+++ /dev/null
-diff -urN logcheck-1.1.1/Makefile logcheck-1.1.1.patched/Makefile
---- logcheck-1.1.1/Makefile Sun Oct 31 16:07:29 1999
-+++ logcheck-1.1.1.patched/Makefile Wed Jan 15 11:10:02 2003
-@@ -4,6 +4,8 @@
- # Send problems/code hacks to crowland@psionic.com or crowland@vni.net
- # Thanks to rbulling@obscure.org for cleaning this Makefile up..
- #
-+# Modified for rpm package building.
-+#
-
- # Generic compiler
- CC = cc
-@@ -19,15 +21,15 @@
- # the new paths!!
-
- # This is where keyword files go.
--INSTALLDIR = /usr/local/etc
-+INSTALLDIR = ${RPM_BUILD_ROOT}/etc/logcheck
-
- # This is where logtail will go
--INSTALLDIR_BIN = /usr/local/bin
-+INSTALLDIR_BIN = ${RPM_BUILD_ROOT}/usr/sbin
-
- # Some people want the logcheck.sh in /usr/local/bin. Uncomment this
- # if you want this. /usr/local/etc was kept for compatibility reasons.
--#INSTALLDIR_SH = /usr/local/bin
--INSTALLDIR_SH = /usr/local/etc
-+INSTALLDIR_SH = ${RPM_BUILD_ROOT}/usr/sbin
-+#INSTALLDIR_SH = /usr/local/etc
-
- # The scratch directory for logcheck files.
- TMPDIR = /usr/local/etc/tmp
-@@ -63,19 +65,21 @@
- install:
- @echo "Making $(SYSTYPE)"
- $(CC) $(CFLAGS) -o ./src/logtail ./src/logtail.c
-- @echo "Creating temp directory $(TMPDIR)"
-- @if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fi
-- @echo "Setting temp directory permissions"
-- chmod 700 $(TMPDIR)
-+ # These are no longer necessary because it handled by logcheck
-+ # itself.
-+ #@echo "Creating temp directory $(TMPDIR)"
-+ #@if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fi
-+ #@echo "Setting temp directory permissions"
-+ #chmod 700 $(TMPDIR)
- @echo "Copying files"
- cp ./systems/$(SYSTYPE)/logcheck.hacking $(INSTALLDIR)
- cp ./systems/$(SYSTYPE)/logcheck.violations $(INSTALLDIR)
- cp ./systems/$(SYSTYPE)/logcheck.violations.ignore $(INSTALLDIR)
- cp ./systems/$(SYSTYPE)/logcheck.ignore $(INSTALLDIR)
-- cp ./systems/$(SYSTYPE)/logcheck.sh $(INSTALLDIR_SH)
-+ cp ./systems/$(SYSTYPE)/logcheck.sh $(INSTALLDIR_SH)/logcheck
- cp ./src/logtail $(INSTALLDIR_BIN)
- @echo "Setting permissions"
-- chmod 700 $(INSTALLDIR_SH)/logcheck.sh
-+ chmod 700 $(INSTALLDIR_SH)/logcheck
- chmod 700 $(INSTALLDIR_BIN)/logtail
- chmod 600 $(INSTALLDIR)/logcheck.violations.ignore
- chmod 600 $(INSTALLDIR)/logcheck.violations
-diff -urN logcheck-1.1.1/systems/linux/logcheck.ignore logcheck-1.1.1.patched/systems/linux/logcheck.ignore
---- logcheck-1.1.1/systems/linux/logcheck.ignore Sun Oct 31 16:07:29 1999
-+++ logcheck-1.1.1.patched/systems/linux/logcheck.ignore Wed Jan 15 11:10:02 2003
-@@ -1,3 +1,5 @@
-+PAM_pwdb.*session opened
-+PAM_pwdb.*session closed
- authsrv.*AUTHENTICATE
- cron.*CMD
- cron.*RELOAD
-@@ -8,8 +10,14 @@
- ftpd.*FTP LOGIN FROM
- ftpd.*retrieved
- ftpd.*stored
-+ftpd.*FTP session closed
-+ftpd.*timed out
-+ftpd.*connect from
- http-gw.*: exit host
- http-gw.*: permit host
-+identd.*Successful lookup
-+identd.*from:
-+login.*: LOGIN ON
- mail.local
- named.*Lame delegation
- named.*Response from
-@@ -17,11 +25,16 @@
- named.*points to a CNAME
- named.*reloading
- named.*starting
-+named.*NSTATS
-+named.*XSTATS
- netacl.*: exit host
- netacl.*: permit host
- popper.*Unable
- popper: -ERR POP server at
- popper: -ERR Unknown command: "uidl".
-+pop3d.*connect from
-+pop3d.* Login
-+pop3d.* Logout
- qmail.*new msg
- qmail.*info msg
- qmail.*starting delivery
-diff -urN logcheck-1.1.1/systems/linux/logcheck.sh logcheck-1.1.1.patched/systems/linux/logcheck.sh
---- logcheck-1.1.1/systems/linux/logcheck.sh Sun Oct 31 16:07:29 1999
-+++ logcheck-1.1.1.patched/systems/linux/logcheck.sh Wed Jan 15 11:12:22 2003
-@@ -27,11 +27,13 @@
- # 5/14/97 -- Added Digital OSF/1 logging support. Big thanks
- # to Jay Vassos-Libove <libove@compgen.com> for
- # his changes.
-+# 7/12/98 -- Modified to build rpm package under RedHat Linux
-+# 5.1 (Manhattan)
-
-
- # CONFIGURATION SECTION
-
--PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin
-+PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
-
- # Logcheck is pre-configured to work on most BSD like systems, however it
- # is a rather dumb program and may need some help to work on other
-@@ -44,7 +46,9 @@
- # Full path to logtail program.
- # This program is required to run this script and comes with the package.
-
--LOGTAIL=/usr/local/bin/logtail
-+#LOGTAIL=/usr/local/bin/logtail
-+
-+LOGTAIL=/usr/sbin/logtail
-
- # Full path to SECURED (non public writable) /tmp directory.
- # Prevents Race condition and potential symlink problems. I highly
-@@ -52,7 +56,12 @@
- # You would also be well advised to make sure all your system/cron scripts
- # use this directory for their "scratch" area.
-
--TMPDIR=/usr/local/etc/tmp
-+#TMPDIR=/usr/local/etc/tmp
-+
-+# This will create an own, non publically writeable/readable directory
-+# in /tmp for every run of logcheck.
-+
-+TMPDIR=/tmp/logcheck$$-$RANDOM
-
- # The 'grep' command. This command MUST support the
- # '-i' '-v' and '-f' flags!! The GNU grep does this by default (that's
-@@ -89,7 +98,9 @@
- # look for generic ISS probes (who the hell else looks for
- # "WIZ" besides ISS?), and obvious sendmail attacks/probes.
-
--HACKING_FILE=/usr/local/etc/logcheck.hacking
-+#HACKING_FILE=/usr/local/etc/logcheck.hacking
-+
-+HACKING_FILE=/etc/logcheck/logcheck.hacking
-
- # File of security violation patterns to specifically look for.
- # This file should contain keywords of information administrators should
-@@ -98,7 +109,9 @@
- # some items, but these will be caught by the next check. Move suspicious
- # items into this file to have them reported regularly.
-
--VIOLATIONS_FILE=/usr/local/etc/logcheck.violations
-+#VIOLATIONS_FILE=/usr/local/etc/logcheck.violations
-+
-+VIOLATIONS_FILE=/etc/logcheck/logcheck.violations
-
- # File that contains more complete sentences that have keywords from
- # the violations file. These keywords are normal and are not cause for
-@@ -115,14 +128,18 @@
- #
- # Again, be careful what you put in here and DO NOT LEAVE IT EMPTY!
-
--VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore
-+#VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore
-+
-+VIOLATIONS_IGNORE_FILE=/etc/logcheck/logcheck.violations.ignore
-
- # This is the name of a file that contains patterns that we should
- # ignore if found in a log file. If you have repeated false alarms
- # or want specific errors ignored, you should put them in here.
- # Once again, be as specific as possible, and go easy on the wildcards
-
--IGNORE_FILE=/usr/local/etc/logcheck.ignore
-+#IGNORE_FILE=/usr/local/etc/logcheck.ignore
-+
-+IGNORE_FILE=/etc/logcheck/logcheck.ignore
-
- # The files are reported in the order of hacking, security
- # violations, and unusual system events. Notice that this
-@@ -146,6 +163,8 @@
-
- umask 077
- rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$
-+rm -rf $TMPDIR
-+mkdir $TMPDIR
- if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f $TMPDIR/checkreport.$$ ]; then
- echo "Log files exist in $TMPDIR directory that cannot be removed. This
- may be an attempt to spoof the log checker." \
-@@ -165,8 +184,9 @@
- # Generic and Linux Slackware 3.x
- #$LOGTAIL /var/log/messages > $TMPDIR/check.$$
-
--# Linux Red Hat Version 3.x, 4.x
-+# Linux PLD
- $LOGTAIL /var/log/messages > $TMPDIR/check.$$
-+$LOGTAIL /var/log/syslog >> $TMPDIR/check.$$
- $LOGTAIL /var/log/secure >> $TMPDIR/check.$$
- $LOGTAIL /var/log/maillog >> $TMPDIR/check.$$
-
-@@ -220,6 +240,7 @@
-
- if [ ! -s $TMPDIR/check.$$ ]; then
- rm -f $TMPDIR/check.$$
-+ rm -rf $TMPDIR
- exit 0
- fi
-
-@@ -255,7 +276,7 @@
- echo >> $TMPDIR/checkreport.$$
- echo "Unusual System Events" >> $TMPDIR/checkreport.$$
- echo "=-=-=-=-=-=-=-=-=-=-=" >> $TMPDIR/checkreport.$$
-- cat $TMPDIR/checkoutput.$$ >> $TMPDIR/checkreport.$$
-+ cat $TMPDIR/checkoutput.$$ | sort -u >> $TMPDIR/checkreport.$$
- FOUND=1
- fi
- fi
-@@ -270,3 +291,4 @@
-
- # Clean Up
- rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$
-+rm -rf $TMPDIR
projects / packages / logcheck.git / commitdiff