rpms/logwatch/devel logwatch-7.3-audit.patch, NONE, 1.1 logwatch-7.3-iptables.patch, NONE, 1.1 logwatch-7.3-sshd.patch, NONE, 1.1 logwatch.spec, 1.39, 1.40
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Aug 15 09:52:49 UTC 2006
- Previous message (by thread): rpms/kdebase/devel kdebase-3.5.4-kde#124116.patch, NONE, 1.1 kdebase.spec, 1.211, 1.212
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-2.0.2.ooo59127.vcl.honourcairofont.patch, NONE, 1.1 openoffice.org.spec, 1.845, 1.846 openoffice.org-2.0.2.oooXXXXX.vcl.honourcairofont.patch, 1.4, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmaslano
Update of /cvs/dist/rpms/logwatch/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1142
Modified Files:
logwatch.spec
Added Files:
logwatch-7.3-audit.patch logwatch-7.3-iptables.patch
logwatch-7.3-sshd.patch
Log Message:
Added three new patches for audit, iptables, sshd.
logwatch-7.3-audit.patch:
audit | 6 +++++-
1 files changed, 5 insertions(+), 1 deletion(-)
--- NEW FILE logwatch-7.3-audit.patch ---
--- logwatch-7.3/scripts/services/audit.old 2006-03-20 21:42:57.000000000 +0100
+++ logwatch-7.3/scripts/services/audit 2006-08-15 11:43:58.000000000 +0200
@@ -67,7 +67,11 @@
( $ThisLine =~ /SELinux: unrecognized netlink message type=[0-9]+ for sclass=[0-9]+/) or
( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): saddr=[0-9]+/) or
( $ThisLine =~ /nargs=[0-9]+ a0=[0-9a-f]+ a1=[0-9a-f]+ a2=[0-9a-f]+ a3=[0-9a-f]+ a4=[0-9a-f]+ a5=[0-9a-f]+/) or
- ( $ThisLine =~ /^audit\([0-9.]+:[0-9]+\): ( ?(path|cwd|item|name|flags)=["\/A-Za-z0-9]*)*$/)
+ ( $ThisLine =~ /^audit\([0-9.]+:[0-9]+\): ( ?(path|cwd|item|name|flags)=["\/A-Za-z0-9]*)*$/) or
+ ( $ThisLine =~ /: enforcing=[0-9]+ old_enforcing=[0-9]+ auid=[0-9]+/) or
+ ( $ThisLine =~ /: policy loaded auid=[0-9]+/) or
+ ( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z]+ msg=/) or
+ ( $ThisLine =~ /^kernel: audit\([0-9.]+:[0-9]+\): selinux=[0-9]+ auid=[0-9]+/)
) {
# Ignore these entries
} elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
logwatch-7.3-iptables.patch:
iptables | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE logwatch-7.3-iptables.patch ---
--- logwatch-7.3/scripts/services/iptables.ipt 2006-01-16 19:40:31.000000000 +0100
+++ logwatch-7.3/scripts/services/iptables 2006-08-14 18:06:02.000000000 +0200
@@ -107,8 +107,8 @@
elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine =~ /^(.*?)\s*IN=(\w*).*?OUT=(\w*).*?SRC=([\w\.:]+).*?DST=([\w\.:]+).*?PROTO=(\w+)(.*)/ )) {
# get a destination port number (or icmp type) if there is one
- if (! ( ($toport) = ( $rest =~ /DPT=(\w+)/ ) ) ) {
- if (! ( ($toport) = ( $rest =~ /TYPE=(\w+)/ ) ) ) {
+ if (! ( ($toport) = ( $rest =~ /TYPE=(\w+)/ ) ) ) {
+ if (! ( ($toport) = ( $rest =~ /DPT=(\w+)/ ) ) ) {
$toport = 0;
}
}
logwatch-7.3-sshd.patch:
sshd | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE logwatch-7.3-sshd.patch ---
--- logwatch-7.3/scripts/services/sshd.sshd 2006-03-20 21:42:57.000000000 +0100
+++ logwatch-7.3/scripts/services/sshd 2006-08-14 17:15:19.000000000 +0200
@@ -313,9 +313,9 @@
$TTYModesFail{$Reason}++;
} elsif ( my ($User,undef) = ($ThisLine =~ /^User ([^ ]*) not allowed because ([^ ]*) exists$/)) {
$LoginLock{$User}++;
- } elsif ( my ($Method,$User,$Host) = ($ThisLine =~ /^Postponed ([^ ]*) for (invalid user [^ ]*|illegal user [^ ]*|[^ ]*) from ([^ ]*) port \d+ ssh/)) {
+ } elsif ( my ($Method,$InvaUser,$IlegUser,$EmptyUser,$User,$Host) = ($ThisLine =~ /^Postponed ([^ ]*) for ((invalid user) [^ ]*|(illegal user) [^ ]*|([^ ]*)) from ([^ ]*) port \d+ ssh/)) {
$PostPonedAuth{"$User/$Method"}{$Host}++;
- $IllegalUsers{$Host}{"$User/$Method"}++;
+ if ($IlegUser =~ /illegal user/) {$IllegalUsers{$Host}{"$User/$Method"}++;}
} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because account is locked/)) {
$LockedAccount{$User}++;
} elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because not listed in AllowUsers/)) {
Index: logwatch.spec
===================================================================
RCS file: /cvs/dist/rpms/logwatch/devel/logwatch.spec,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- logwatch.spec 26 Jun 2006 08:19:02 -0000 1.39
+++ logwatch.spec 15 Aug 2006 09:52:46 -0000 1.40
@@ -1,7 +1,7 @@
Summary: A log file analysis program.
Name: logwatch
Version: 7.3
-Release: 3
+Release: 4
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
@@ -11,7 +11,9 @@
Patch4: logwatch-7.3-samba.patch
Patch5: logwatch-7.3-temp_dir.patch
Patch6: logwatch-7.3-secure.patch
-
+Patch7: logwatch-7.3-audit.patch
+Patch8: logwatch-7.3-sshd.patch
+Patch9: logwatch-7.3-iptables.patch
Requires: textutils sh-utils grep mailx
BuildRoot: %{_tmppath}/logwatch-build
@@ -30,7 +32,9 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
-
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
%install
@@ -132,6 +136,9 @@
%doc License project/CHANGES project/TODO
%changelog
+* Mon Aug 14 2006 Marcela Maslanova <mmaslano at redhat.com> 7.3-4
+- added another audit patch for SElinux (#200116)
+
* Fri Jun 23 2006 Ivana Varekova <varekova at redhat.com> 7.3-3
- added secure-service patch
- Previous message (by thread): rpms/kdebase/devel kdebase-3.5.4-kde#124116.patch, NONE, 1.1 kdebase.spec, 1.211, 1.212
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-2.0.2.ooo59127.vcl.honourcairofont.patch, NONE, 1.1 openoffice.org.spec, 1.845, 1.846 openoffice.org-2.0.2.oooXXXXX.vcl.honourcairofont.patch, 1.4, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list