--- logwatch-7.3.6.orig/debian/docs +++ logwatch-7.3.6/debian/docs @@ -0,0 +1,2 @@ +README +HOWTO-Customize-LogWatch --- logwatch-7.3.6.orig/debian/logwatch.00logwatch.cron.daily +++ logwatch-7.3.6/debian/logwatch.00logwatch.cron.daily @@ -0,0 +1,7 @@ +#!/bin/bash + +#Check if removed-but-not-purged +test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0 + +#execute +/usr/sbin/logwatch --mailto --- logwatch-7.3.6.orig/debian/rules +++ logwatch-7.3.6/debian/rules @@ -0,0 +1,109 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +export DESTDIR=$(CURDIR)/debian/logwatch + +SHELL=/bin/bash +LOGDIR=$(DESTDIR)/etc/logwatch +SHAREDIR=$(DESTDIR)/usr/share/logwatch + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + #Nothing to do + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + # Nothing to do + + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/logwatch. + mkdir -p $(LOGDIR) + mkdir -p $(LOGDIR)/conf + mkdir -p $(LOGDIR)/conf/logfiles + mkdir -p $(LOGDIR)/conf/services + mkdir -p $(LOGDIR)/scripts + mkdir -p $(LOGDIR)/scripts/services + + # Remove "update" files + # find $(LOGDIR) -name "*.orig" -or -name "*.rej" -exec rm -f {} \; + + mkdir -p $(SHAREDIR) + cp -a scripts/ $(SHAREDIR) + chmod -R 0755 $(SHAREDIR)/scripts + cp -a lib/ $(SHAREDIR) + + mkdir -p $(SHAREDIR)/default.conf + cp -a conf/* $(SHAREDIR)/default.conf + + mkdir -p $(SHAREDIR)/dist.conf + cp -a debian/dist.conf/* $(SHAREDIR)/dist.conf + + # Move dist.conf files to default.conf in case they are missing there + for i in `find $(SHAREDIR)/dist.conf/ -type f`; do \ + if [ ! -f $(SHAREDIR)/default.conf/$${i##$(SHAREDIR)/dist.conf/} ]; then \ + mv $$i $(SHAREDIR)/default.conf/$${i##$(SHAREDIR)/dist.conf/}; \ + fi \ + done + + mkdir -p $(DESTDIR)/usr/sbin + +#Ensure all configuration files have 0644 + find $(SHAREDIR)/ -name "*.conf" -type f -exec chmod 0644 {} \; + +# Add #!/usr/bin/perl at the top of the scripts (mainly for debugging and avoiding lintian warnings) + for i in `find $(SHAREDIR)/scripts -type f `; do head -n1 $$i | grep -q /usr/bin/perl || sed '1i #!/usr/bin/perl' --in-place $$i;done + + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installdocs + dh_installcron --name=00logwatch + dh_installman logwatch.8 + dh_installchangelogs + dh_link usr/share/logwatch/scripts/logwatch.pl usr/sbin/logwatch + dh_compress + dh_fixperms + dh_installdeb + dh_perl + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# Nothing to do + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- logwatch-7.3.6.orig/debian/copyright +++ logwatch-7.3.6/debian/copyright @@ -0,0 +1,152 @@ +This package was debianized by Willi Mann on +Wed, 12 Nov 2003 20:14:15 +0100. + +The latest version was downloaded from +ftp://ftp.kaybee.org/pub/linux/logwatch-7.3.1.tar.gz + +Logwatch consists of many individual scripts. Many of them were written by +Kirk Bauer , who is also one of the maintainers of logwatch +and deserves the credit for initiating this project. + +List of copyright holders +------------------------- + +Unfortunately, close to no script in logwatch explicitly lists its copyright +holders (like (c) Full name , year). Most script say they +"were written by" (listing only one name), and that's essentially what this +list compiles. The script by script list is available from +http://svn.debian.org/wsvn/pkg-logwatch/trunk/supposed-copyright/ + +Bjorn L. +Bob Hutchinson +cadtool@stepmind.com +Chris Smith +Dariusz Nierada +David Baldwin +Eric Moret +frank@fam-breedijk.com +Gerald Teschl +Hugo van der Kooij +Jeff Frost +Jim O'Halloran +Jim Richardson +Kenneth Porter +Kirk Bauer +Lars Skjærlund +Laurent DUFOUR , +Luuk de Boer +luuk - luuk@planet.nl +Matt Brown +Michael Romeo +Mike Tremaine +Osma Ahvenlampi +Patrick Vande Walle +Pawel Golaszewski +Pawel Jarosz +Ron Kuris +Simon Liddington +Sparta, Inc, 2004 +S. Schimkat +Sven Conrad +William Roumier +Willi Mann , 2003 - 2006 +Yaroslav Halchenko + +Licenses: +--------- + +Except for a few scripts, logwatch is distributed under the permissive X11 license. + +The exceptions: + +scripts/services/courier: GPL +scripts/services/clamav-milter: GPL +scripts/services/clamav: GPL +scripts/services/dpkg: GPL +scripts/services/rt314: Public Domain +scripts/services/dnssec: 3-clause BSD (Sparta) +scripts/services/resolver: 3-clause BSD (Sparta) +scripts/shared/applybinddate: 3-clause BSD (Sparta) + +Text of the licenses: +--------------------- + +X11 license: + +-BEGIN LICENSE -- +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +--END LICENSE-- + +3-clause BSD (Sparta): + +--BEGIN LICENSE-- +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +* Neither the name of Sparta, Inc nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS +IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--END LICENSE-- + +GPL: + +-BEGIN LICENSE -- + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. +--END LICENSE-- + +Public Domain: + +Legal term frequently used in US Law. In non-legal words: You can do +anything with it. For more information see +http://www.fsf.org/licensing/licenses/#PublicDomain or +http://en.wikipedia.org/wiki/Public_domain --- logwatch-7.3.6.orig/debian/README.Debian +++ logwatch-7.3.6/debian/README.Debian @@ -0,0 +1,108 @@ +Sections of this file: + +- Customizing the configuration +- More specific ranges +- access.log parsing - service http +- Getting fortunes in your language +- Howto modify a filter +- Logwatch runs daily for range yesterday by default + + + +Customizing the configuration: +============================== + +Please read the documentation in +/usr/share/doc/logwatch/HOWTO-Customize-LogWatch.gz. +For modifying a filter also read the last section in this file. + + + +More specific ranges: +==================== + +Logwatch's range parameter supports a lot of range options if you apt-get +install libdate-manip-perl (Date::Manip in Perl terms). Type +logwatch --range Help +for more information. + + + +access.log parsing - service http: +================================== + +Since 6.1.2, there is a new format for specifying the logfile format. +I could only test it for apache2. If it doesn't work for your webserver, +please submit a bugreport with some LogLines. + + + +Getting fortunes in your language +================================= + +If you want to see fortunes in your favourite language, you need to pass a +valid LC_ALL setting to logwatch. If you don't use a valid (read: enabled by +dpkg-reconfigure locales) value, logwatch (perl) will complain. To pass that +setting in the automatic daily run, you need to modify +/etc/cron.daily/00logwatch + + + +Howto modify a filter: +====================== + +Way #1: copy the filterscript from /usr/share/logwatch/scripts to +/etc/logwatch/scripts, preserving the hierarchy. Then modfiy it. The +disadvantage is that you will not be able to track upstream changes. Please +read more in /usr/share/doc/logwatch/HOWTO-Customize-LogWatch + +Way #2: patch the source, rebuild. This might be the better option if you have +many machines to maintain. + +A text that I've written for version 5.2.2 follows, explaining how to +recompile: + +In Redhat, the distribution logwatch was written on, all logwatch files where +put in /etc, so the problem didn't exist (This is no longer true since 7.0). In +Debian, this is not allowed because nobody can seriously claim the filter +scripts to be configuration files. + +This means that you have to: +(This is meant to be short HOWTO, just in case you've never modified the +source of a debian package before) +- download the source +$ apt-get source logwatch +- cd to source dir +$ cd logwatch-$version +- save the file you want to edit +$ cp $filetochange $filetochange.old +- make the modifications +$ $EDITOR $filetochange +- save the diff somewhere, so you can simply patch the file if a new version + comes out +$ diff -u $filetochange.old $filetochange > $someplacetostorediff +- I recommend to increment the version number +$ dch -i + you get an editor with debian/changelog. Modify the version number so it's + only slightly larger than the current debian version (e.g. 5.2.2-2 => + 5.2.2-2.0.0.1) +- build the package, eg: +$ dpkg-buildpackage -rfakeroot + or +$ debuild +-install the package +$ debi +or +$ dpkg -i ../logwatch_$version.deb + + + +Logwatch runs daily for range yesterday by default +================================================== + +This is for people who install packages without reading their description. + +Additional information (that's obviously not in the description): If you don't +want that, simply delete /etc/cron.daily/00logwatch or modify it. +New versions of this package will preserve this change, thanks to dpkg's +configuration file handling. --- logwatch-7.3.6.orig/debian/changelog +++ logwatch-7.3.6/debian/changelog @@ -0,0 +1,445 @@ +logwatch (7.3.6-1ubuntu1.1) hardy-security; urgency=low + + * SECURITY UPDATE: privileged code execution via badly named logfiles + - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile + names don't contain '. + - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 + (backported to hardy) + - CVE-2011-1018 + + -- Steve Beattie Sun, 27 Feb 2011 22:17:44 -0800 + +logwatch (7.3.6-1ubuntu1) hardy; urgency=low + + * Added patch from Paul Schulz to fix 'pam_unix unknown entries' + for authlog. (LP: #181690) + * Bumped starndards version to 3.7.3 + * Use postfix rather than exim4. + + -- Chuck Short Thu, 21 Feb 2008 08:35:13 -0500 + +logwatch (7.3.6-1) unstable; urgency=low + + * New upstream version: + - closes: #317388 "Unmatched entries in Postfix section" + - closes: #406084 "range examples are wrong ..." + - closes: #406411 "bind/named SERVFAIL != Query form disallowed client" + * Depend on exim4 rather than exim in debian/controls (closes: #420270) + * Add watch file (thanks to Clint Adams, closes: #420243) + * Use Homepage: instead of verbosity in Description (closes: #416488) + * Avoid using syslog for maillog services. This fixes double reports of + postfix, courier and maybe some others. + * Add patch that allows --mailto to take no email address. This is used in + the cron script. Do not rely on this, the print/encode options will + probably be changed in the next version. + * Add XS-Vcs-Svn and XS-Vcs-Browser to debian/control. + * No longer set DH_COMPAT in debian/rules, use debian/compat. (thanks to + lintian). Set compatibility to version 5 and depend on it. + + + -- Willi Mann Mon, 23 Apr 2007 11:46:23 +0200 + +logwatch (7.3.1-5) unstable; urgency=low + + * Regression: fail2ban doesn't filter by date, thanks Yaroslav Halchenko + for notifying me. Also, the fail2ban.log.1 was missing from the Archives + definition. again closes: #399864 + + -- Willi Mann Sun, 3 Dec 2006 11:38:45 +0100 + +logwatch (7.3.1-4) unstable; urgency=low + + * fail2ban updated, (for new fail2ban upstream and the log filename was wrong) + thanks Yaroslav Halchenko (closes: #399864) + * additional infos in README.Debian. + + -- Willi Mann Tue, 28 Nov 2006 20:53:42 +0100 + +logwatch (7.3.1-3) unstable; urgency=medium + + * Fixes concerning postfix reported by Andreas Beckmann (thanks): + - missing postfix logs (closes: #390741) + - ignore some logs in secure, concerning postfix related authentication + by modifying the config file for secure. (closes: #390743). The + nss-libmyql issue is not fixed. See + http://svn.debian.org/wsvn/pkg-logwatch/trunk/?rev=55&sc=1 + + -- Willi Mann Tue, 3 Oct 2006 08:47:47 +0200 + +logwatch (7.3.1-2) unstable; urgency=low + + * Another unmatched line for secure. + * Recommend libdate-manip-perl. + * Change the logwatch warning when Date::Manip not available. + * Create the same directory structure in /etc as in the logwatch install + script. + + -- Willi Mann Fri, 22 Sep 2006 11:50:25 +0200 + +logwatch (7.3.1-1) unstable; urgency=low + + * New upstream release + - closes: #385032: some logging changes in postfix 2.3 + - fail2ban scripts now included upstream + * Add parser for dpkg.log + * Some updates to debian/copyright + * Pull in patch from upstream for issues with subdirectories in logdirs. + * Created patches for secure, pam_unix, cron, openvpn, named, courier to + support some unmatched entries. + * Also, remove some redundant reporting for secure. This is logged in + pam_unix anyway. + * Improve the reporting in pam_unix to replace uids with names in two + places. + + -- Willi Mann Sat, 16 Sep 2006 21:04:24 +0200 + +logwatch (7.3-2) unstable; urgency=low + + * Update fail2ban script to recognise some more messages. Patch by + Yaroslav Halchenko. + * Update standards version to 3.7.2. No changes. + * Update debian/copyright + * Fix lintian warning build-depends-indep-should-be-build-depends debhelper. + + -- Willi Mann Thu, 25 May 2006 17:37:58 +0200 + +logwatch (7.3-1) unstable; urgency=low + + * New upstream release + - this should fix the reports about exim "Unmatched Entries". + closes: #298275. + * Add another unmatched entry for imapd - thanks again to Richard Burton + for the report. closes: #356815 + * Add some unmatched lines for smartd. + * remove no longer needed debian-specific logfile definitions. merged + upstream. + * add fail2ban scripts from Yaroslav Halchenko. closes: #359177 + * policy version 3.7.0.0, no changes + + -- Willi Mann Sun, 19 Mar 2006 18:29:50 +0100 + +logwatch (7.2.1-2) unstable; urgency=low + + * Set absolute path to sendmail in logwatch.conf + * MailFrom set to "root". The user "logwatch" may not exist and + cause problems. + * Add Unmatched line for imapd. closes: #352333, thanks to Richard Burton + for the report. + * Handle some unmatched lines for secure. closes: #355528, thanks again to + Richard Burton for the report. + * Drop the service-exim patch, it's no longer needed. + + -- Willi Mann Sat, 11 Feb 2006 16:49:59 +0100 + +logwatch (7.2.1-1) unstable; urgency=low + + * New upstream release + - Drop dependency on gawk + - Drop all patches except service-exim.diff, service-secure.diff + * Change DH_COMPAT from 3 to 4. Put ${misc:Depends} to Depends: in + debian/control. + * Support the string " (remote reception)" as additional part in sysklogd + restarts. closes: #348974, thanks to Richard Antony Burton for the report. + (new patch z-bug-348974.diff) + * Document how to get fortunes in ones favourite language. + * Change MTA to sendmail, change dependencies to exim | mail-transport-agent + * The logfiles/sonicwall.conf file included messages in its LogFile setting, + duplicating the whole messages logfile, and much earlier filing up the + root partition for busy sites. closes: #349328, thanks to Graham Cobb for + the report. + * Add new unrecognized line from su in secure. We ignore it, it's handled by + pam_unix anyway. thanks Richard Antony Burton for the report (no bug id) + + -- Willi Mann Sat, 21 Jan 2006 13:34:03 +0100 + +logwatch (7.1-2) unstable; urgency=low + + * Remove part of the cron patch, it was redundant. + * Workaround to preserve language environment for fortunes closes: #340903, + thanks to Benoit Dejean for the report. + * Openvpn logs to daemon, the server uses ovpn-[^\s]* as name. (The simpler + form ovpn-\S* does not work, 'cause logwatch lowercases all conf options.) + closes: #341863, thanks to David Anselmi for the + report. + * logfiles/daemon.conf didn't contain the calls to the appropriate logfile + scripts. closes: #343331, thanks to Arne Roolfs for the + report. + + -- Willi Mann Sun, 4 Dec 2005 10:53:37 +0100 + +logwatch (7.1-1) unstable; urgency=low + + * New upstream release + - new standards version 3.6.2 (no changes) + - Closes: #317894, frequent typo "IngnoreUnmatched" in various scripts, + Closes: #317913, fixes in pure-ftpd + both fixes by Piotr Krukowiecki (thanks) + - Closes: #323919, regexes for http exploits did not escape "." + thanks to Taco IJsselmuiden for the report + * Cope with the new directory layout. + - There is a preinst script now, the removes unneeded config files. + - README.Debian updated + - NEWS.Debian added + - debian/rules updated + * This package is now maintained as project "pkg-logwatch" on + alioth.debian.org. The svn repository is on svn.debian.org. + * Depend on gawk, and explicity use it in zz-disk_space. Seems that there is + some GNUism. + + -- Willi Mann Sat, 19 Nov 2005 16:39:24 +0100 + +logwatch (6.1.2-1) unstable; urgency=low + + * New upstream release + * Provide a script that removes "dead" service configuration files. + Located at /usr/share/doc/logwatch/examples/. closes: #310504 + * Some updates to README.Debian. + * Update the copyright file. + + -- Willi Mann Wed, 15 Jun 2005 16:06:55 +0200 + +logwatch (6.1.1-1) unstable; urgency=low + + * New upstream release + - New format for specifying the format of http Logformat (it's possible + that we lose debian apache1 support) + * Ignore some cyrus lines (patch submitted by Tommy ) + + -- Willi Mann Thu, 9 Jun 2005 21:48:56 +0200 + +logwatch (6.1-1) unstable; urgency=low + + * New upstream release + * Drop Recommends on libtie-ixhash-perl, libdate-calc-perl. services/exim + no longer needs them. + * Ignore two unknown entries in services/secure. + (pam_authenticate, - pts). They are done in services/pam_unix. + + -- Willi Mann Wed, 8 Jun 2005 15:18:27 +0200 + +logwatch (6.0.2-1) experimental; urgency=low + + * New upstream release + - Many patches were applied upstream + * Remove the Makefile, do that job in debian/rules. + + -- Willi Mann Sat, 30 Apr 2005 16:02:53 +0200 + +logwatch (6.0.1-1) experimental; urgency=low + + * New upstream release (closes: #302423) + - Dropped many patches that were applied upstream. + - gawk is no longer needed for sendmail-largeboxes + (changes in README.Debian and control) + - some patch porting in sshd. + * fixes from 5.2.2-5 and 5.2.2-6: + - services/http: + + Support .html.language-ext html files. (Bug: #303345, thanks to + Klaus Ethgen for the report and the fix) + + Add support for "/sqwebmail". + - Accept more chars in usernames in services/sudo script (Bug: #302132, + thanks to Richard Mortimer ) + * Add perl header "#!/usr/bin/perl" at the top of every executeable perl + script. The code is in the Makefile. Don't know why upstream removed it. + + -- Willi Mann Mon, 21 Mar 2005 20:39:45 +0100 + +logwatch (5.2.2-4) unstable; urgency=medium + + * Reformat README.Debian. + * Add info to README.Debian how to get correct http output when using + default apache1 configuration as LogFormat. Add the apache1 default + LogFormat as alternative to conf/services/http.conf. (Closes: #293115, + thanks to Vic Gedris ) + * Make the smartd service (smartmontools) working. It's logging to + daemon.log, not to messages. (Closes: #295234, thanks to + Piotr Krukowiecki ) + * Set LC_ALL=C in the main logwatch script. (closes: #296979, thanks to + Gilmar Junior + * Fix logfiles/http.conf. All events were logged twice. + * Correct logfiles/{daemon,http,maillog,secure}.conf to always include the + first rotated logfile. (So no need to use --archives for full accuracy for + reports of range "yesterday"). Otherwise some events might get lost. Some + other logfile configurations should also get corrected but I can't verify + them because I don't have the services running. + + -- Willi Mann Wed, 16 Feb 2005 19:43:30 +0100 + +logwatch (5.2.2-3) unstable; urgency=medium + + * Include HOWTO-Make-Filter (closes: #287165) + * Patches from Piotr Krukowiecki : + - One line to postfix ("starting TLS engine") + - One modification to samba ("*initially* as user") (closes: #289073) + * Move binary building from binary-arch to binary-indep (finally) + * s/_/./ in conf/logfiles/http.conf to make it work with apache1 + * Syslogd now gets feeded by syslog logfile, not messages. + * Added a kernel logfile group (kern.log), and the kernel script now + uses this instead of messages. + (thanks to Petr Stehlik for the last three + suggested enhancements, closes: #287963) + * Added short info how to modify a filter to README.Debian + * Consider space in the postfix logs (closes: #289074, thanks to + Alex Satrapa ) + * Fix two lintian warnings concerning the synopsis part of the + package description. (Remove the "A ") + + -- Willi Mann Sat, 25 Dec 2004 10:09:58 +0100 + +logwatch (5.2.2-2) unstable; urgency=high + + * Enhance description, fix some typos and spelling mistakes. + * Fix zz-disk_space for very long device names: Use POSIX output to ensure + that there's always one line per mount point and the grep works correctly. + (closes: #278816, thanks to Kees van Vloten ) + * Small fixes to the courier script. + - Don't print newline if nothing else is printed. + - add -ssl for pop3d and imap (closes: #278680, thanks to Wayne Davison + ) + * Change title of courier reports to "courier mail services". + * Cleanups and fixes for the logfiles configuration files: + - fix and remove Archive lines. + - fix http.conf for debian + - consistency fixes + mostly reported by Simon Schoar , closes: #280164 + * two minor enhancements/fixes to named reporting. (Unmatched Entries) + * support "not in AllowUsers" log line in sshd. + + -- Willi Mann Sat, 23 Oct 2004 11:05:32 +0200 + +logwatch (5.2.2-1) unstable; urgency=low + + * New upstream release (Closes: #261275) + * Completely remove su reporting from secure + + other minor changes in secure. + * Update copyright file. + * Add support for kcheckpass to pam_unix (which I've seen for + unlocking the screen saver) + * Remove the unneccessary part "first accept valid lines" from pam_unix. + * Other small changes to pam_unix. + * Make clam-update working. + * Big rewrite of the courier script (and courier.conf). + It's now under GPL. + * Recommend gawk, but don't print stupid error message if it doesn't exist + (exit the script), and add info to README.Debian about that. (The affected + service was sendmail-largeboxes) + * Get rid of some unmatched entries in cron + * Fix for parsing postfix 2.1.4. ("Client Host") (closes: #275051, thanks to + Wayne Davison ) + + -- Willi Mann Fri, 3 Sep 2004 09:20:58 +0200 + +logwatch (5.1-6) unstable; urgency=medium + + Urgency medium because of wrong copyright file currently in sarge. + + * Correct copyright file. + * Fix the service extraction in pam_unix for woody. + * exim filter: + - Fix some problems with the exim service script and the + logfile config file. + - include information in Readme.Debian about the required packages + for the exim script. + (closes: #260056, thanks to James Clendenan for the report.) + * Fix reporting of samba in pam_unix. + * Throw out some unneeded lines in debian/rules. + + -- Willi Mann Mon, 21 Jun 2004 22:50:52 +0200 + +logwatch (5.1-5) unstable; urgency=medium + + Urgency medium because non-working cron-reporting should go away from + testing as fast as possible. + + * Fix cron-script /usr/bin -> /usr/sbin. (closes: #253859, thanks to + Ian MacDonald). Forgot to list that change in previous changelog. + * Fix (the first really upstream?) bug in logwatch: A small mistake + in sshd-reporting. (thanks to Manabu Matsui, closes: #254968) + * Don't report pam_unix in SSHD. + * Fix a pam_unix -line for su. + * Don't report pam_limits in secure. + + -- Willi Mann Sat, 12 Jun 2004 12:07:42 +0200 + +logwatch (5.1-4) unstable; urgency=low + + * Fix typo in Description, thanks to Gustavo Franco (closes: #247497) + * Fix pam_unix reporting. It seems that pam has changed. Maybe I need + script that warns me when the log-format of pam_unix-entries changes... + thanks for reporting Klaus Ethgen. (closes: #247257) + * Handle some previously unmatched lines in secure. Added temporary hack + to have a nice output until I can fix #239626. + * Add syslog.0 as logfile to syslog.conf because syslog is rotated daily, + so I would never see cron-reporting if I use logwatch from + command-line (helps development). + + Move symlink to main script from /usr/bin -> /usr/sbin. Fixes a lintian + warning. (This changelog entry was added after the package has been + uploaded.) + + -- Willi Mann Wed, 5 May 2004 19:47:35 +0200 + +logwatch (5.1-3) unstable; urgency=low + + * I'm not from marketing: proper upstream homepage url: + www... -> http://www... + * Don't report PAM_unix lines in secure: support for woody. thanks to + Michael Stovenour for the report (closes: #239626) + * Added fortune-mod to Suggests. + * Removed some lines which were already commented out. + + -- Willi Mann Mon, 15 Mar 2004 21:31:39 +0100 + +logwatch (5.1-2) unstable; urgency=low + + * Verify in the cron script that logwatch is really installed + (not removed-but-not-purged) + * Set standards-version to 3.6.1.0 instead of 3.6.1 to exactly match + the current version. + * Make reporting of syslogd - restarts working again + * Force permissions of all *.confs to 0644 using find + * logfile-group maillog now uses mail.log instead of mail.err, mail.info, + mail.warn to avoid possible double-reporting + * Avoid calling the target install of Makefile twice + + -- Willi Mann Wed, 11 Feb 2004 23:29:08 +0100 + +logwatch (5.1-1) unstable; urgency=low + + * New upstream release 5.1 + * Make cron reporting working again. It's the only service that + only logs to the syslog logfile. + + -- Willi Mann Wed, 4 Feb 2004 20:18:37 +0100 + +logwatch (5.0+5.1pre1-2) unstable; urgency=low + + * Force permissions of all scripts to 0755 + + -- Willi Mann Mon, 2 Feb 2004 11:36:38 +0100 + +logwatch (5.0+5.1pre1-1) unstable; urgency=low + + * Bump to pre5.1 + * Revert some changes, that turned out not to be neccessary. + * Changed description + + -- Willi Mann Sun, 1 Feb 2004 23:44:03 +0100 + +logwatch (5.0-2) unstable; urgency=low + + * Fix permission of /etc/logwatch/conf/services/pureftpd.conf by chmod in + Makefile. + * Make more services work (see state_of_debianizing). + + + -- Willi Mann Wed, 14 Jan 2004 17:30:12 +0100 + +logwatch (5.0-1) unstable; urgency=low + + * Initial Release. + * Reporting for many services should work, including cron, ssh, courier, + exim. + * Please report bugs. If a particular service has no output, I need the path + to the logfile(s). That's most likely the problem. + + -- Willi Mann Wed, 12 Nov 2003 20:14:15 +0100 --- logwatch-7.3.6.orig/debian/NEWS +++ logwatch-7.3.6/debian/NEWS @@ -0,0 +1,11 @@ +logwatch (7.1-1) unstable; urgency=low + + * This version will remove untouched configuration files in + /etc/logwatch/conf. If you modified it, it will be renamed to + $file.dpkg-bak. You should read + /usr/share/doc/logwatch/HOWTO-Customize-LogWatch and only put + the required modification back in $file. + * This package is now maintained as alioth project "pkg-logwatch". + It uses an svn repository on svn.debian.org. + + -- Willi Mann Sat, 19 Nov 2005 16:39:24 +0100 --- logwatch-7.3.6.orig/debian/dist.conf/logfiles/messages.conf +++ logwatch-7.3.6/debian/dist.conf/logfiles/messages.conf @@ -0,0 +1,3 @@ +LogFile = messages.0 +Archive = +Archive = messages.*.gz --- logwatch-7.3.6.orig/debian/dist.conf/logfiles/maillog.conf +++ logwatch-7.3.6/debian/dist.conf/logfiles/maillog.conf @@ -0,0 +1,6 @@ +LogFile = +LogFile = mail.log +LogFile = mail.log.0 + +Archive = +Archive = mail.log.*.gz --- logwatch-7.3.6.orig/debian/dist.conf/logfiles/cron.conf +++ logwatch-7.3.6/debian/dist.conf/logfiles/cron.conf @@ -0,0 +1,3 @@ +LogFile = cron.log +Archive = +Archive = cron.log.* --- logwatch-7.3.6.orig/debian/dist.conf/logwatch.conf +++ logwatch-7.3.6/debian/dist.conf/logwatch.conf @@ -0,0 +1,4 @@ +Detail = Med +mailer = "/usr/sbin/sendmail -t" +TmpDir = /tmp +MailFrom = root --- logwatch-7.3.6.orig/debian/dist.conf/services/kernel.conf +++ logwatch-7.3.6/debian/dist.conf/services/kernel.conf @@ -0,0 +1,2 @@ +LogFile = +LogFile = kernel --- logwatch-7.3.6.orig/debian/dist.conf/services/openvpn.conf +++ logwatch-7.3.6/debian/dist.conf/services/openvpn.conf @@ -0,0 +1,4 @@ +LogFile = +LogFile = daemon +*MultiService = openvpn,ovpn-[^\s]* +*RemoveHeaders --- logwatch-7.3.6.orig/debian/dist.conf/services/pound.conf +++ logwatch-7.3.6/debian/dist.conf/services/pound.conf @@ -0,0 +1,2 @@ +LogFile = +LogFile = daemon --- logwatch-7.3.6.orig/debian/dist.conf/services/pam_unix.conf +++ logwatch-7.3.6/debian/dist.conf/services/pam_unix.conf @@ -0,0 +1,2 @@ +LogFile = +LogFile = secure --- logwatch-7.3.6.orig/debian/dist.conf/services/smartd.conf +++ logwatch-7.3.6/debian/dist.conf/services/smartd.conf @@ -0,0 +1,2 @@ +LogFile = +LogFile = daemon --- logwatch-7.3.6.orig/debian/dist.conf/services/cron.conf +++ logwatch-7.3.6/debian/dist.conf/services/cron.conf @@ -0,0 +1,3 @@ +LogFile = syslog +*OnlyService = (CROND|\/USR\/SBIN\/CRON|\/usr\/sbin\/cron) + --- logwatch-7.3.6.orig/debian/dist.conf/services/named.conf +++ logwatch-7.3.6/debian/dist.conf/services/named.conf @@ -0,0 +1,2 @@ +LogFile = +LogFile = daemon --- logwatch-7.3.6.orig/debian/dist.conf/services/syslogd.conf +++ logwatch-7.3.6/debian/dist.conf/services/syslogd.conf @@ -0,0 +1,5 @@ +Logfile = +LogFile = syslog +*OnlyService = syslogd +*RemoveHeaders +#TODO: fix onlyservice --- logwatch-7.3.6.orig/debian/control +++ logwatch-7.3.6/debian/control @@ -0,0 +1,29 @@ +Source: logwatch +Section: admin +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Willi Mann +Build-Depends: debhelper (>> 5.0.0) +Standards-Version: 3.7.3 +XS-Vcs-Svn: svn://svn.debian.org/pkg-logwatch/trunk +XS-Vcs-Browser: http://svn.debian.org/wsvn/pkg-logwatch/trunk/ + +Package: logwatch +Architecture: all +Depends: ${perl:Depends}, ${misc:Depends}, postfix | mail-transport-agent +Recommends: libdate-manip-perl +Suggests: fortune-mod +Description: log analyser with nice output written in Perl + Logwatch is a modular log analyser that runs every night + and mails you the results. It can also be run from command line. + . + The output is by service and you can limit the output to one particular + service. The subscripts which are responsible for the output, mostly + convert the raw log lines in structured format. + . + Logwatch generally ignores the time component in the output, that means, + you will know that the reported event was logged in the requested range of + time, but you will have to go to the raw log files to get the exact details. + . + Homepage: http://www.logwatch.org/ + --- logwatch-7.3.6.orig/debian/watch +++ logwatch-7.3.6/debian/watch @@ -0,0 +1,5 @@ +# Watch file by Clint Adams +version=3 +ftp://ftp.kaybee.org/pub/linux/logwatch-([\d.]+)\.tar.gz debian uupdate + + --- logwatch-7.3.6.orig/debian/compat +++ logwatch-7.3.6/debian/compat @@ -0,0 +1 @@ +5 --- logwatch-7.3.6.orig/debian/dirs +++ logwatch-7.3.6/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/sbin --- logwatch-7.3.6.orig/debian/logwatch.preinst +++ logwatch-7.3.6/debian/logwatch.preinst @@ -0,0 +1,39 @@ +#!/bin/sh + +set -e + +LASTVERSION="6.9" +FILES="ignore.conf logwatch.conf logfiles/autorpm.conf logfiles/cisco.conf logfiles/clam-update.conf logfiles/cron.conf logfiles/emerge.conf logfiles/exim.conf logfiles/extreme-networks.conf logfiles/http.conf logfiles/maillog.conf logfiles/messages.conf logfiles/netopia.conf logfiles/netscreen.conf logfiles/pureftp.conf logfiles/rt314.conf logfiles/samba.conf logfiles/secure.conf logfiles/sonicwall.conf logfiles/tac_acc.conf logfiles/up2date.conf logfiles/vsftpd.conf logfiles/xferlog.conf logfiles/yum.conf logfiles/kernel.conf logfiles/daemon.conf logfiles/syslog.conf services/afpd.conf services/amavis.conf services/arpwatch.conf services/audit.conf services/automount.conf services/autorpm.conf services/cisco.conf services/clam-update.conf services/clamav-milter.conf services/clamav.conf services/courier.conf services/cron.conf services/dhcpd.conf services/emerge.conf services/exim.conf services/extreme-networks.conf services/ftpd-messages.conf services/ftpd-xferlog.conf services/http.conf services/identd.conf services/imapd.conf services/in.qpopper.conf services/init.conf services/ipop3d.conf services/kernel.conf services/mailscanner.conf services/modprobe.conf services/mountd.conf services/named.conf services/netopia.conf services/netscreen.conf services/oidentd.conf services/openvpn.conf services/pam.conf services/pam_pwdb.conf services/pam_unix.conf services/pluto.conf services/pop3.conf services/portsentry.conf services/postfix.conf services/pound.conf services/proftpd-messages.conf services/pureftpd.conf services/qmail.conf services/raid.conf services/rt314.conf services/samba.conf services/saslauthd.conf services/scsi.conf services/secure.conf services/sendmail-largeboxes.conf services/sendmail.conf services/shaperd.conf services/smartd.conf services/sonicwall.conf services/sshd.conf services/sshd2.conf services/stunnel.conf services/sudo.conf services/syslogd.conf services/tac_acc.conf services/up2date.conf services/vpopmail.conf services/vsftpd.conf services/xntpd.conf services/yum.conf services/zz-disk_space.conf services/zz-fortune.conf services/zz-network.conf" + + +# Remove a no-longer used conffile +rm_conffile() { + CONFFILE="$1" + + if [ -e "$CONFFILE" ]; then + md5sum="`md5sum \"$CONFFILE\" | sed -e \"s/ .*//\"`" + old_md5sum="`sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' $CONFFILE'{s/.* //;p}}\" /var/lib/dpkg/status`" + if [ "$md5sum" != "$old_md5sum" ]; then + echo "Obsolete conffile $CONFFILE has been modified by you." + echo "Saving as $CONFFILE.dpkg-bak ..." + echo "Merge your local changes back to $CONFFILE!" + mv -f "$CONFFILE" "$CONFFILE".dpkg-bak + else + echo "Removing obsolete conffile $CONFFILE ..." + rm -f "$CONFFILE" + fi + fi +} + +case "$1" in +install|upgrade) + if dpkg --compare-versions "$2" le "$LASTVERSION"; then + for CFILE in $FILES; do + rm_conffile /etc/logwatch/conf/$CFILE + done + fi +esac + +#DEBHELPER# + +exit 0 --- logwatch-7.3.6.orig/scripts/logwatch.pl +++ logwatch-7.3.6/scripts/logwatch.pl @@ -327,7 +327,7 @@ "logdir=s" => \$Config{'logdir'}, "s|service=s@" => \@TempServiceList, "p|print" => \$Config{'print'}, - "m|mailto=s" => \$tmp_mailto, + "m|mailto:s" => \$tmp_mailto, "save=s" => \$Config{'save'}, "a|archives" => \$Config{'archives'}, "debug=s" => \$Config{'debug'}, @@ -355,8 +355,10 @@ exit 0; } -if ($tmp_mailto) { - $Config{'mailto'} = $tmp_mailto; +if (defined $tmp_mailto) { + if ($tmp_mailto ne "") { + $Config{'mailto'} = $tmp_mailto; + } $Config{'print'} = 0; } @@ -845,6 +847,10 @@ my $DestFile = $TempDir . $LogFile . "-archive"; my $Archive; foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { + if ($Archive =~ /'/) { + print "File $Archive has invalid embedded quotes. File ignored.\n"; + next; + } my $CheckTime; # We need to find out what's the earliest log we need my @time_t = TimeBuild(); @@ -872,18 +878,18 @@ #These system calls are not secure but we are getting closer #What needs to go is all the pipes and instead we need a command loop #For each filter to apply -mgt - my $arguments = "$Archive >> $DestFile"; + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtozcat'} $arguments") == 0 or die "system $Config{'pathtozcat'} failed: $?" } elsif (($Archive =~ m/bz2$/) && (-f "$Archive")) { #These system calls are not secure but we are getting closer #What needs to go is all the pipes and instead we need a command loop #For each filter to apply -mgt - my $arguments = "$Archive 2>/dev/null >> $DestFile"; + my $arguments = "'${Archive}' 2>/dev/null >> $DestFile"; system("$Config{'pathtobzcat'} $arguments") == 0 or die "system $Config{'pathtobzcat'} failed: $?" } elsif (-f "$Archive") { - my $arguments = "$Archive >> $DestFile"; + my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtocat'} $arguments") == 0 or die "system $Config{'pathtocat'} failed: $?" } #End if/elsif existence @@ -895,6 +901,10 @@ foreach my $ThisFile (@FileList) { #Existence check for files -mgt next unless (-f $ThisFile); + if ($ThisFile =~ /'/) { + print "File $ThisFile has invalid embedded quotes. File ignored.\n"; + next; + } if (! -r $ThisFile) { print "File $ThisFile is not readable. Check permissions."; if ($> != 0) { @@ -903,7 +913,7 @@ print "\n"; next; } - $FileText .= ($ThisFile . " "); + $FileText .= ("'" . $ThisFile . "' "); } #End foreach ThisFile # remove the ENV entries set by previous service --- logwatch-7.3.6.orig/scripts/services/pam_unix +++ logwatch-7.3.6/scripts/services/pam_unix @@ -105,7 +105,7 @@ if ($line =~ s/^... .. ..:..:.. .+ .+\(pam_unix\)\[\d+\]: //) { $service =~ s/^... .. ..:..:.. .+ (.+)\(pam_unix\)\[\d+\]: .*$/$1/; # new fedora (fc5) version - } elsif ( $line =~ s/^... .. ..:..:.. .+ pam_unix(.+:.+): // ) { + } elsif ( $line =~ s/^... .. ..:..:.. .+ pam_unix\(.+:.+\): // ) { $service =~ s/^... .. ..:..:.. .+ pam_unix\((.+):.+\): .*$/$1/; # for debian sarge - "normal" lines } elsif ($line =~ s/^... .. ..:..:.. .+ [^ :]+: \(pam_unix\) //) { @@ -116,12 +116,15 @@ #for debian woody } elsif ( $line =~ s/^... .. ..:..:.. .+ PAM_unix\[\d+\]: \((.*?)\) // ) { $service =~ s/^... .. ..:..:.. .+ PAM_unix\[\d+\]: \(([^ ]*)\) .*/$1/; + # for Ubuntu 7.10 + } elsif ( $line =~ s/^... .. ..:..:.. .+ \S+\[\d+\]: pam_unix_\S+\(.+:.+\): // ) { + $service =~ s/^... .. ..:..:.. .+ \S+\[\d+\]: pam_unix_\S+\((.+):.+\): .*$/$1/; } else { next; } #lowercase the service $service = lc($service); - if (($service eq 'sshd') or ($service eq 'login') or ($service eq 'ftp') or ($service eq 'rsh')) { + if (($service =~ /ssh(|d)/) or ($service eq 'login') or ($service eq 'ftp') or ($service eq 'rsh')) { if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) { ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++; } elsif ($line =~ s/^session opened for user ([^ ]*) by ([^ ]*)\(uid=\d+\)/$1 by $2/) { --- logwatch-7.3.6.orig/scripts/services/secure +++ logwatch-7.3.6/scripts/services/secure @@ -400,11 +400,11 @@ } elsif ($ThisLine =~ /^pam_pwdfile\[\d+\]: password too short or NULL/) { $pwd_file_too_short++; } elsif ( ($User,$Su) = ($ThisLine =~ /^su: ([^ ]+) to ([^ ]+) on \/dev\/ttyp([0-9a-z]+)/) ) { - $Su_User{$User}{$Su}++; + #$Su_User{$User}{$Su}++; #disabled for debian: reported in pam_unix } elsif ( ($Su,$User) = ($ThisLine =~ /^su: \(to ([^ ]+)\) ([^ ]+) on (?:none|\/dev\/(pts\/|ttyp)([0-9]+))/) ) { - $Su_User{$User}{$Su}++; + #$Su_User{$User}{$Su}++; # -|- } elsif ( ($Su,$User) = ($ThisLine =~ /^su\[\d+\]: Successful su for (\S+) by (\S+)/) ) { - $Su_User{$User}{$Su}++; + #$Su_User{$User}{$Su}++; # -|- } elsif ($ThisLine =~ /^userhelper\[\d+\]: running '([^']+)' with ([^']+) privileges on behalf of '([^']+)'/) { $Executed_app{"$1,$2,$3"}++; } elsif ( ($User) = $ThisLine =~ /change user `([^']+)' password/) {