFAULT=CRON
 .endif
-
-# Enable Perl dependency for logtail script
-USES=		perl5 shebangfix tar:xz
 
 WRKSRC=		${WRKDIR}/${DISTNAME:S!_!-!}
 BINMODE=	755

Added: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_sudo	Sat Oct 27 00:59:51 2018	(r483081)
@@ -0,0 +1,11 @@
+--- rulefiles/linux/ignore.d.server/sudo.orig	2018-05-30 21:59:13 UTC
++++ rulefiles/linux/ignore.d.server/sudo
+@@ -1,4 +1,4 @@
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$

Added: head/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/logcheck/files/patch-rulefiles_linux_violations.d_sudo	Sat Oct 27 00:59:51 2018	(r483081)
@@ -0,0 +1,7 @@
+--- rulefiles/linux/violations.d/sudo.orig	2018-05-30 21:59:13 UTC
++++ rulefiles/linux/violations.d/sudo
+@@ -1,3 +1,3 @@
+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$

Added: head/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/logcheck/files/patch-rulefiles_linux_violations.ignore.d_logcheck-sudo	Sat Oct 27 00:59:51 2018	(r483081)
@@ -0,0 +1,13 @@
+--- rulefiles/linux/violations.ignore.d/logcheck-sudo.orig	2018-05-30 21:59:13 UTC
++++ rulefiles/linux/violations.ignore.d/logcheck-sudo
+@@ -1,5 +1,5 @@
+-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo(\[[[:digit:]]+\])?: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810270059.w9R0xpKB013838>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact