Author: glen Date: Tue Jul 18 20:58:04 2006 GMT Module: SPECS Tag: HEAD ---- Log message: - switched to debian source
---- Files affected: SPECS: logcheck.spec (1.29 -> 1.30) ---- Diffs: ================================================================ Index: SPECS/logcheck.spec diff -u SPECS/logcheck.spec:1.29 SPECS/logcheck.spec:1.30 --- SPECS/logcheck.spec:1.29 Tue Jul 18 22:17:11 2006 +++ SPECS/logcheck.spec Tue Jul 18 22:57:59 2006 @@ -1,104 +1,126 @@ # $Revision$, $Date$ -# TODO: -# - SECURITY: http://securitytracker.com/alerts/2004/Apr/1009838.html -Summary: Logcheck system log analyzer -Summary(es): Analizador de logs -Summary(pl): Logcheck - analizator logów systemu -Summary(pt_BR): Um analisador de logs -Summary(ru): Logcheck - ÁÎÁĚÉÚÁÔĎŇ log-ĆÁĘĚĎ× -Summary(uk): Logcheck - ÁÎÁĚŚÚÁÔĎŇ log-ĆÁĘĚŚ× -Summary(zh_CN): ϾͳČŐÖžˇÖÎöš¤žß +Summary: Mails anomalies in the system logfiles to the administrator Name: logcheck -Version: 1.1.1 -Release: 3.2 +Version: 1.2.46 +Release: 0.1 License: GPL Group: Applications/System -#Source0: http://www.psionic.com/tools/%{name}-%{version}.tar.gz -# Adopted by Debian ? They have 1.3.14 in pool -# Debian has 1.2.32 now. -Source0: %{name}-%{version}.tar.gz -# Source0-md5: e97c2f096e219e20310c1b80e9e1bc29 +Source0: http://ftp.debian.org/debian/pool/main/l/logcheck/%{name}_%{version}.tar.gz +# Source0-md5: 4fc24888f538d9e0592f3e4605ba3b99 Patch0: %{name}-pld.patch -#URL: http://www.psionic.com/abacus +Source1: %{name}.cron +URL: http://logcheck.alioth.debian.org/ +BuildRequires: rpmbuild(macros) >= 1.202 +Requires(postun): /usr/sbin/groupdel +Requires(postun): /usr/sbin/userdel +Requires(pre): /bin/id +Requires(pre): /usr/bin/getgid +Requires(pre): /usr/sbin/groupadd +Requires(pre): /usr/sbin/useradd +Requires: %{name}-database = %{version}-%{release} Requires: /usr/sbin/sendmail Requires: crondaemon -Requires: logtail = %{epoch}:%{version}-%{release} +Requires: logtail = %{version}-%{release} +BuildArch: noarch BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %define _sysconfdir /etc/logcheck %description -Logcheck is software package that is designed to automatically run and -check system log files for security violations and unusual activity. -Logcheck utilizes a program called logtail that remembers the last -position it read from in a log file and uses this position on -subsequent runs to process new information. All source code is -available for review and the implementation was kept simple to avoid -problems. This package is a clone of the frequentcheck.sh script from -the Trusted Information Systems Gauntlet(tm) firewall package. TIS has -granted permission for me to clone this package. - -%description -l es -Analizador de logs - -%description -l pl -Pakiet zawiera logcheck - aplikację przeznaczoną do automatycznego -analizowania logów systemowych i przesyłaniu ich po wstępnej obróbce -pocztą elektroniczną do administratora systemu. Aplikacja ta jest -klonem skryptu frequentcheck.sh z Trusted Information Systems -Gauntlet(tm). - -%description -l pt_BR -O logcheck é um software que foi desenvolvido para automaticamente -rodar e checar logs do sistema para violaçőes de segurança, e -atividade năo usual. - -%description -l ru -Logcheck - ĐŇĎÇŇÁÍÍÁ ÄĚŃ ĎÔÓĚĹÖÉ×ÁÎÉŃ × ÓÉÓÔĹÍÎŮČ ĚĎÇÁČ ÎĹĎÂŮŢÎŮČ -ÄĹĘÓÔ×ÉĘ É ĐĎĐŮÔĎË ÎĹÓÁÎËĂÉĎÎÉŇĎ×ÁÎÎĎÇĎ ÄĎÓÔŐĐÁ. - -%description -l uk -Logcheck - ĐŇĎÇŇÁÍÁ ÄĚŃ ×ŚÄÓĚŚÄËĎ×Ő×ÁÎÎŃ × ÓÉÓÔĹÍÎÉČ ĚĎÇÁČ ÎĹÚ×ÉŢÁĘÎÉČ -ÄŚĘ ÔÁ ÓĐŇĎ ÎĹÓÁÎËĂŚĎÎĎ×ÁÎĎÇĎ ÄĎÓÔŐĐŐ. +Logcheck is a simple utility which is designed to allow a system +administrator to view the logfiles which are produced upon hosts under +their control. + +It does this by mailing summaries of the logfiles to them, after first +filtering out "normal" entries. + +Normal entries are entries which match one of the many included +regular expression files contain in the database. + +Logcheck was part of the Abacus Project of security tools, but this +version has been rewritten. + +%package database +Summary: database of system log rules for the use of log checkers +Group: Applications/System + +%description database +This database is part of the Logcheck package, but might be used by +others. It brings a database of regular expressions for matching +system log entries after various criteria. %package -n logtail -Summary: logtail program from logcheck package +Summary: Print log file lines that have not been read Group: Applications/System %description -n logtail -This package contains logtail that remembers the last position it read -from in a log file and uses this position on subsequent runs to -process new information. +This program will read in a standard text file and create an offset +marker when it reads the end. The offset marker is read the next time +logtail is run and the text file pointer is moved to the offset +location. This allows logtail to read in the next lines of data +following the marker. This is good for marking log files for automatic +log file checkers to monitor system events. + +This program is mainly used by logcheck, because it returns only parts +of the system logfiles that have not already been checked. %prep %setup -q -%patch -p1 +#%patch0 -p1 # TODO %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/cron.hourly,%{_sbindir},%{_bindir}} +install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/cron.d,%{_sbindir},%{_bindir}} -%{__make} linux \ - CC="%{__cc}" \ - CFLAGS="%{rpmcflags}" - -cat <<EOF > $RPM_BUILD_ROOT/etc/cron.hourly/logcheck -#!/bin/sh -exec %{_sbindir}/logcheck -EOF +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT + +install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.d/%{name} mv $RPM_BUILD_ROOT{%{_sbindir},%{_bindir}}/logtail +touch $RPM_BUILD_ROOT%{_sysconfdir}/header.txt # TODO %clean rm -rf $RPM_BUILD_ROOT +%pre +%groupadd -g 173 %{name} +%useradd -u 173 -d /var/lib/%{name} -g adm -c "Logcheck User" %{name} + +%postun +if [ "$1" = "0" ]; then + %userremove %{name} + %groupremove %{name} +fi + %files %defattr(644,root,root,755) -%doc CHANGES CREDITS README* systems/linux/README* -%attr(700,root,root) %dir %{_sysconfdir} -%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/* -%attr(700,root,root) %config(missingok) /etc/cron.hourly/logcheck +%doc AUTHORS CHANGES CREDITS TODO +%doc docs/README.{how.to.interpret,keywords,logcheck,Maintainer} docs/tools/log-summary-ssh +%attr(710,root,logcheck) %dir %{_sysconfdir} +%dir %attr(2750,root,logcheck) %{_sysconfdir}/cracking.d +%dir %attr(2750,root,logcheck) %{_sysconfdir}/cracking.ignore.d +%dir %attr(2750,root,logcheck) %{_sysconfdir}/violations.d +%dir %attr(2750,root,logcheck) %{_sysconfdir}/violations.ignore.d +%dir %attr(2750,root,logcheck) %{_sysconfdir}/ignore.d.workstation +%dir %attr(2750,root,logcheck) %{_sysconfdir}/ignore.d.server +%dir %attr(2750,root,logcheck) %{_sysconfdir}/ignore.d.paranoid +%attr(640,root,logcheck) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/logcheck.conf +%attr(640,root,logcheck) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/logcheck.logfiles +%attr(640,root,logcheck) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/header.txt +%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name} %attr(755,root,root) %{_sbindir}/logcheck +%dir %attr(750,logcheck,root) /var/lib/logcheck +%dir %attr(755,logcheck,logcheck) /var/lock/logcheck + +%files database +%defattr(644,root,root,755) +%config %verify(not md5 mtime size) %{_sysconfdir}/cracking.d/* +%config %verify(not md5 mtime size) %{_sysconfdir}/violations.d/* +%config %verify(not md5 mtime size) %{_sysconfdir}/violations.ignore.d/* +%config %verify(not md5 mtime size) %{_sysconfdir}/ignore.d.workstation/* +%config %verify(not md5 mtime size) %{_sysconfdir}/ignore.d.server/* +%config %verify(not md5 mtime size) %{_sysconfdir}/ignore.d.paranoid/* %files -n logtail %defattr(644,root,root,755) @@ -110,92 +132,6 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ -Revision 1.29 2006/07/18 20:17:11 glen -- put logtail to bindir -- drop non-cvs changelog - -Revision 1.28 2006/03/09 14:35:10 glen -- quote %{__cc} - -Revision 1.27 2005/12/13 11:54:17 glen -- adalterized (sorted %verify flags) - -Revision 1.26 2004/12/17 22:28:11 glen -- split logtail into separate package - -Revision 1.25 2004/10/24 12:06:15 paladine -- spelling fix - -Revision 1.24 2004/08/16 14:16:20 blues -- SECURITY note - -Revision 1.23 2004/01/17 22:59:27 domelu -- release 3 to rebuild with ac - -Revision 1.22 2003/09/11 08:17:30 erjot -- new BR by domelu-at-domelu-dot-net - -Revision 1.21 2003/07/11 12:28:23 ankry -- URL fixes and other cosmetics - -Revision 1.20 2003/05/28 12:59:37 malekith -- massive attack: source-md5 - -Revision 1.19 2003/05/25 05:50:16 misi3k -- massive attack s/pld.org.pl/pld-linux.org/ - -Revision 1.18 2002/09/14 20:13:18 kloczek -- release 2. - -Revision 1.17 2002/09/13 22:03:47 undefine -- add some translations -- new %doc - -Revision 1.16 2002/04/05 15:13:14 roman -- s/Free. See LICENSE file./Free (see License in License - -Revision 1.15 2002/02/22 23:29:13 kloczek -- removed all Group fields translations (oure rpm now can handle translating - Group field using gettext). - -Revision 1.14 2002/01/18 02:13:45 kloczek -- perl -pi -e "s/[EMAIL PROTECTED]/[EMAIL PROTECTED]/" - -Revision 1.13 2002/01/03 08:56:14 blues -- requires mail daemon - -Revision 1.12 2001/04/30 16:05:21 kloczek -- added using %{rpmcflags} macro. - -Revision 1.11 2001/02/16 08:58:50 kloczek -- another fix in %install. - -Revision 1.10 2001/02/16 08:01:56 kloczek -- typo in %install. - -Revision 1.9 2001/02/16 05:21:49 kloczek -- updated to 1.1.1, -- spec adapterized, -- make spec %{debug} ready and use rpm automation, -- change permission on executables to 755. - -Revision 1.8 2000/06/09 07:23:25 kloczek -- added using %{__make} macro. - -Revision 1.7 2000/04/01 11:14:52 zagrodzki -- changed all BuildRoot definitons -- removed all applnkdir defs -- changed some prereqs/requires -- removed duplicate empty lines - -Revision 1.6 2000/03/28 16:54:41 baggins -- translated kloczkish into english - -Revision 1.5 2000/03/15 15:30:16 kloczek -- cosmetics. - -Revision 1.4 2000/03/07 18:16:12 baggins -- cleaned up to PLD standards +Revision 1.30 2006/07/18 20:57:59 glen +- switched to debian source -Revision 1.3 1999/07/12 23:06:06 kloczek -- added using CVS keywords in %changelog (for automating them). ================================================================ ---- CVS-web: http://cvs.pld-linux.org/SPECS/logcheck.spec?r1=1.29&r2=1.30&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
