Compare commits
No commits in common. 'c8' and 'c9' have entirely different histories.
@ -1 +1 @@
|
||||
SOURCES/logwatch-7.4.3.tar.gz
|
||||
SOURCES/logwatch-7.5.5.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
8a4c3889c478e27a62488a9f1619d938016faf4d SOURCES/logwatch-7.4.3.tar.gz
|
||||
f4e8ed4f846758be78b3d55791a867d70a197226 SOURCES/logwatch-7.5.5.tar.gz
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
--- a/scripts/services/audit 2022/01/22 17:22:03
|
||||
+++ b/scripts/services/audit 2022/01/22 17:35:34
|
||||
@@ -134,10 +134,13 @@
|
||||
( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): table=/) or
|
||||
( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
|
||||
( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/) or
|
||||
- ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ )
|
||||
+ ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ ) or
|
||||
+ ( $ThisLine =~ /No plugins found, not dispatching events/ )
|
||||
) {
|
||||
# Ignore these entries
|
||||
- } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
|
||||
+ } elsif (( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/ ) or
|
||||
+ ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): state=initialized / )
|
||||
+ ) {
|
||||
$NumberOfInits++;
|
||||
} elsif ( $ThisLine =~ /Init complete, audit pid set to: [0-9]+/) {
|
||||
$NumberOfDStartsPid++;
|
||||
|
||||
@ -0,0 +1,14 @@
|
||||
diff --git a/scripts/services/cron b/scripts/services/cron
|
||||
index 869b515..45b857f 100644
|
||||
--- a/scripts/services/cron
|
||||
+++ b/scripts/services/cron
|
||||
@@ -63,6 +63,9 @@ while (defined($ThisLine = <STDIN>)) {
|
||||
if ($ThisLine =~ s/^CMD \((.+)\)\s*$/$1/) {
|
||||
$Runs->{$User}->{$ThisLine}++;
|
||||
$ExecutedCommand{$PID} = {command=>$ThisLine, user=>$User};
|
||||
+ } elsif ($ThisLine =~ /^CMDEND/) {
|
||||
+ # Ignore - already counted above
|
||||
+ next;
|
||||
} elsif ($ThisLine =~ s/^CMD FINISH \((.+)\)\s*$/$1/) {
|
||||
$Runs->{$User}->{$ThisLine}++;
|
||||
} elsif ($ThisLine =~ s/^(END|CMD START) \((.+)\)\s*$/$1/) {
|
||||
@ -1,11 +0,0 @@
|
||||
--- a/conf/services/secure.conf 2016-03-30 23:32:33.000000000 +0200
|
||||
+++ b/conf/services/secure.conf 2023-06-27 19:42:42.296713366 +0200
|
||||
@@ -24,7 +24,7 @@
|
||||
# Use this to ignore certain services in the secure log.
|
||||
# You can ignore as many services as you would like.
|
||||
# (we ignore sshd because its entries are processed by the sshd script)
|
||||
-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
|
||||
+$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd sudo
|
||||
|
||||
# For these services, summarize only (i.e. don't least each IP, just
|
||||
# list the number of connections total)
|
||||
@ -1,13 +0,0 @@
|
||||
--- a/scripts/services/fail2ban
|
||||
+++ b/scripts/services/fail2ban
|
||||
@@ -91,7 +91,8 @@
|
||||
($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
|
||||
($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
|
||||
($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
|
||||
- ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/)
|
||||
+ ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/) or
|
||||
+ ($ThisLine =~ /: Server ready$/)
|
||||
)
|
||||
{
|
||||
if ( $Debug >= 6 ) {
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
diff --git a/scripts/services/dovecot b/scripts/services/dovecot
|
||||
index 95fc6e9..c9fccbc 100755
|
||||
--- a/scripts/services/dovecot
|
||||
+++ b/scripts/services/dovecot
|
||||
@@ -186,7 +186,7 @@ while (defined($ThisLine = <STDIN>)) {
|
||||
$Deliver{$User}{$Mailbox}++;
|
||||
|
||||
# For Sieve-based delivery
|
||||
- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
|
||||
+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\)(?:<[^>]+><[^>]+>)?: sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
|
||||
$Deliver{$User}{$Mailbox}++;
|
||||
|
||||
# LMTP-based delivery
|
||||
@ -1,20 +0,0 @@
|
||||
--- a/scripts/services/sshd 2022/01/20 15:28:35 1.1
|
||||
+++ b/scripts/services/sshd 2022/01/20 15:32:01
|
||||
@@ -1,3 +1,5 @@
|
||||
+#!/usr/bin/env perl
|
||||
+
|
||||
##########################################################################
|
||||
# $Id$
|
||||
##########################################################################
|
||||
@@ -376,6 +378,11 @@
|
||||
print STDERR "DEBUG: Found -Failed login- line\n";
|
||||
}
|
||||
$BadLogins{$Host}{"$User/$Method"}++;
|
||||
+ } elsif ( my ($User,$Host) = ( $ThisLine =~ m/^Disconnected from authenticating user (\S+) (\S+) / ) ) {
|
||||
+ if ( $Debug >= 5 ) {
|
||||
+ print STDERR "DEBUG: Found -Disconnected Failed login- line\n";
|
||||
+ }
|
||||
+ $BadLogins{$Host}{$User}++;
|
||||
} elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^ ]*).*$/$2/) {
|
||||
$NoRevMap{$ThisLine}++;
|
||||
} elsif ( my ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for (\S+( \[\S+\])?) failed - POSSIBLE BREAK-IN ATTEMPT!/)) {
|
||||
@ -1,95 +0,0 @@
|
||||
commit 23e714ad43285d59c5b5852ef2c6013593d64671
|
||||
Author: bjorn <bjorn1@users.sourceforge.net>
|
||||
Date: Sun May 15 13:49:08 2016 -0700
|
||||
|
||||
[journalctl] Added shared script contributed by Mark Grimes.
|
||||
|
||||
diff --git a/scripts/shared/journalctl b/scripts/shared/journalctl
|
||||
new file mode 100755
|
||||
index 0000000..1627fd4
|
||||
--- /dev/null
|
||||
+++ b/scripts/shared/journalctl
|
||||
@@ -0,0 +1,83 @@
|
||||
+#!/usr/bin/perl
|
||||
+#
|
||||
+# The purpose of this script is to pass the output of the journalctl
|
||||
+# command to the logwatch parsers. The corresponding conf/logfile
|
||||
+# can be simple. The following example shows a logfile with two lines:
|
||||
+# LogFile = /dev/null
|
||||
+# *JournalCtl = "--output=cat --unit=service_name.service"
|
||||
+#
|
||||
+# In the example above, the arguments to the JournalCtl command are
|
||||
+# passed to the journalctl system command. It is advised to delimit
|
||||
+# the arguments in double quotes to preserve mixed case, if
|
||||
+# applicable.
|
||||
+
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+
|
||||
+eval "use Date::Manip";
|
||||
+my $hasDM = $@ ? 0 : 1;
|
||||
+
|
||||
+# logwatch passes arguments as one string delimited by single quotes
|
||||
+my @args = split(" ", $ARGV[0]);
|
||||
+my @range = get_range( $ENV{LOGWATCH_DATE_RANGE} );
|
||||
+
|
||||
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
|
||||
+
|
||||
+if ($Debug > 5) {
|
||||
+ warn join " ", 'journalctl', @args, @range, "\n";
|
||||
+}
|
||||
+
|
||||
+system( 'journalctl', @args, @range );
|
||||
+
|
||||
+sub get_range {
|
||||
+ my $range = lc( shift || 'all' );
|
||||
+ my @range;
|
||||
+
|
||||
+ if ( !$range || $range eq 'all' ) {
|
||||
+ @range = ();
|
||||
+ } elsif ( $range eq 'yesterday' ) {
|
||||
+ push @range, '--since', 'yesterday', '--until', 'today';
|
||||
+ } elsif ( $range eq 'today' ) {
|
||||
+ push @range, '--since', 'today', '--until', 'tomorrow';
|
||||
+ } elsif ($hasDM) {
|
||||
+
|
||||
+ # Strip off any period
|
||||
+ $range =~
|
||||
+ s/for\s+(?:those|that|this)\s+((year|month|day|hour|minute|second)s?)\s*$//;
|
||||
+
|
||||
+ # Look for between x and y
|
||||
+ my ( $range1, $range2 ) =
|
||||
+ ( $range =~ /^between\s+(.*)\s+and\s+(.*)\s*$/ );
|
||||
+
|
||||
+ # Look for since x
|
||||
+ if ( $range =~ /^\s*since\s+/ ) {
|
||||
+ ($range1) = ( $range =~ /\s*since\s+(.*)/ );
|
||||
+ $range2 = "now";
|
||||
+ }
|
||||
+
|
||||
+ # Now convert to journalctl friendly dates
|
||||
+ if ( $range1 && $range2 ) {
|
||||
+
|
||||
+ # Parse dates
|
||||
+ my $date1 = ParseDate($range1);
|
||||
+ my $date2 = ParseDate($range2);
|
||||
+
|
||||
+ # Switch if date2 is before date1
|
||||
+ if ( $date1 && $date2 and Date_Cmp( $date1, $date2 ) > 0 ) {
|
||||
+ my $switch_date = $date1;
|
||||
+ $date1 = $date2;
|
||||
+ $date2 = $switch_date;
|
||||
+ }
|
||||
+
|
||||
+ # If we ask for 1/1 to 1/2, we mean 1/2 inclusive. DM returns
|
||||
+ # 1/2 00:00:00. So we add 1 day to the end time.
|
||||
+ $date2 = DateCalc( $date2, '1 day' );
|
||||
+
|
||||
+ my $fmt = "%Y-%m-%d %H:%M:%S";
|
||||
+ push @range, '--since', UnixDate( $date1, $fmt ), '--until',
|
||||
+ UnixDate( $date2, $fmt );
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return @range;
|
||||
+}
|
||||
@ -1,38 +0,0 @@
|
||||
commit ed6eb62f40cb97f71f3df4d982682de68cdf1037
|
||||
Author: Stefan Jakobs <projects@localside.net>
|
||||
Date: Tue May 31 23:34:11 2016 +0200
|
||||
|
||||
support journald as source
|
||||
|
||||
diff --git a/scripts/services/syslog-ng b/scripts/services/syslog-ng
|
||||
old mode 100755
|
||||
new mode 100644
|
||||
index dcd1692..d78c835
|
||||
--- a/scripts/services/syslog-ng
|
||||
+++ b/scripts/services/syslog-ng
|
||||
@@ -1,5 +1,5 @@
|
||||
###########################################################################
|
||||
-# $Id$
|
||||
+# $Id: syslog-ng 280 2014-12-24 15:29:13Z stefjakobs $
|
||||
###########################################################################
|
||||
|
||||
###########################################################################
|
||||
@@ -168,7 +168,7 @@ while (defined($ThisLine = <STDIN>)) {
|
||||
$Stats_dest{$processed[$i+1]} =
|
||||
$Stats_dest{$processed[$i+1]} + $processed[$i+2];
|
||||
} elsif ($processed[$i] eq "source" || $processed[$i] eq "src.internal" ||
|
||||
- $processed[$i] eq 'src.none' ) {
|
||||
+ $processed[$i] eq 'src.none' || $processed[$i] eq 'src.journald') {
|
||||
$Stats_source{$processed[$i+1]} =
|
||||
$Stats_source{$processed[$i+1]} + $processed[$i+2];
|
||||
} elsif ($processed[$i] eq "global") {
|
||||
@@ -366,7 +366,8 @@ if (keys %Stats_center || keys %Stats_dest || keys %Stats_source ||
|
||||
$lost_rcvd = 0 - $Stats_center{received};
|
||||
map {
|
||||
# skip 'src#X' as this seams to be aggregated into 'src'
|
||||
- $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /src#\d+/);
|
||||
+ # skip 'journal' as this is not counted.
|
||||
+ $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /(?:src#\d+|journal)/);
|
||||
} keys %Stats_source;
|
||||
}
|
||||
if ($Stats_center{queued} && %Stats_dest) {
|
||||
@ -1,74 +0,0 @@
|
||||
Add '--no-oldfiles-log' option that suppresses a warning about old files in the
|
||||
logwatch temporary directory.
|
||||
|
||||
Author: Ivana Varekova <varekova@redhat.com>
|
||||
RH-Bugzilla: #230974
|
||||
Backported-By: Jan Synacek <jsynacek@redhat.com>
|
||||
|
||||
--- logwatch-svn198/logwatch.8 2014-01-26 13:46:02.000000000 +0100
|
||||
+++ logwatch-svn198/logwatch.8 2014-07-04 10:03:26.870415276 +0200
|
||||
@@ -35,7 +35,7 @@
|
||||
.I report format
|
||||
.B ] [--encode
|
||||
.I encoding to use
|
||||
-.B ] [--numeric] [--version] [--help|--usage]
|
||||
+.B ] [--numeric] [--no-oldfiles-log] [--version] [--help|--usage]
|
||||
.SH DESCRIPTION
|
||||
.B Logwatch
|
||||
is a customizable, pluggable log-monitoring system. It will go
|
||||
@@ -111,6 +111,9 @@
|
||||
Number of characters that html output should be wrapped to. Default is 80.
|
||||
.IP "\fB--numeric\fR"
|
||||
Inhibits additional name lookups, displaying IP addresses numerically.
|
||||
+.IP "\fB--no-oldfiles-log\fR"
|
||||
+Suppress the logwatch log, which informs about the
|
||||
+old files in logwatch tmpdir.
|
||||
.IP "\fB--usage\fR"
|
||||
Displays usage information
|
||||
.IP "\fB--help\fR"
|
||||
--- logwatch-svn198/scripts/logwatch.pl 2014-07-04 10:02:23.930302006 +0200
|
||||
+++ logwatch-svn198/scripts/logwatch.pl 2014-07-04 10:05:01.588585717 +0200
|
||||
@@ -187,6 +187,7 @@
|
||||
my @TempServiceList = ();
|
||||
my $Help = 0;
|
||||
my $ShowVersion = 0;
|
||||
+my $NoOldfilesLog = 0;
|
||||
my ($tmp_mailto, $tmp_savefile);
|
||||
|
||||
&GetOptions ("d|detail=s" => \$Config{'detail'},
|
||||
@@ -209,6 +210,7 @@
|
||||
"hostformat=s" => \$Config{'hostformat'},
|
||||
"hostlimit=s" => \$Config{'hostlimit'},
|
||||
"html_wrap=s" => \$Config{'html_wrap'},
|
||||
+ "no-oldfiles-log" => \$NoOldfilesLog,
|
||||
"subject=s" => \$Config{'subject'}
|
||||
) or &Usage();
|
||||
|
||||
@@ -632,7 +634,7 @@
|
||||
opendir(TMPDIR, $Config{'tmpdir'}) or die "$Config{'tmpdir'} $!";
|
||||
my @old_dirs = grep { /^logwatch\.\w{8}$/ && -d "$Config{'tmpdir'}/$_" }
|
||||
readdir(TMPDIR);
|
||||
-if (@old_dirs) {
|
||||
+if ((@old_dirs) && ($NoOldfilesLog==0)) {
|
||||
print "You have old files in your logwatch tmpdir ($Config{'tmpdir'}):\n\t";
|
||||
print join("\n\t", @old_dirs);
|
||||
print "\nThe directories listed above were most likely created by a\n";
|
||||
@@ -1085,7 +1087,7 @@
|
||||
sub Usage () {
|
||||
# Show usage for this program
|
||||
print "\nUsage: $0 [--detail <level>] [--logfile <name>] [--output <output_type>]\n" .
|
||||
- " [--format <format_type>] [--encode <enconding>] [--numeric]\n" .
|
||||
+ " [--format <format_type>] [--encode <enconding>] [--numeric] [--no-oldfiles-log]\n" .
|
||||
" [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]\n" .
|
||||
" [--filename <filename>] [--help|--usage] [--version] [--service <name>]\n" .
|
||||
" [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]\n\n";
|
||||
@@ -1096,6 +1098,8 @@
|
||||
print "--output <output type>: Report Output - stdout [default], mail, file.\n"; #8.0
|
||||
print "--format <formatting>: Report Format - text [default], html.\n"; #8.0
|
||||
print "--encode <encoding>: Enconding to use - none [default], base64.\n"; #8.0
|
||||
+ print "--no-oldfiles-log: Suppress the logwatch log, which informs about the\n";
|
||||
+ print " old files in logwatch tmpdir.\n";
|
||||
print "--mailto <addr>: Mail report to <addr>.\n";
|
||||
print "--archives: Use archived log files too.\n";
|
||||
print "--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].\n";
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
===================================================================
|
||||
RCS file: /usr/share/logwatch/scripts/services/RCS/pam_unix,v
|
||||
retrieving revision 1.1
|
||||
diff -u -r1.1 /usr/share/logwatch/scripts/services/pam_unix
|
||||
--- a/scripts/services/pam_unix 2022/01/20 14:21:24 1.1
|
||||
+++ b/scripts/services/pam_unix 2022/01/20 14:22:35
|
||||
@@ -340,6 +340,12 @@
|
||||
} else {
|
||||
$data{$service}{'Unknown Entries'}{$line}++;
|
||||
}
|
||||
+ } elsif ($service eq 'systemd-user') {
|
||||
+ if ($line =~ /session (?:opened|closed) for user /) {
|
||||
+ # ignore this line
|
||||
+ } else {
|
||||
+ $data{$service}{'Unknown Entries'}{$line}++;
|
||||
+ }
|
||||
} else {
|
||||
$data{$service}{'Unknown Entries'}{$line}++;
|
||||
}
|
||||
|
||||
@ -1,49 +0,0 @@
|
||||
From eb8c0256997b8d7f2cccdd37ab78674fe9c769c1 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Tue, 10 May 2016 13:34:05 +0200
|
||||
Subject: [PATCH] postfix: fix column alignment in output
|
||||
|
||||
Some sections are clearly longer than 23 chars, which might result in a
|
||||
misaligned output:
|
||||
|
||||
3602 Connections 3,602
|
||||
82 Connections lost (inbound) 82
|
||||
3602 Disconnections 3,602
|
||||
|
||||
12 Timeouts (inbound) 12
|
||||
16 DNS lookup errors 16
|
||||
46 Hostname verification errors (FCRDNS) 46
|
||||
49 SMTP protocol violations 49
|
||||
2154 TLS connections (server) 2,154
|
||||
|
||||
Align to 39 chars now, which is currently the length of the longest
|
||||
description in the output table plus one.
|
||||
---
|
||||
scripts/services/postfix | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/scripts/services/postfix b/scripts/services/postfix
|
||||
index 9f8e07f..ddd5968 100755
|
||||
--- a/scripts/services/postfix
|
||||
+++ b/scripts/services/postfix
|
||||
@@ -1360,7 +1360,7 @@ sub print_summary_report (\@) {
|
||||
my ($numfmt, $desc, $divisor) = ($sref->{FMT}, $sref->{TITLE}, $sref->{DIVISOR});
|
||||
|
||||
my $fmt = '%8';
|
||||
- my $extra = ' %25s';
|
||||
+ my $extra = ' %9s';
|
||||
my $total = $Totals{$keyname};
|
||||
|
||||
# Z format provides unitized or unaltered totals, as appropriate
|
||||
@@ -1383,7 +1383,7 @@ sub print_summary_report (\@) {
|
||||
}
|
||||
else {
|
||||
push @{$lines[$cur_level]},
|
||||
- sprintf "$fmt %-23s $extra\n", $total, $desc, commify ($Totals{$keyname});
|
||||
+ sprintf "$fmt %-39s $extra\n", $total, $desc, commify ($Totals{$keyname});
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
Fix misparsing of userhelper log entries for hddtemp that specify a device
|
||||
using a name that includes a slash (e.g. '/usr/sbin/hddtemp -n -q /dev/sda').
|
||||
Additional slashes after the process name confuse logwatch as it considers the
|
||||
last word behind the last slash the process' name.
|
||||
|
||||
Author: Jan Synacek <jsynacek@redhat.com>
|
||||
RH-Bugzilla: #867290
|
||||
|
||||
--- logwatch-svn110/scripts/services/secure.orig 2012-10-18 11:13:33.000000000 +0200
|
||||
+++ logwatch-svn110/scripts/services/secure 2012-10-18 11:31:08.987571713 +0200
|
||||
@@ -843,8 +843,13 @@ if (keys %Executed_app) {
|
||||
print "\nUserhelper executed applications:\n";
|
||||
foreach (keys %Executed_app) {
|
||||
($longapp,$asuser,$user) = split ",";
|
||||
+ $longapp_orig = $longapp;
|
||||
+ $i = index($longapp, " ");
|
||||
+ if ($i > 0) {
|
||||
+ $longapp = substr($longapp, 0, $i);
|
||||
+ }
|
||||
$app = substr($longapp,rindex($longapp,"/")+1);
|
||||
- print " $user -> $app as $asuser: ".$Executed_app{"$longapp,$asuser,$user"}." Time(s)\n";
|
||||
+ print " $user -> $app as $asuser: ".$Executed_app{"$longapp_orig,$asuser,$user"}." Time(s)\n";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
Resolves: #1317620
|
||||
|
||||
--- logwatch-7.4.3/scripts/services/sshd 2017-08-29 09:16:47.087028191 +0200
|
||||
+++ logwatch-7.4.3-new/scripts/services/sshd 2017-08-29 09:19:37.372081596 +0200
|
||||
@@ -297,7 +297,9 @@ while (defined(my $ThisLine = <STDIN>))
|
||||
($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
|
||||
($ThisLine =~ /Found matching \w+ key:/ ) or
|
||||
($ThisLine =~ /User child is on pid \d/ ) or
|
||||
- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
|
||||
+ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or
|
||||
+ ($ThisLine =~ /Exiting on signal .*$/) or
|
||||
+ ($ThisLine =~ /Disconnected from (?:[^ ]*) port .*$/)
|
||||
) {
|
||||
# Ignore these
|
||||
} elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {
|
||||
@@ -387,7 +389,9 @@ while (defined(my $ThisLine = <STDIN>))
|
||||
$RefusedConnections{$1}++;
|
||||
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
|
||||
$RefusedAuthentication{$Reason}++;
|
||||
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
|
||||
+ # Old format: Received disconnect from 192.168.122.1: 11: disconnected by user
|
||||
+ # New format: Received disconnect from 192.168.122.1 port 43680:11: disconnected by user
|
||||
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*)(?: port \d+)?: ?(.*)$/)) {
|
||||
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
|
||||
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
|
||||
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {
|
||||
@ -1,26 +0,0 @@
|
||||
From 256829aeb864a25a3542aaacfb2a7ff62b77e7f4 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Tue, 15 Mar 2016 10:29:17 +0100
|
||||
Subject: [PATCH] sshd: fix unmatched entries because of the output change in
|
||||
openssh-7.2p2
|
||||
|
||||
---
|
||||
scripts/services/sshd | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scripts/services/sshd b/scripts/services/sshd
|
||||
index e238863..b94ea5a 100755
|
||||
--- a/scripts/services/sshd
|
||||
+++ b/scripts/services/sshd
|
||||
@@ -387,7 +387,7 @@ while (defined(my $ThisLine = <STDIN>)) {
|
||||
$RefusedConnections{$1}++;
|
||||
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
|
||||
$RefusedAuthentication{$Reason}++;
|
||||
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) {
|
||||
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
|
||||
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
|
||||
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
|
||||
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {
|
||||
--
|
||||
2.7.2
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
Correctly apply time filter when parsing vsftpd log messages.
|
||||
|
||||
Author: Ivana Varekova <varekova@redhat.com>
|
||||
RH-Bugzilla: #217226
|
||||
|
||||
--- logwatch-7.3.1/scripts/logwatch.pl.pom 2006-09-16 06:04:14.000000000 +0200
|
||||
+++ logwatch-7.3.1/scripts/logwatch.pl 2006-11-29 13:16:22.000000000 +0100
|
||||
@@ -917,11 +917,16 @@
|
||||
my $FilterText = " ";
|
||||
foreach (sort keys %{$LogFileData{$LogFile}}) {
|
||||
my $cmd = $_;
|
||||
+
|
||||
if ($cmd =~ s/^\d+-\*//) {
|
||||
if (-f "$ConfigDir/scripts/shared/$cmd") {
|
||||
$FilterText .= ("| $PerlVersion $ConfigDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
|
||||
} elsif (-f "$BaseDir/scripts/shared/$cmd") {
|
||||
- $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
|
||||
+ if ($LogFile =~ /^vsftpd$/ ) {
|
||||
+ $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/applyvsftpddate '$LogFileData{$LogFile}{$_}'" );
|
||||
+ } else {
|
||||
+ $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
|
||||
+ }
|
||||
} else {
|
||||
die "Cannot find shared script $cmd\n";
|
||||
}
|
||||
--- logwatch-7.3.1/scripts/shared/applyvsftpddate.pom 2006-11-29 13:13:28.000000000 +0100
|
||||
+++ logwatch-7.3.1/scripts/shared/applyvsftpddate 2006-11-29 13:10:26.000000000 +0100
|
||||
@@ -0,0 +1,34 @@
|
||||
+##########################################################################
|
||||
+# $Id: applystddate,v 1.18 2005/10/22 00:19:56 bjorn Exp $
|
||||
+##########################################################################
|
||||
+
|
||||
+########################################################
|
||||
+# This was written and is maintained by:
|
||||
+# Kirk Bauer <kirk@kaybee.org>
|
||||
+#
|
||||
+# Please send all comments, suggestions, bug reports,
|
||||
+# etc, to logwatch-devel@logwatch.org
|
||||
+########################################################
|
||||
+
|
||||
+use Logwatch ':dates';
|
||||
+
|
||||
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
|
||||
+
|
||||
+$SearchDate = TimeFilter('%b %e %H:%M:%S 20%y');
|
||||
+
|
||||
+# The date might be "Dec 09", but it needs to be "Dec 9"...
|
||||
+#$SearchDate =~ s/ 0/ /;
|
||||
+# The format of Fri Nov 29 20:59:09 2005
|
||||
+
|
||||
+if ( $Debug > 5 ) {
|
||||
+ print STDERR "DEBUG: Inside ApplyStdDate...\n";
|
||||
+ print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
|
||||
+}
|
||||
+
|
||||
+while (defined($ThisLine = <STDIN>)) {
|
||||
+ if ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate/o) {
|
||||
+ print "$ThisLine";
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+# vi: shiftwidth=3 syntax=perl tabstop=3 et
|
||||
@ -1,13 +0,0 @@
|
||||
--- a/scripts/services/secure
|
||||
+++ b/scripts/services/secure
|
||||
@@ -273,6 +273,9 @@
|
||||
( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
|
||||
( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
|
||||
( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
|
||||
+ ( $ThisLine =~ /polkitd.*Acquired the name .* on the system bus/) or
|
||||
+ ( $ThisLine =~ /polkitd.*Finished loading, compiling/) or
|
||||
+ ( $ThisLine =~ /polkitd.*Loading rules from directory /) or
|
||||
( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
|
||||
( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
|
||||
( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
--- a/scripts/services/kernel
|
||||
+++ b/scripts/services/kernel
|
||||
@@ -135,6 +135,7 @@
|
||||
$SkipError = 1 if $ThisLine =~ /ERST: Error Record Serialization Table \(ERST\) support is initialized/;
|
||||
$SkipError = 1 if $ThisLine =~ /GHES: Generic hardware error source: \d+ notified via .* is not supported/;
|
||||
$SkipError = 1 if $ThisLine =~ /PCIe errors handled by (?:BIOS|OS)/;
|
||||
+ $SkipError = 1 if $ThisLine =~ /RAS: Correctable Errors collector initialized\.$/;
|
||||
# These happen when kerberos tickets expire, which can be normal
|
||||
$SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired;
|
||||
# filter out mount options
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
--- a/scripts/services/sendmail
|
||||
+++ b/scripts/services/sendmail
|
||||
@@ -388,7 +388,7 @@
|
||||
}
|
||||
|
||||
# QueueID formats: in 8.11 it was \w{7}\d{5}, in 8.12+ it is \w{8}\d{6}
|
||||
-my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)";
|
||||
+my $QueueIDFormat = "(?:\\w{7,9}\\d{5,6}|NOQUEUE)";
|
||||
|
||||
# ENOENT refers to "no such file or directory"
|
||||
my $ENOENT = Errno::ENOENT();
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
--- a/scripts/services/sshd
|
||||
+++ b/scripts/services/sshd
|
||||
@@ -566,7 +566,8 @@
|
||||
|
||||
if (keys %BadLogins) {
|
||||
print "\nFailed logins from:\n";
|
||||
- foreach my $ip (sort SortIP keys %BadLogins) {
|
||||
+ my $totalSort = TotalCountOrder(%BadLogins, \&SortIP);
|
||||
+ foreach my $ip (sort $totalSort keys %BadLogins) {
|
||||
my $name = LookupIP($ip);
|
||||
my $totcount = 0;
|
||||
foreach my $user (keys %{$BadLogins{$ip}}) {
|
||||
@@ -587,7 +588,8 @@
|
||||
|
||||
if (keys %IllegalUsers) {
|
||||
print "\nIllegal users from:\n";
|
||||
- foreach my $ip (sort SortIP keys %IllegalUsers) {
|
||||
+ my $totalSort = TotalCountOrder(%IllegalUsers, \&SortIP);
|
||||
+ foreach my $ip (sort $totalSort keys %IllegalUsers) {
|
||||
my $name = LookupIP($ip);
|
||||
my $totcount = 0;
|
||||
foreach my $user (keys %{$IllegalUsers{$ip}}) {
|
||||
|
||||
@ -0,0 +1,13 @@
|
||||
diff --git a/scripts/services/systemd b/scripts/services/systemd
|
||||
index f1da2ac..44cc7a9 100644
|
||||
--- a/scripts/services/systemd
|
||||
+++ b/scripts/services/systemd
|
||||
@@ -70,7 +70,7 @@ while (defined(my $ThisLine = <STDIN>)) {
|
||||
# crond will never restart process when it is restarted
|
||||
$ThisLine =~ /^crond\.service: Found left-over process \d+ \(.*\) in control group while starting unit\. Ignoring\.$/ or
|
||||
$ThisLine =~ /^Received SIGINT\./ or
|
||||
- $ThisLine =~ /^Deactivated / or
|
||||
+ $ThisLine =~ /: Deactivated / or
|
||||
$ThisLine =~ /^Detected (architecture|virtualization) / or
|
||||
$ThisLine =~ /^Found device / or
|
||||
$ThisLine =~ /Got automount request for \/proc\// or
|
||||
@ -1,31 +0,0 @@
|
||||
--- a/scripts/services/systemd 2022/01/20 16:00:56 1.1
|
||||
+++ b/scripts/services/systemd 2022/01/20 16:14:16
|
||||
@@ -42,7 +42,7 @@
|
||||
$ThisLine =~ / failed\.$/ or
|
||||
$ThisLine =~ /: (control|main) process exited, code=(exited|killed),? status=/ or
|
||||
# Informational
|
||||
- $ThisLine =~ /^Closed .* socket\.$/ or
|
||||
+ $ThisLine =~ /^Closed .* [Ss]ocket\.$/ or
|
||||
$ThisLine =~ /^Closed udev / or
|
||||
$ThisLine =~ /^Detected (architecture|virtualization) / or
|
||||
$ThisLine =~ /^Found device / or
|
||||
@@ -76,11 +76,17 @@
|
||||
$ThisLine =~ /^Configuration file \/usr\/lib\/systemd\/system\/wpa_supplicant\.service is marked executable/ or
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1306452
|
||||
$ThisLine =~ /^tmp\.mount: Directory \/tmp to mount over is not empty, mounting anyway\.$/ or
|
||||
- $ThisLine =~ /^Received SIGRTMIN\+2[01] from PID \d+ \(plymouthd\)\.$/ or
|
||||
+ $ThisLine =~ /^Received SIGRTMIN\+2[01] from PID \d+ \((?:plymouthd|n\/a)\)\.$/ or
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1072368
|
||||
$ThisLine =~ /^Received SIGRTMIN\+24 from PID \d+ \(kill\)\.$/ or
|
||||
$ThisLine =~ /^Removed slice / or
|
||||
- $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/
|
||||
+ $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/ or
|
||||
+ # Ex: user-runtime-dir@1001.service: Succeeded.
|
||||
+ $ThisLine =~ /: Succeeded\.$/ or
|
||||
+ # Ex: Reloading Fail2Ban Service.
|
||||
+ $ThisLine =~ /^Reloading .*\.$/ or
|
||||
+ # Ex: Set up automount Arbitrary Executable File Formats File System Automount Point.
|
||||
+ $ThisLine =~ /^Set up .*\.$/
|
||||
) {
|
||||
# Ignore these
|
||||
} elsif (my ($service) = ($ThisLine =~ /^Unit (.*) entered failed state\.$/)) {
|
||||
Loading…
Reference in new issue