rpms/logwatch/devel logwatch-7.3.2-audit2.patch, NONE, 1.1 logwatch-7.3.2-pix.patch, NONE, 1.1 logwatch.spec, 1.59, 1.60
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Feb 9 12:54:43 UTC 2007
Author: varekova
Update of /cvs/dist/rpms/logwatch/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32620
Modified Files:
logwatch.spec
Added Files:
logwatch-7.3.2-audit2.patch logwatch-7.3.2-pix.patch
Log Message:
- incorporate the next part of package review comments
- Resolves: 227976
logwatch warns about auditspd starting
logwatch-7.3.2-audit2.patch:
audit | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE logwatch-7.3.2-audit2.patch ---
--- logwatch-7.3.2/scripts/services/audit.pom 2007-02-09 13:24:45.000000000 +0100
+++ logwatch-7.3.2/scripts/services/audit 2007-02-09 13:45:17.000000000 +0100
@@ -78,7 +78,8 @@
( $ThisLine =~ /: policy loaded auid=[0-9]+/) or
( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+ subj=system_u:system_r:system_dbusd_t:[0-9a-z]+ msg=/) or
( $ThisLine =~ /audit\([0-9.]+:[0-9]+\): (selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+| )+$/) or
- ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/)
+ ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+ [0-9]+ [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+ [0-9]+ \(NOTLB\)/) or
+ ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/)
) {
# Ignore these entries
} elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
logwatch-7.3.2-pix.patch:
pix | 762 ++++++++++++++++++++++++++++++++++----------------------------------
1 files changed, 381 insertions(+), 381 deletions(-)
--- NEW FILE logwatch-7.3.2-pix.patch ---
--- logwatch-7.3.2/scripts/services/pix.pom 2006-12-20 05:24:07.000000000 +0100
+++ logwatch-7.3.2/scripts/services/pix 2007-02-09 13:12:35.000000000 +0100
@@ -1,384 +1,384 @@
-##########################################################################
-# $Id: pix,v 1.1 2006/12/20 04:24:07 bjorn Exp $
-##########################################################################
+##########################################################################
+# $Id: pix,v 1.1 2006/12/20 04:24:07 bjorn Exp $
+##########################################################################
# $Log: pix,v $
# Revision 1.1 2006/12/20 04:24:07 bjorn
# New script for cisco pix files, written by Bob Hendry.
-#
-##########################################################################
-
-use Logwatch ':all';
-##########################################################################
-# Apply date for Cisco PIX
-##########################################################################
-
-use POSIX qw(strftime);
-use Logwatch ':dates';
-
-$SearchDate = TimeFilter('%b %e %H:%M:%S');
-
-$Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
-$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
-
-if ( $Debug >= 5 ) {
- print STDERR "\n\nDEBUG: Inside PIX Filter \n\n";
- $DebugCounter = 1;
-}
-
-my ($month,$day,$time,$host,$process,$conn,$msg);
-
-while (defined($ThisLine = <STDIN>)) {
- if ($ThisLine =~ m/^$SearchDate/o) { # added
-
- if ( $Debug >= 30 ) {
- print STDERR "DEBUG($DebugCounter): $ThisLine";
- $DebugCounter++;
- }
-
-($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7);
-
- if ( ($ThisLine =~ /(ISDN-6-.+)/ ) or
- ($ThisLine =~ /Copyright/ ) or
- ($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
- ($ThisLine =~ /IOS \(tm\)/ ) or
- ($ThisLine =~ /TAC:Home:SW:IOS:Specials/ )
- ) {
- # don't care about this, will code this later
- }
-
- elsif ( $ThisLine =~ /%PIX-4-106023:/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*PIX-4-106023: Deny //;
- $testline =~ s/\[0x0, 0x0\]//;
- $testline =~ s/"/ /g;
- $testline =~ s/by access-group//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- @testfields = split(' ',$testline);
- $accesslist = @testfields[$#testfields];
- $action = "Deny";
- $protocol = @testfields[0];
- if ($protocol =~ /(tcp|udp)/) {
- $source = @testfields[3];
- $destination = @testfields[7];
- $icmp_type = "";
- $count = 1;
- $source_ip = @testfields[3];
- $source_port = @testfields[4];
- $destination_ip = @testfields[7];
- $destination_port = @dfields[8];
- } elsif ($protocol =~ /icmp/) {
- $source = @testfields[3];
- $destination = @testfields[7];
- $icmp_type = @testfields[8];
- $count = 1;
- $source_ip = @testfields[3];
- $destination_ip = @testfields[7];
- } elsif ($protocol =~ /41/) { #IPv6
- $source = @testfields[3];
- $destination = @testfields[7];
- $icmp_type = "";
- $count = 1;
- $source_ip = @testfields[3];
- $source_port = @testfields[4];
- $destination_ip = @testfields[7];
- $destination_port = @dfields[8];
- } else {
- $count = 0;
- }
- $ACL{$accesslist} += $count;
- $ACTION{$action} += $count;
- $packets += $count;
- if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
- $SSH{$source_ip} += $count;
- $SSH_packets += $count;
- }
- if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
- $TELNET{$source_ip} += $count;
- $TELNET_packets += $count;
- }
- }
- elsif ($ThisLine =~ /%PIX-6-106100:/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-106100://;
- $testline =~ s/ ->//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $accesslist = @testfields[1];
- $action = @testfields[2];
- $protocol = @testfields[3];
- if ($protocol =~ /(TCP|UDP|tcp|udp)/) {
- $count = 1;
- $source_ip = @testfields[5];
- $source_port = @testfields[6];
- $destination_ip = @testfields[8];
- $destination_port = @testfields[9];
- } elsif ($protocol =~ /icmpv6/) {
- # not implemented
- } else {
- $count = 0;
- }
- $ACL{$accesslist} += $count;
- $ACTION{$action} += $count;
- $packets += $count;
- if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
- $SSH{$source_ip} += $count;
- $SSH_packets += $count;
- }
- if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
- $TELNET{$source_ip} += $count;
- $TELNET_packets += $count;
- }
- if ( ($destination_port == 21) and ($protocol =~ /TCP|tcp/) ) {
- $FTP{$source_ip} += $count;
- $FTP_packets += $count;
- }
- }
-#Error Message %PIX|ASA-6-302013
- elsif ($ThisLine =~ /%PIX-6-302013: Built/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-302013: Built//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $connection_id = @testfields[3];
- $CONNECTION_ID{$connection_id} = $connection_id;
- }
-#Error Message %PIX|ASA-6-302015
- elsif ($ThisLine =~ /%PIX-6-302015: Built/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-302015: Built//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $connection_id = @testfields[3];
- $CONNECTION_ID{$connection_id} = $connection_id;
- }
-
-#Error Message %PIX|ASA-6-302014
- elsif ($ThisLine =~ /%PIX-6-302014: Teardown/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-302014: Teardown//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $protocol = @testfields[0];
- $connection_id = @testfields[2];
- $count = 1;
- $source_ip = @testfields[5];
- $source_port = @testfields[6];
- $destination_ip = @testfields[11];
- $destination_port = @testfields[12];
-
- if ($connection_id == $CONNECTION_ID{$connection_id}) {
- if ( ($destination_port == 21) and ($protocol =~ /TCP|tcp/) ) {
- $FTP{$source_ip} += $count;
- $FTP_packets += $count;
- }
- if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
- $SSH{$source_ip} += $count;
- $SSH_packets += $count;
- }
- if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
- $TELNET{$source_ip} += $count;
- $TELNET_packets += $count;
- }
-
- }
- }
-#Error Message %PIX|ASA-6-302016
- elsif ($ThisLine =~ /%PIX-6-302016: Teardown/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-302016: Teardown//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $protocol = @testfields[0];
- $connection_id = @testfields[2];
- $count = 1;
- $source_ip = @testfields[5];
- $source_port = @testfields[6];
- $destination_ip = @testfields[11];
- $destination_port = @testfields[12];
-
- if ($connection_id == $CONNECTION_ID{$connection_id}) {
-
- if ( ($source_port == 53) and ($protocol =~ /UDP|udp/) ) {
- $DNS{$source_ip} += $count;
- $DNS_packets += $count;
- }
- if ( ($source_port == 123) and ($protocol =~ /UDP|udp/) ) {
- $NTP{$source_ip} += $count;
- $NTP_packets += $count;
- }
- if ( ($source_port == 514) and ($protocol =~ /UDP|udp/) ) {
- $SYSLOG{$source_ip} += $count;
- $SYSLOG_packets += $count;
- }
- }
- }
- elsif ( $ThisLine =~ /%PIX-3-710003:/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-3-710003://;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- @testfields = split(' ',$testline);
- $accesslist = @testfields[4];
- $action = "denied";
- $protocol = @testfields[0];
- if ($protocol =~ /(TCP|UDP|tcp|udp)/) {
- $icmp_type = "";
- $count = 1;
- $source_ip = @testfields[6];
- $source_port = @testfields[7];
- $destination_ip = @testfields[10];
- $destination_port = @testfields[11];
- } elsif ($protocol =~ /icmpv6/) {
- $source_ip = @testfields[3];
- $source_port = 0;
- $destination_ip = @testfields[4];
- $destination_port = 0;
- $icmp_type = @testfields[5];
- $count = @testfields[6];
- } else {
- $count = 0;
- }
- $ACL{$accesslist} += $count;
- $ACTION{$action} += $count;
- $packets += $count;
- if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
- $SSH{$source_ip} += $count;
- $SSH_packets += $count;
- }
- }#Error Message %PIX|ASA-6-302020
- elsif ($ThisLine =~ /%PIX-6-302020: Built ICMP connection for faddr/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-302020: Built ICMP connection for faddr//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $connection_id = @testfields[0];
- $CONNECTION_ID{$connection_id} = $connection_id;
- }
-
-#Error Message %PIX|ASA-6-302021
- elsif ($ThisLine =~ /%PIX-6-302021: Teardown ICMP connection for faddr/) {
- $testline = $ThisLine;
- chomp $testline;
- $testline =~ s/^.*%PIX-6-302021: Teardown ICMP connection for faddr//;
- $testline =~ s/[:,]/ /g;
- $testline =~ s/\// /g;
- $testline =~ s/[()]/ /g;
- @testfields = split(' ',$testline);
- $connection_id = @testfields[0];
- $count = 1;
- $source_ip = $connection_id;
-
- if ($connection_id == $CONNECTION_ID{$connection_id}) {
- $ICMP{$source_ip} += $count;
- $ICMP_packets += $count;
- }
- }
- else {
- # Report any unmatched entries...
- chomp $ThisLine;
- $OtherList{$ThisLine}++;
- }
- }
-}
-if (keys %ACL) {
- print "\nAccess Control Lists:\n";
- foreach $ThisOne (sort keys %ACL) {
- print " " . $ThisOne . " : " . $ACL{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $packets . " Hit(s)\n";
- if ($IPV6_packets >0) {print " IPv6 Total : " . $IPV6_packets . " Hit(s)\n"}
-}
-
-if (keys %ACTION) {
- print "\nActions:\n";
- foreach $ThisOne (sort keys %ACTION) {
- print " " . $ThisOne . " : " . $ACTION{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $packets . " Hit(s)\n";
- if ($IPV6_packets >0) {print " IPv6 Total : " . $IPV6_packets . " Hit(s)\n"}
-}
-if (keys %ICMP) {
- print "\nICMP Requests:\n";
- foreach $ThisOne (sort keys %ICMP) {
- print " " . $ThisOne . " : " . $ICMP{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $ICMP_packets . " Hit(s)\n";
-}
-
-if (keys %SSH) {
- print "\nSSH access:\n";
- foreach $ThisOne (sort keys %SSH) {
- print " " . $ThisOne . " : " . $SSH{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $SSH_packets . " Hit(s)\n";
-}
-
-if (keys %TELNET) {
- print "\nTELNET access:\n";
- foreach $ThisOne (sort keys %TELNET) {
- print " " . $ThisOne . " : " . $TELNET{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $TELNET_packets . " Hit(s)\n";
-}
-
-if (keys %FTP) {
- print "\nFTP access:\n";
- foreach $ThisOne (sort keys %FTP) {
- print " " . $ThisOne . " : " . $FTP{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $FTP_packets . " Hit(s)\n";
-}
-
-if (keys %DNS) {
- print "\nDNS access:\n";
- foreach $ThisOne (sort keys %DNS) {
- print " " . $ThisOne . " : " . $DNS{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $DNS_packets . " Hit(s)\n";
-}
-if (keys %NTP) {
- print "\nNTP access:\n";
- foreach $ThisOne (sort keys %NTP) {
- print " " . $ThisOne . " : " . $NTP{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $NTP_packets . " Hit(s)\n";
-}
-if (keys %SYSLOG) {
- print "\nSYSLOG access:\n";
- foreach $ThisOne (sort keys %SYSLOG) {
- print " " . $ThisOne . " : " . $SYSLOG{$ThisOne} . " Hit(s)\n";
- }
- print " Total : " . $SYSLOG_packets. " Hit(s)\n";
-}
-
-#if (keys %OtherList) {
-# print "\n**Unmatched Entries**\n";
-# foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
-# print " $line: $OtherList{$line} Time(s)\n";
-# }
-#}
-
-exit(0);
-
-# vi: shiftwidth=3 tabstop=3 syntax=perl et
+#
+##########################################################################
+
+use Logwatch ':all';
+##########################################################################
+# Apply date for Cisco PIX
+##########################################################################
+
+use POSIX qw(strftime);
+use Logwatch ':dates';
+
+$SearchDate = TimeFilter('%b %e %H:%M:%S');
+
+$Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
+$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
+
+if ( $Debug >= 5 ) {
+ print STDERR "\n\nDEBUG: Inside PIX Filter \n\n";
+ $DebugCounter = 1;
+}
+
+my ($month,$day,$time,$host,$process,$conn,$msg);
+
+while (defined($ThisLine = <STDIN>)) {
+ if ($ThisLine =~ m/^$SearchDate/o) { # added
+
+ if ( $Debug >= 30 ) {
+ print STDERR "DEBUG($DebugCounter): $ThisLine";
+ $DebugCounter++;
+ }
+
+($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7);
+
+ if ( ($ThisLine =~ /(ISDN-6-.+)/ ) or
+ ($ThisLine =~ /Copyright/ ) or
+ ($ThisLine =~ /Cisco Internetwork Operating System Software/ ) or
+ ($ThisLine =~ /IOS \(tm\)/ ) or
+ ($ThisLine =~ /TAC:Home:SW:IOS:Specials/ )
+ ) {
+ # don't care about this, will code this later
+ }
+
+ elsif ( $ThisLine =~ /%PIX-4-106023:/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*PIX-4-106023: Deny //;
+ $testline =~ s/\[0x0, 0x0\]//;
+ $testline =~ s/"/ /g;
+ $testline =~ s/by access-group//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ @testfields = split(' ',$testline);
+ $accesslist = @testfields[$#testfields];
+ $action = "Deny";
+ $protocol = @testfields[0];
+ if ($protocol =~ /(tcp|udp)/) {
+ $source = @testfields[3];
+ $destination = @testfields[7];
+ $icmp_type = "";
+ $count = 1;
+ $source_ip = @testfields[3];
+ $source_port = @testfields[4];
+ $destination_ip = @testfields[7];
+ $destination_port = @dfields[8];
+ } elsif ($protocol =~ /icmp/) {
+ $source = @testfields[3];
+ $destination = @testfields[7];
+ $icmp_type = @testfields[8];
+ $count = 1;
+ $source_ip = @testfields[3];
+ $destination_ip = @testfields[7];
+ } elsif ($protocol =~ /41/) { #IPv6
+ $source = @testfields[3];
+ $destination = @testfields[7];
+ $icmp_type = "";
+ $count = 1;
+ $source_ip = @testfields[3];
+ $source_port = @testfields[4];
+ $destination_ip = @testfields[7];
+ $destination_port = @dfields[8];
+ } else {
+ $count = 0;
+ }
+ $ACL{$accesslist} += $count;
+ $ACTION{$action} += $count;
+ $packets += $count;
+ if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
+ $SSH{$source_ip} += $count;
+ $SSH_packets += $count;
+ }
+ if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
+ $TELNET{$source_ip} += $count;
+ $TELNET_packets += $count;
+ }
+ }
+ elsif ($ThisLine =~ /%PIX-6-106100:/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-106100://;
+ $testline =~ s/ ->//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $accesslist = @testfields[1];
+ $action = @testfields[2];
+ $protocol = @testfields[3];
+ if ($protocol =~ /(TCP|UDP|tcp|udp)/) {
+ $count = 1;
+ $source_ip = @testfields[5];
+ $source_port = @testfields[6];
+ $destination_ip = @testfields[8];
+ $destination_port = @testfields[9];
+ } elsif ($protocol =~ /icmpv6/) {
+ # not implemented
+ } else {
+ $count = 0;
+ }
+ $ACL{$accesslist} += $count;
+ $ACTION{$action} += $count;
+ $packets += $count;
+ if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
+ $SSH{$source_ip} += $count;
+ $SSH_packets += $count;
+ }
+ if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
+ $TELNET{$source_ip} += $count;
+ $TELNET_packets += $count;
+ }
+ if ( ($destination_port == 21) and ($protocol =~ /TCP|tcp/) ) {
+ $FTP{$source_ip} += $count;
+ $FTP_packets += $count;
+ }
+ }
+#Error Message %PIX|ASA-6-302013
+ elsif ($ThisLine =~ /%PIX-6-302013: Built/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-302013: Built//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $connection_id = @testfields[3];
+ $CONNECTION_ID{$connection_id} = $connection_id;
+ }
+#Error Message %PIX|ASA-6-302015
+ elsif ($ThisLine =~ /%PIX-6-302015: Built/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-302015: Built//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $connection_id = @testfields[3];
+ $CONNECTION_ID{$connection_id} = $connection_id;
+ }
+
+#Error Message %PIX|ASA-6-302014
+ elsif ($ThisLine =~ /%PIX-6-302014: Teardown/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-302014: Teardown//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $protocol = @testfields[0];
+ $connection_id = @testfields[2];
+ $count = 1;
+ $source_ip = @testfields[5];
+ $source_port = @testfields[6];
+ $destination_ip = @testfields[11];
+ $destination_port = @testfields[12];
+
+ if ($connection_id == $CONNECTION_ID{$connection_id}) {
+ if ( ($destination_port == 21) and ($protocol =~ /TCP|tcp/) ) {
+ $FTP{$source_ip} += $count;
+ $FTP_packets += $count;
+ }
+ if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
+ $SSH{$source_ip} += $count;
+ $SSH_packets += $count;
+ }
+ if ( ($destination_port == 23) and ($protocol =~ /TCP|tcp/) ) {
+ $TELNET{$source_ip} += $count;
+ $TELNET_packets += $count;
+ }
+
+ }
+ }
+#Error Message %PIX|ASA-6-302016
+ elsif ($ThisLine =~ /%PIX-6-302016: Teardown/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-302016: Teardown//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $protocol = @testfields[0];
+ $connection_id = @testfields[2];
+ $count = 1;
+ $source_ip = @testfields[5];
+ $source_port = @testfields[6];
+ $destination_ip = @testfields[11];
+ $destination_port = @testfields[12];
+
+ if ($connection_id == $CONNECTION_ID{$connection_id}) {
+
+ if ( ($source_port == 53) and ($protocol =~ /UDP|udp/) ) {
+ $DNS{$source_ip} += $count;
+ $DNS_packets += $count;
+ }
+ if ( ($source_port == 123) and ($protocol =~ /UDP|udp/) ) {
+ $NTP{$source_ip} += $count;
+ $NTP_packets += $count;
+ }
+ if ( ($source_port == 514) and ($protocol =~ /UDP|udp/) ) {
+ $SYSLOG{$source_ip} += $count;
+ $SYSLOG_packets += $count;
+ }
+ }
+ }
+ elsif ( $ThisLine =~ /%PIX-3-710003:/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-3-710003://;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ @testfields = split(' ',$testline);
+ $accesslist = @testfields[4];
+ $action = "denied";
+ $protocol = @testfields[0];
+ if ($protocol =~ /(TCP|UDP|tcp|udp)/) {
+ $icmp_type = "";
+ $count = 1;
+ $source_ip = @testfields[6];
+ $source_port = @testfields[7];
+ $destination_ip = @testfields[10];
+ $destination_port = @testfields[11];
+ } elsif ($protocol =~ /icmpv6/) {
+ $source_ip = @testfields[3];
+ $source_port = 0;
+ $destination_ip = @testfields[4];
+ $destination_port = 0;
+ $icmp_type = @testfields[5];
+ $count = @testfields[6];
+ } else {
+ $count = 0;
+ }
+ $ACL{$accesslist} += $count;
+ $ACTION{$action} += $count;
+ $packets += $count;
+ if ( ($destination_port == 22) and ($protocol =~ /TCP|tcp/) ) {
+ $SSH{$source_ip} += $count;
+ $SSH_packets += $count;
+ }
+ }#Error Message %PIX|ASA-6-302020
+ elsif ($ThisLine =~ /%PIX-6-302020: Built ICMP connection for faddr/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-302020: Built ICMP connection for faddr//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $connection_id = @testfields[0];
+ $CONNECTION_ID{$connection_id} = $connection_id;
+ }
+
+#Error Message %PIX|ASA-6-302021
+ elsif ($ThisLine =~ /%PIX-6-302021: Teardown ICMP connection for faddr/) {
+ $testline = $ThisLine;
+ chomp $testline;
+ $testline =~ s/^.*%PIX-6-302021: Teardown ICMP connection for faddr//;
+ $testline =~ s/[:,]/ /g;
+ $testline =~ s/\// /g;
+ $testline =~ s/[()]/ /g;
+ @testfields = split(' ',$testline);
+ $connection_id = @testfields[0];
+ $count = 1;
+ $source_ip = $connection_id;
+
+ if ($connection_id == $CONNECTION_ID{$connection_id}) {
+ $ICMP{$source_ip} += $count;
+ $ICMP_packets += $count;
+ }
+ }
+ else {
+ # Report any unmatched entries...
+ chomp $ThisLine;
+ $OtherList{$ThisLine}++;
+ }
+ }
+}
+if (keys %ACL) {
+ print "\nAccess Control Lists:\n";
+ foreach $ThisOne (sort keys %ACL) {
+ print " " . $ThisOne . " : " . $ACL{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $packets . " Hit(s)\n";
+ if ($IPV6_packets >0) {print " IPv6 Total : " . $IPV6_packets . " Hit(s)\n"}
+}
+
+if (keys %ACTION) {
+ print "\nActions:\n";
+ foreach $ThisOne (sort keys %ACTION) {
+ print " " . $ThisOne . " : " . $ACTION{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $packets . " Hit(s)\n";
+ if ($IPV6_packets >0) {print " IPv6 Total : " . $IPV6_packets . " Hit(s)\n"}
+}
+if (keys %ICMP) {
+ print "\nICMP Requests:\n";
+ foreach $ThisOne (sort keys %ICMP) {
+ print " " . $ThisOne . " : " . $ICMP{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $ICMP_packets . " Hit(s)\n";
+}
+
+if (keys %SSH) {
+ print "\nSSH access:\n";
+ foreach $ThisOne (sort keys %SSH) {
+ print " " . $ThisOne . " : " . $SSH{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $SSH_packets . " Hit(s)\n";
+}
+
+if (keys %TELNET) {
+ print "\nTELNET access:\n";
+ foreach $ThisOne (sort keys %TELNET) {
+ print " " . $ThisOne . " : " . $TELNET{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $TELNET_packets . " Hit(s)\n";
+}
+
+if (keys %FTP) {
+ print "\nFTP access:\n";
+ foreach $ThisOne (sort keys %FTP) {
+ print " " . $ThisOne . " : " . $FTP{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $FTP_packets . " Hit(s)\n";
+}
+
+if (keys %DNS) {
+ print "\nDNS access:\n";
+ foreach $ThisOne (sort keys %DNS) {
+ print " " . $ThisOne . " : " . $DNS{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $DNS_packets . " Hit(s)\n";
+}
+if (keys %NTP) {
+ print "\nNTP access:\n";
+ foreach $ThisOne (sort keys %NTP) {
+ print " " . $ThisOne . " : " . $NTP{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $NTP_packets . " Hit(s)\n";
+}
+if (keys %SYSLOG) {
+ print "\nSYSLOG access:\n";
+ foreach $ThisOne (sort keys %SYSLOG) {
+ print " " . $ThisOne . " : " . $SYSLOG{$ThisOne} . " Hit(s)\n";
+ }
+ print " Total : " . $SYSLOG_packets. " Hit(s)\n";
+}
+
+#if (keys %OtherList) {
+# print "\n**Unmatched Entries**\n";
+# foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
+# print " $line: $OtherList{$line} Time(s)\n";
+# }
+#}
+
+exit(0);
+
+# vi: shiftwidth=3 tabstop=3 syntax=perl et
Index: logwatch.spec
===================================================================
RCS file: /cvs/dist/rpms/logwatch/devel/logwatch.spec,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- logwatch.spec 8 Feb 2007 15:04:40 -0000 1.59
+++ logwatch.spec 9 Feb 2007 12:54:40 -0000 1.60
@@ -1,7 +1,7 @@
Summary: A log file analysis program
Name: logwatch
Version: 7.3.2
-Release: 7%{?dist}
+Release: 8%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
@@ -16,6 +16,8 @@
Patch8: logwatch-7.3.2-cron.patch
Patch9: logwatch-7.3.2-audit.patch
Patch10: logwatch-7.3.2-iptables.patch
+Patch11: logwatch-7.3.2-pix.patch
+Patch12: logwatch-7.3.2-audit2.patch
Requires: textutils sh-utils grep mailx
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -39,6 +41,8 @@
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
+%patch12 -p1
# GPL license
rm ./scripts/services/courier
rm ./scripts/services/dpkg
@@ -97,9 +101,9 @@
chmod 644 %{buildroot}%{_datadir}/logwatch/scripts/services/dpkg
install -m 0755 -d %{buildroot}%{_sysconfdir}/cron.daily
-ln -s %{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}%{_sysconfdir}/cron.daily/0logwatch
+ln -s ../../%{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}/%{_sysconfdir}/cron.daily/0logwatch
install -m 0755 -d %{buildroot}%{_sbindir}
-ln -s %{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}%{_sbindir}/logwatch
+ln -s ../../%{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}/%{_sbindir}/logwatch
echo "###### REGULAR EXPRESSIONS IN THIS FILE WILL BE TRIMMED FROM REPORT OUTPUT #####" > %{buildroot}%{_sysconfdir}/logwatch/conf/ignore.conf
@@ -155,7 +159,12 @@
%doc License project/CHANGES
%changelog
-* Thu Feb 8 2007 Ivana Varekova <vraekova at redhat.com> 7.3.2-7
+* Fri Feb 9 2007 Ivana Varekova <varekova at redhat.com> 7.3.2-8
+- incorporate the next part of package review comments
+- Resolves: 227976
+ logwatch warns about auditspd starting
+
+* Thu Feb 8 2007 Ivana Varekova <varekova at redhat.com> 7.3.2-7
- incorporate package review feedback
- Resolves: 227814
logwatch warns about ntpd deletes interfaces on shutdown
More information about the fedora-cvs-commits
mailing list