rpms/logwatch/devel logwatch-7.3.6-audit2.patch, NONE, 1.1 logwatch-7.3.6-openvpn2.patch, NONE, 1.1 logwatch-7.3.6-cron2.patch, 1.1, 1.2 logwatch.spec, 1.89, 1.90

Ivana Varekova (varekova) fedora-extras-commits at redhat.com
Fri Apr 4 11:32:32 UTC 2008 

Author: varekova

Update of /cvs/pkgs/rpms/logwatch/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16391

Modified Files:
	logwatch-7.3.6-cron2.patch logwatch.spec 
Added Files:
	logwatch-7.3.6-audit2.patch logwatch-7.3.6-openvpn2.patch 
Log Message:
- Resolves: #440534 
  Some unmatched OpenVPN log lines
- add parsing of new logw to audit and cron service


logwatch-7.3.6-audit2.patch:

--- NEW FILE logwatch-7.3.6-audit2.patch ---
diff -up logwatch-7.3.6/scripts/services/audit.pom logwatch-7.3.6/scripts/services/audit
--- logwatch-7.3.6/scripts/services/audit.pom	2008-03-05 11:18:41.000000000 +0100
+++ logwatch-7.3.6/scripts/services/audit	2008-04-04 11:05:07.000000000 +0200
@@ -115,6 +115,8 @@ while ($ThisLine = <STDIN>) {
 	    $grants{$2.' '.$3.' ('.$1.$4 . ')'}++;
 	} elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) {
 	    $InvalidContext{$4." running as ".$2." acting on ".$3." \nshould transit to invalid ".$1}++;
+        } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) {
+                    $InvalidContext{"context: ".$1}++;
 	} else { 
             $othercount++;
             $ThisLine =~ s/^\s*//;
@@ -129,6 +131,8 @@ while ($ThisLine = <STDIN>) {
 	    $grants{$1.' '.$2.' ('.$3 . ')'}++;
 	} elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) {
 	    $InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
+        } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) {
+            $InvalidContext{"context: ".$1}++;                    
 	} else {
             $othercount++;
             $ThisLine =~ s/^\s*//;
@@ -143,6 +147,8 @@ while ($ThisLine = <STDIN>) {
 	    $grants{$1.' '.$2.' ('.$3 . ')'}++;
 	} elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) {
    	    $InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;  
+   	} elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { 
+   	    $InvalidContext{"context: ".$1}++;
 	} else {
             $othercount++;
             $ThisLine =~ s/^\s*//;

logwatch-7.3.6-openvpn2.patch:

--- NEW FILE logwatch-7.3.6-openvpn2.patch ---
diff -up logwatch-7.3.6/scripts/services/openvpn.pom logwatch-7.3.6/scripts/services/openvpn
--- logwatch-7.3.6/scripts/services/openvpn.pom	2008-04-04 12:35:34.000000000 +0200
+++ logwatch-7.3.6/scripts/services/openvpn	2008-04-04 13:22:18.000000000 +0200
@@ -51,7 +51,7 @@ while (defined($ThisLine = <STDIN>)) {
       ($ThisLine =~ /^MULTI: multi_create_instance called/) or
       ($ThisLine =~ /^MULTI: primary virtual IP for/) or
       ($ThisLine =~ /^MULTI: TCP INIT maxclients=\d+ maxevents=\d+/) or
-      ($ThisLine =~ /^MULTI: bad source address from client .*, packet dropped/) or
+      ($ThisLine =~ /MULTI: bad source address from client .*, packet dropped/) or
       ($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or
       ($ThisLine =~ /^NOTE: UID\/GID downgrade will be delayed because of --client, --pull, or --up-delay/) or
       ($ThisLine =~ /^OPTIONS IMPORT/) or
@@ -108,6 +108,9 @@ while (defined($ThisLine = <STDIN>)) {
       $ConnErrors{$error}{"$proto"}++;
    } elsif (($name) = ($ThisLine =~ /MULTI: new connection by client '(.*)' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect./)) {
       $ConnectCauseDrop{$name}++;
+   } elsif ((($Err) = ($ThisLine =~ /(read UDPv4 \[ECONNREFUSED\]: Connection refused \(code=111\))/)) or
+	    (($Err) = ($ThisLine =~ /(read UDPv4 \[EHOSTUNREACH\]: No route to host \(code=113\))/))) {
+      $Error{$Err}++;
   } else {
       # Report any unmatched entries...
       # remove PID from named messages
@@ -199,6 +202,14 @@ if (keys %ConnectCauseDrop) {
    }
 }
 
+if (keys %Error) {
+   print "\n UDPv4 errors:\n";
+   foreach $Err (sort keys %Error) {
+     print "   " . $Err . ": " .$Error{$Err}. " Time(s)\n";
+   }
+}
+
+
 if (keys %OtherList) {
    print "\n**Unmatched Entries**\n";
    foreach $line (sort {$a cmp $b} keys %OtherList) {

logwatch-7.3.6-cron2.patch:

Index: logwatch-7.3.6-cron2.patch
===================================================================
RCS file: /cvs/pkgs/rpms/logwatch/devel/logwatch-7.3.6-cron2.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- logwatch-7.3.6-cron2.patch	9 Aug 2007 14:00:33 -0000	1.1
+++ logwatch-7.3.6-cron2.patch	4 Apr 2008 11:32:09 -0000	1.2
@@ -5,7 +5,7 @@
        )  ) {
        $INCRONDErr{$Error}++;
 +   } elsif ( ($ThisLine =~ /crond/) &&
-+	(($Error) = ($ThisLine =~ /(failed to open PAM security session: Permission denied)/)) 
++	(($Error) = ($ThisLine =~ /(failed to open PAM security session: (Permission denied|Module is unknown))/)) 
 +	) {
 +      $CRONDErr{$Error}++;
     } else {


Index: logwatch.spec
===================================================================
RCS file: /cvs/pkgs/rpms/logwatch/devel/logwatch.spec,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- logwatch.spec	5 Mar 2008 10:27:07 -0000	1.89
+++ logwatch.spec	4 Apr 2008 11:32:09 -0000	1.90
@@ -1,7 +1,7 @@
 Summary: A log file analysis program
 Name: logwatch
 Version: 7.3.6
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: MIT
 Group: Applications/System
 URL: http://www.logwatch.org/
@@ -37,6 +37,8 @@
 Patch32: logwatch-7.3.6-postfix.patch
 Patch33: logwatch-7.3.6-cron4.patch
 Patch34: logwatch-7.3.6-dovecot_back.patch
+Patch35: logwatch-7.3.6-audit2.patch
+Patch36: logwatch-7.3.6-openvpn2.patch
 
 Requires: textutils sh-utils grep mailx
 Requires: perl(Date::Manip)
@@ -82,6 +84,8 @@
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
+%patch35 -p1
+%patch36 -p1
 rm -f scripts/services/*.orig
 
 %build
@@ -195,8 +199,13 @@
 %doc License project/CHANGES 
 
 %changelog
+* Fri Apr  4 2008 Ivana Varekova <varekova at redhat.com> 7.3.6-21
+- Resolves: #440534 
+  Some unmatched OpenVPN log lines
+- add parsing of new logw to audit and cron service
+
 * Wed Mar  5 2008 Ivana Varekova <varekova at redhat.com> 7.3.6-20
-- resolves 436058
+- Resolves: #436058
   dovecot script for logwatch needs fix for IPv6
 
 * Thu Feb 14 2008 Ivana Varekova <varekova at redhat.com> 7.3.6-19

More information about the fedora-extras-commits mailing list