[logwatch] Add secure-update patch (rhbz#809314)
jsynacek
jsynacek at fedoraproject.org
Thu May 3 13:03:06 UTC 2012
commit e3fbb90c39a1a481d9d4e7f086a3bd1037472695
Author: Jan Synacek <jsynacek at redhat.com>
Date: Thu May 3 10:57:44 2012 +0200
Add secure-update patch (rhbz#809314)
logwatch-secure-update.patch | 59 ++++++++++++++++++++++++++++++++++++++++++
logwatch.spec | 4 +++
2 files changed, 63 insertions(+), 0 deletions(-)
---
diff --git a/logwatch-secure-update.patch b/logwatch-secure-update.patch
new file mode 100644
index 0000000..bf3d990
--- /dev/null
+++ b/logwatch-secure-update.patch
@@ -0,0 +1,59 @@
+--- scripts/services/secure.orig 2012-04-27 10:13:45.400513896 +0200
++++ scripts/services/secure 2012-05-03 10:46:17.000000000 +0200
+@@ -210,6 +210,7 @@ while (defined($ThisLine = <STDIN>)) {
+ ( $ThisLine =~ /^pam_xauth\[\d+\]: call_xauth: child returned \d/) or
+ ( $ThisLine =~ /^su\[\d+\]: pam_authenticate: Authentication failure/) or
+ ( $ThisLine =~ /^passwd\[\d+\]:/) or
++ ( $ThisLine =~ /^passwd: gkr-pam: .*/) or
+ ( $ThisLine =~ /^reboot:/) or
+ ( $ThisLine =~ /^sudo:/) or
+ ( $ThisLine =~ /^su: pam_unix2: session (started|finished) for user [^ ]+, service [^ ]+/) or
+@@ -262,7 +263,10 @@ while (defined($ThisLine = <STDIN>)) {
+ ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
+ ( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
+ ( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages
+- ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/)
++ ( $ThisLine =~ /gdm-session-worker\[\d+\]: pam_namespace\(gdm:session\): Unmount of [^ ]* failed, Device or resource busy/) or
++ ( $ThisLine =~ /pkexec: pam_systemd(.*): /) or
++ ( $ThisLine =~ /pkexec: \S+: Executing command /) or
++ ( $ThisLine =~ /su: pam_systemd(.*): Failed to parse message: /)
+ ) {
+ # Ignore these entries
+ } elsif ($ThisLine =~ /^spop3d/ || $ThisLine =~ /^pop\(\w+\)\[\d+\]:/) {
+@@ -378,9 +382,11 @@ while (defined($ThisLine = <STDIN>)) {
+ $UserLogin{$User}++;
+ } elsif ( $ThisLine =~ s/^userdel\[\d+\]: delete user `(.+)'/$1/ ) {
+ $DeletedUsers .= " $ThisLine\n";
++ } elsif ( $ThisLine =~ s/^userdel: delete user '(.+)'/$1/ ) {
++ $DeletedUsers .= " $ThisLine\n";
+ } elsif ( $ThisLine =~ s/^(?:useradd|adduser)\[\d+\]: new user: name=(.+), (?:uid|UID)=(\d+).*$/$1 ($2)/ ) {
+ $NewUsers .= " $ThisLine\n";
+- } elsif ( $ThisLine =~ s/^userdel\[\d+\]: remove(?:d)? group `(\S+)'( owned by \S+)?/$1/ ) {
++ } elsif ( $ThisLine =~ s/^userdel(?:\[\d+\])?: remove(?:d)? group [`'](\S+)'( owned by \S+)?/$1/ ) {
+ $DeletedGroups .= " $ThisLine\n";
+ } elsif ( $ThisLine =~ s/^groupdel\[\d+\]: remove group `(.+)'/$1/ ) {
+ $DeletedGroups .= " $ThisLine\n";
+@@ -421,6 +427,9 @@ while (defined($ThisLine = <STDIN>)) {
+ $XauthMessage{$Message}++;
+ } elsif ( ($Group,$NewName) = ($ThisLine =~ /^groupmod\[\d+\]: change group `(.*)' to `(.*)'/)) {
+ $GroupRenamed{"$Group -> $NewName"}++;
++ # } elsif ( ($Group) = ($ThisLine =~ /^groupmod: group changed in \/etc\/group (.*)'/)) {
++ } elsif ( ($Group) = $ThisLine =~ /^groupmod: group changed in \/etc\/group \(group (\S+)\):.*/) {
++ $GroupChanged{"$Group"}++;
+ } elsif ( ($User,$Home,$NewHome) = ($ThisLine =~ /^usermod\[\d+\]: change user `(.*)' home from `(.*)' to `(.*)'/)) {
+ $HomeChange{$User}{"$Home -> $NewHome"}++;
+ } elsif ( ($User,$From,$To) = ($ThisLine =~ /^usermod\[\d+\]:change user `(.*)' UID from `(.*)' to `(.*)'/)) {
+@@ -548,6 +557,13 @@ if (keys %GroupRenamed) {
+ print " $Group\n";
+ }
+ }
++
++if (keys %GroupChanged) {
++ print "Changed groups:\n";
++ foreach $Group (sort {$a cmp $b} keys %GroupChanged) {
++ print " $Group\n";
++ }
++}
+
+ if (keys %AddToGroup) {
+ print "\nAdded User to group:\n";
diff --git a/logwatch.spec b/logwatch.spec
index ef75709..899e00b 100644
--- a/logwatch.spec
+++ b/logwatch.spec
@@ -27,6 +27,8 @@ Patch7: logwatch-dovecot.patch
Patch8: logwatch-sshd.patch
Patch10: logwatch-secure-grammar.patch
Patch11: logwatch-dovecot-proxy.patch
+# not yet in upstream
+Patch12: logwatch-secure-update.patch
Requires: textutils sh-utils grep mailx
Requires: perl(Date::Manip)
BuildArchitectures: noarch
@@ -50,6 +52,7 @@ of the package on many systems.
%patch8 -p1
%patch10 -p1
%patch11 -p0
+%patch12 -p0
rm -f scripts/services/*.orig
%build
@@ -143,6 +146,7 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%changelog
* Fri Apr 27 2012 Jan Synáček <jsynacek at redhat.com> - 7.4.0-11.20120425svn100
- Add dovecot-proxy patch (rhbz#812883)
+- Add secure-update patch (rhbz#809314)
* Wed Apr 25 2012 Jan Synáček <jsynacek at redhat.com> - 7.4.0-10.20120425svn100
- Update to revision 100
More information about the scm-commits
mailing list