6e60a56931
- Added handling for crontab installation problems - Incorported security fixes from PR opened after previous commit - Added UPDATING entry since configuration options have changed fairly significantly PR: ports/122842 Submitted by: Cezary Morga <cm@therek.net> PR: ports/127255 Submitted by: Yasuhiro KIMURA <yasu at utahime dot org> Reviewed by: glarkin Approved by: beech (mentor, implicit) Approved by: portmgr (marcus) Security: Incorrect addition of logcheck user to wheel group
150 lines
4.5 KiB
Text
150 lines
4.5 KiB
Text
--- ./src/logcheck.orig 2007-01-16 01:13:27.000000000 -0500
|
|
+++ ./src/logcheck 2008-09-09 18:10:02.000000000 -0400
|
|
@@ -1,4 +1,4 @@
|
|
-#!/bin/bash
|
|
+#!/usr/local/bin/bash
|
|
#
|
|
# Copyright (C) 2004-2006 Debian Logcheck Team
|
|
# <logcheck-devel@alioth.lists.debian.org>
|
|
@@ -26,17 +26,10 @@
|
|
|
|
if [ $UID == 0 ]; then
|
|
echo "logcheck should not be run as root. Use su to invoke logcheck:"
|
|
- echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck"
|
|
+ echo "su -m logcheck -c \"/usr/local/bin/bash /usr/local/sbin/logcheck${@:+ $@}\""
|
|
echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}."
|
|
# you may want to uncomment that hack to let logcheck invoke itself.
|
|
- # su -s /bin/bash -c "$0 $*" logcheck
|
|
- exit 1
|
|
-fi
|
|
-
|
|
-if [ ! -f /usr/bin/lockfile-create -o \
|
|
- ! -f /usr/bin/lockfile-remove -o \
|
|
- ! -f /usr/bin/lockfile-touch ]; then
|
|
- echo "fatal: lockfile-progs is a prerequisite for logcheck, and was not found."
|
|
+ # su -s /usr/local/bin/bash -c "$0 $*" logcheck
|
|
exit 1
|
|
fi
|
|
|
|
@@ -68,12 +61,12 @@
|
|
ADDTAG="no"
|
|
|
|
# Set the default paths
|
|
-RULEDIR="/etc/logcheck"
|
|
-CONFFILE="/etc/logcheck/logcheck.conf"
|
|
-STATEDIR="/var/lib/logcheck"
|
|
-LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
|
|
-LOGFILE_FALLBACK="/var/log/syslog"
|
|
-LOGTAIL="/usr/sbin/logtail"
|
|
+RULEDIR="/usr/local/etc/logcheck"
|
|
+CONFFILE="/usr/local/etc/logcheck/logcheck.conf"
|
|
+STATEDIR="/var/db/logcheck"
|
|
+LOGFILES_LIST="/usr/local/etc/logcheck/logcheck.logfiles"
|
|
+LOGFILE_FALLBACK="/var/log/messages"
|
|
+LOGTAIL="/usr/local/sbin/logtail"
|
|
CAT="/bin/cat"
|
|
SYSLOG_SUMMARY="/usr/bin/syslog-summary"
|
|
|
|
@@ -87,26 +80,21 @@
|
|
SORTUNIQ=0
|
|
SUPPORT_CRACKING_IGNORE=0
|
|
SYSLOGSUMMARY=0
|
|
-LOCKDIR=/var/lock/logcheck
|
|
+LOCKDIR=/var/run/logcheck
|
|
LOCKFILE="$LOCKDIR/logcheck"
|
|
|
|
# Carry out the clean up tasks
|
|
cleanup() {
|
|
|
|
- if [ -n "$LOCK" ]; then
|
|
- debug "cleanup: Killing lockfile-touch - $LOCK"
|
|
- kill $LOCK && unset LOCK
|
|
- fi
|
|
-
|
|
- if [ -f "$LOCKFILE.lock" ]; then
|
|
- debug "cleanup: Removing lockfile: $LOCKFILE.lock"
|
|
- lockfile-remove $LOCKFILE
|
|
+ if [ -f "$LOCKFILE" ]; then
|
|
+ debug "cleanup: Removing lockfile: $LOCKFILE"
|
|
+ rm -f $LOCKFILE
|
|
fi
|
|
|
|
if [ -d $TMPDIR ]; then
|
|
# Remove the tmp directory
|
|
if [ $NOCLEANUP -eq 0 ];then
|
|
- cd /var/lib/logcheck
|
|
+ cd /var/db/logcheck
|
|
debug "cleanup: Removing - $TMPDIR"
|
|
rm -r $TMPDIR
|
|
else
|
|
@@ -142,14 +130,9 @@
|
|
if [ "$2" = "noclean" ]; then
|
|
debug "error: Not removing lockfile"
|
|
else
|
|
- if [ -n "$LOCK" ]; then
|
|
- debug "error: Killing lockfile-touch - $LOCK"
|
|
- kill $LOCK && unset LOCK
|
|
- fi
|
|
-
|
|
- if [ -f "$LOCKFILE.lock" ]; then
|
|
- debug "error: Removing lockfile: $LOCKFILE.lock"
|
|
- lockfile-remove $LOCKFILE
|
|
+ if [ -f "$LOCKFILE" ]; then
|
|
+ debug "error: Removing lockfile: $LOCKFILE"
|
|
+ rm -f $LOCKFILE
|
|
fi
|
|
|
|
fi
|
|
@@ -212,8 +195,7 @@
|
|
mkdir $cleaned \
|
|
|| error "Could not make dir $cleaned for cleaned rulefiles."
|
|
fi
|
|
- for rulefile in $(run-parts --list $dir); do
|
|
- rulefile=$(basename $rulefile)
|
|
+ for rulefile in $(ls -1R $dir); do
|
|
if [ -f ${dir}/${rulefile} ]; then
|
|
debug "cleanrules: ${dir}/${rulefile}"
|
|
if [ -r ${dir}/${rulefile} ]; then
|
|
@@ -544,9 +526,9 @@
|
|
|
|
# Hostname either fully qualified or not.
|
|
if [ $FQDN -eq 1 ]; then
|
|
- HOSTNAME="$(hostname --fqdn)" > /dev/null 2>&1
|
|
+ HOSTNAME="$(hostname -f)" > /dev/null 2>&1
|
|
else
|
|
- HOSTNAME="$(hostname --short)" > /dev/null 2>&1
|
|
+ HOSTNAME="$(hostname -s)" > /dev/null 2>&1
|
|
fi
|
|
|
|
# Now check for the other options
|
|
@@ -625,25 +607,21 @@
|
|
|
|
trap 'cleanup' 0
|
|
|
|
-debug "Trying to get lockfile: $LOCKFILE.lock"
|
|
+debug "Trying to get lockfile: $LOCKFILE"
|
|
if [ ! -d $LOCKDIR ]; then
|
|
mkdir -m 0755 $LOCKDIR
|
|
fi
|
|
-lockfile-create --retry 1 $LOCKFILE > /dev/null 2>&1
|
|
+lockfile -r 1 $LOCKFILE > /dev/null 2>&1
|
|
|
|
|
|
if [ $? -eq 1 ]; then
|
|
trap 0
|
|
- error "Failed to get lockfile: $LOCKFILE.lock" "noclean"
|
|
-else
|
|
- debug "Running lockfile-touch $LOCKFILE.lock"
|
|
- lockfile-touch $LOCKFILE &
|
|
- LOCK="$!"
|
|
+ error "Failed to get lockfile: $LOCKFILE" "noclean"
|
|
fi
|
|
|
|
# Create the secure temporary directory or exit
|
|
-TMPDIR=$(mktemp -d -p /tmp logcheck.XXXXXX) \
|
|
- || TMPDIR=$(mktemp -d -p /var/tmp logcheck.XXXXXX) \
|
|
+TMPDIR=$(mktemp -d /tmp/logcheck.XXXXXX) \
|
|
+ || TMPDIR=$(mktemp -d /var/tmp/logcheck.XXXXXX) \
|
|
|| error "Could not create temporary directory"
|
|
|
|
# Now clean the rulefiles in the directories
|