[logwatch] Add pam_unix patch (rhbz#836183, rhbz#846725)

Thu Sep 27 12:02:47 UTC 2012

commit d8a18a9f5bb0944c19fd6d68cb789bff65800b38
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Thu Sep 27 14:01:01 2012 +0200

    Add pam_unix patch (rhbz#836183, rhbz#846725)

 logwatch-pam_unix.patch |   22 ++++++++++++++++++++++
 logwatch.spec           |    4 ++++
 2 files changed, 26 insertions(+), 0 deletions(-)
---

diff --git a/logwatch-pam_unix.patch b/logwatch-pam_unix.patch
new file mode 100644
index 0000000..ca60a53
--- /dev/null
+++ b/logwatch-pam_unix.patch
@@ -0,0 +1,22 @@
+--- logwatch-svn110-dist/scripts/services/pam_unix	2012-09-27 10:01:34.177205178 +0200
++++ logwatch-svn110-new/scripts/services/pam_unix	2012-09-27 13:39:49.697365083 +0200
+@@ -174,7 +174,7 @@
+ 	# ignore this line
+       } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s+user=(\S*)$/$2 ($1)/) {
+  	 $data{$service}{'Authentication Failures'}{$line}++;
+-      } elsif ($line =~ s/^authentication failure; .*rhost=(\S*).$/unknown ($1)/) {
++      } elsif ($line =~ s/^authentication failure; .*rhost=(\S*)\s*$/unknown ($1)/) {
+          $data{$service}{'Authentication Failures'}{$line}++;
+       } elsif ($line =~ s/^authentication failure; logname=(\S*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
+          $data{$service}{'Authentication Failures'}{$line}++;
+@@ -227,8 +227,8 @@
+       if ($line =~ s/^password changed for (.+)/$1/) {
+          ($Detail >= 5) && $data{$service}{'Password changed'}{$line}++;
+       }
+-   } elsif (grep $_ eq $service, qw/gdm gdm-password kdm kcheckpass xdm imap dovecot cups/) {
+-      if ($line =~ s/^session opened for user (.+) by \(uid=\d+\)/$1/) {
++   } elsif (grep $_ eq $service, qw/gdm gdm-password gdm-welcome kdm kcheckpass xdm imap dovecot cups/) {
++      if ($line =~ s/^session opened for user (.+) by (?:\(unknown\))?\(uid=\d+\)/$1/) {
+          ($Detail >= 5) && $data{$service}{'Sessions Opened'}{$line}++;
+       } elsif ($line =~ s/^authentication failure;.* user=(.+)$/$1/) {
+          $data{$service}{'Authentication Failures'}{$line}++;
diff --git a/logwatch.spec b/logwatch.spec
index fab2b19..c8959ad 100644
--- a/logwatch.spec
+++ b/logwatch.spec
@@ -25,11 +25,13 @@ Patch7: logwatch-dovecot.patch
 Patch8: logwatch-sshd.patch
 # Rootkit Hunter patch - not applied by upstream
 Patch9: logwatch-rkhunter.patch
+# Patches 10-15 not yet in upstream
 Patch10: logwatch-applystddate.patch
 Patch11: logwatch-http.patch
 Patch12: logwatch-pluto.patch
 Patch13: logwatch-xvc.patch
 Patch14: logwatch-secure.patch
+Patch15: logwatch-pam_unix.patch
 Requires: textutils sh-utils grep mailx
 Requires: perl(Date::Manip)
 Requires: perl(Sys::CPU)
@@ -58,6 +60,7 @@ of the package on many systems.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 rm -f scripts/services/*.orig
 
 %build
@@ -150,6 +153,7 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %changelog
 * Thu Sep 27 2012 Jan Synáček <jsynacek at redhat.com> - 7.4.0-17.20120619svn110
 - Add secure patch (rhbz#836189)
+- Add pam_unix patch (rhbz#836183, rhbz#846725)
 
 * Wed Aug 29 2012 Jan Synáček <jsynacek at redhat.com> - 7.4.0-16.20120619svn110
 - Add applystddate patch - support rsyslog timestamps
