SPECS: logcheck.spec - switched to debian source

glen glen at pld-linux.org
Tue Jul 18 22:58:04 CEST 2006 

Author: glen                         Date: Tue Jul 18 20:58:04 2006 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- switched to debian source

---- Files affected:
SPECS:
   logcheck.spec (1.29 -> 1.30) 

---- Diffs:

================================================================
Index: SPECS/logcheck.spec
diff -u SPECS/logcheck.spec:1.29 SPECS/logcheck.spec:1.30
--- SPECS/logcheck.spec:1.29	Tue Jul 18 22:17:11 2006
+++ SPECS/logcheck.spec	Tue Jul 18 22:57:59 2006
@@ -1,104 +1,126 @@
 # $Revision$, $Date$
-# TODO:
-# - SECURITY: http://securitytracker.com/alerts/2004/Apr/1009838.html
-Summary:	Logcheck system log analyzer
-Summary(es):	Analizador de logs
-Summary(pl):	Logcheck - analizator logów systemu
-Summary(pt_BR):	Um analisador de logs
-Summary(ru):	Logcheck - ÁÎÁĚÉÚÁÔĎŇ log-ĆÁĘĚĎ×
-Summary(uk):	Logcheck - ÁÎÁĚŚÚÁÔĎŇ log-ĆÁĘĚŚ×
-Summary(zh_CN):	ϾͳČŐÖžˇÖÎöš¤žß
+Summary:	Mails anomalies in the system logfiles to the administrator
 Name:		logcheck
-Version:	1.1.1
-Release:	3.2
+Version:	1.2.46
+Release:	0.1
 License:	GPL
 Group:		Applications/System
-#Source0:	http://www.psionic.com/tools/%{name}-%{version}.tar.gz
-# Adopted by Debian ? They have 1.3.14 in pool
-# Debian has 1.2.32 now.
-Source0:	%{name}-%{version}.tar.gz
-# Source0-md5:	e97c2f096e219e20310c1b80e9e1bc29
+Source0:	http://ftp.debian.org/debian/pool/main/l/logcheck/%{name}_%{version}.tar.gz
+# Source0-md5:	4fc24888f538d9e0592f3e4605ba3b99
 Patch0:		%{name}-pld.patch
-#URL:		http://www.psionic.com/abacus
+Source1:	%{name}.cron
+URL:		http://logcheck.alioth.debian.org/
+BuildRequires:	rpmbuild(macros) >= 1.202
+Requires(postun):	/usr/sbin/groupdel
+Requires(postun):	/usr/sbin/userdel
+Requires(pre):	/bin/id
+Requires(pre):	/usr/bin/getgid
+Requires(pre):	/usr/sbin/groupadd
+Requires(pre):	/usr/sbin/useradd
+Requires:	%{name}-database = %{version}-%{release}
 Requires:	/usr/sbin/sendmail
 Requires:	crondaemon
-Requires:	logtail = %{epoch}:%{version}-%{release}
+Requires:	logtail = %{version}-%{release}
+BuildArch:	noarch
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define		_sysconfdir	/etc/logcheck
 
 %description
-Logcheck is software package that is designed to automatically run and
-check system log files for security violations and unusual activity.
-Logcheck utilizes a program called logtail that remembers the last
-position it read from in a log file and uses this position on
-subsequent runs to process new information. All source code is
-available for review and the implementation was kept simple to avoid
-problems. This package is a clone of the frequentcheck.sh script from
-the Trusted Information Systems Gauntlet(tm) firewall package. TIS has
-granted permission for me to clone this package.
-
-%description -l es
-Analizador de logs
-
-%description -l pl
-Pakiet zawiera logcheck - aplikację przeznaczoną do automatycznego
-analizowania logów systemowych i przesyłaniu ich po wstępnej obróbce
-pocztą elektroniczną do administratora systemu. Aplikacja ta jest
-klonem skryptu frequentcheck.sh z Trusted Information Systems
-Gauntlet(tm).
-
-%description -l pt_BR
-O logcheck é um software que foi desenvolvido para automaticamente
-rodar e checar logs do sistema para violaçőes de segurança, e
-atividade năo usual.
-
-%description -l ru
-Logcheck - ĐŇĎÇŇÁÍÍÁ ÄĚŃ ĎÔÓĚĹÖÉ×ÁÎÉŃ × ÓÉÓÔĹÍÎŮČ ĚĎÇÁČ ÎĹĎÂŮŢÎŮČ
-ÄĹĘÓÔ×ÉĘ É ĐĎĐŮÔĎË ÎĹÓÁÎËĂÉĎÎÉŇĎ×ÁÎÎĎÇĎ ÄĎÓÔŐĐÁ.
-
-%description -l uk
-Logcheck - ĐŇĎÇŇÁÍÁ ÄĚŃ ×ŚÄÓĚŚÄËĎ×Ő×ÁÎÎŃ × ÓÉÓÔĹÍÎÉČ ĚĎÇÁČ ÎĹÚ×ÉŢÁĘÎÉČ
-ÄŚĘ ÔÁ ÓĐŇĎ ÎĹÓÁÎËĂŚĎÎĎ×ÁÎĎÇĎ ÄĎÓÔŐĐŐ.
+Logcheck is a simple utility which is designed to allow a system
+administrator to view the logfiles which are produced upon hosts under
+their control.
+
+It does this by mailing summaries of the logfiles to them, after first
+filtering out "normal" entries.
+
+Normal entries are entries which match one of the many included
+regular expression files contain in the database.
+
+Logcheck was part of the Abacus Project of security tools, but this
+version has been rewritten.
+
+%package database
+Summary:	database of system log rules for the use of log checkers
+Group:		Applications/System
+
+%description database
+This database is part of the Logcheck package, but might be used by
+others. It brings a database of regular expressions for matching
+system log entries after various criteria.
 
 %package -n logtail
-Summary:	logtail program from logcheck package
+Summary:	Print log file lines that have not been read
 Group:		Applications/System
 
 %description -n logtail
-This package contains logtail that remembers the last position it read
-from in a log file and uses this position on subsequent runs to
-process new information.
+This program will read in a standard text file and create an offset
+marker when it reads the end. The offset marker is read the next time
+logtail is run and the text file pointer is moved to the offset
+location. This allows logtail to read in the next lines of data
+following the marker. This is good for marking log files for automatic
+log file checkers to monitor system events.
+
+This program is mainly used by logcheck, because it returns only parts
+of the system logfiles that have not already been checked.
 
 %prep
 %setup -q
-%patch -p1
+#%patch0 -p1 # TODO
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/cron.hourly,%{_sbindir},%{_bindir}}
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/cron.d,%{_sbindir},%{_bindir}}
 
-%{__make} linux \
-	CC="%{__cc}" \
-	CFLAGS="%{rpmcflags}"
-
-cat <<EOF > $RPM_BUILD_ROOT/etc/cron.hourly/logcheck
-#!/bin/sh
-exec %{_sbindir}/logcheck
-EOF
+%{__make} install \
+	DESTDIR=$RPM_BUILD_ROOT
+
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.d/%{name}
 
 mv $RPM_BUILD_ROOT{%{_sbindir},%{_bindir}}/logtail
+touch $RPM_BUILD_ROOT%{_sysconfdir}/header.txt # TODO
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%pre
+%groupadd -g 173 %{name}
+%useradd -u 173 -d /var/lib/%{name} -g adm -c "Logcheck User" %{name}
+
+%postun
+if [ "$1" = "0" ]; then
+	%userremove %{name}
+	%groupremove %{name}
+fi
+
 %files
 %defattr(644,root,root,755)
-%doc CHANGES CREDITS README* systems/linux/README*
-%attr(700,root,root) %dir %{_sysconfdir}
-%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*
-%attr(700,root,root) %config(missingok) /etc/cron.hourly/logcheck
+%doc AUTHORS CHANGES CREDITS TODO
+%doc docs/README.{how.to.interpret,keywords,logcheck,Maintainer} docs/tools/log-summary-ssh
+%attr(710,root,logcheck) %dir %{_sysconfdir}
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/cracking.d
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/cracking.ignore.d
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/violations.d
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/violations.ignore.d
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/ignore.d.workstation
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/ignore.d.server
+%dir %attr(2750,root,logcheck) %{_sysconfdir}/ignore.d.paranoid
+%attr(640,root,logcheck) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/logcheck.conf
+%attr(640,root,logcheck) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/logcheck.logfiles
+%attr(640,root,logcheck) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/header.txt
+%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name}
 %attr(755,root,root) %{_sbindir}/logcheck
+%dir %attr(750,logcheck,root) /var/lib/logcheck
+%dir %attr(755,logcheck,logcheck) /var/lock/logcheck
+
+%files database
+%defattr(644,root,root,755)
+%config %verify(not md5 mtime size) %{_sysconfdir}/cracking.d/*
+%config %verify(not md5 mtime size) %{_sysconfdir}/violations.d/*
+%config %verify(not md5 mtime size) %{_sysconfdir}/violations.ignore.d/*
+%config %verify(not md5 mtime size) %{_sysconfdir}/ignore.d.workstation/*
+%config %verify(not md5 mtime size) %{_sysconfdir}/ignore.d.server/*
+%config %verify(not md5 mtime size) %{_sysconfdir}/ignore.d.paranoid/*
 
 %files -n logtail
 %defattr(644,root,root,755)
@@ -110,92 +132,6 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
-Revision 1.29  2006/07/18 20:17:11  glen
-- put logtail to bindir
-- drop non-cvs changelog
-
-Revision 1.28  2006/03/09 14:35:10  glen
-- quote %{__cc}
-
-Revision 1.27  2005/12/13 11:54:17  glen
-- adalterized (sorted %verify flags)
-
-Revision 1.26  2004/12/17 22:28:11  glen
-- split logtail into separate package
-
-Revision 1.25  2004/10/24 12:06:15  paladine
-- spelling fix
-
-Revision 1.24  2004/08/16 14:16:20  blues
-- SECURITY note
-
-Revision 1.23  2004/01/17 22:59:27  domelu
-- release 3 to rebuild with ac
-
-Revision 1.22  2003/09/11 08:17:30  erjot
-- new BR by domelu-at-domelu-dot-net
-
-Revision 1.21  2003/07/11 12:28:23  ankry
-- URL fixes and other cosmetics
-
-Revision 1.20  2003/05/28 12:59:37  malekith
-- massive attack: source-md5
-
-Revision 1.19  2003/05/25 05:50:16  misi3k
-- massive attack s/pld.org.pl/pld-linux.org/
-
-Revision 1.18  2002/09/14 20:13:18  kloczek
-- release 2.
-
-Revision 1.17  2002/09/13 22:03:47  undefine
-- add some translations
-- new %doc
-
-Revision 1.16  2002/04/05 15:13:14  roman
-- s/Free. See LICENSE file./Free (see License in License
-
-Revision 1.15  2002/02/22 23:29:13  kloczek
-- removed all Group fields translations (oure rpm now can handle translating
-  Group field using gettext).
-
-Revision 1.14  2002/01/18 02:13:45  kloczek
-- perl -pi -e "s/pld-list\@pld.org.pl/feedback\@pld.org.pl/"
-
-Revision 1.13  2002/01/03 08:56:14  blues
-- requires mail daemon
-
-Revision 1.12  2001/04/30 16:05:21  kloczek
-- added using %{rpmcflags} macro.
-
-Revision 1.11  2001/02/16 08:58:50  kloczek
-- another fix in %install.
-
-Revision 1.10  2001/02/16 08:01:56  kloczek
-- typo in %install.
-
-Revision 1.9  2001/02/16 05:21:49  kloczek
-- updated to 1.1.1,
-- spec adapterized,
-- make spec %{debug} ready and use rpm automation,
-- change permission on executables to 755.
-
-Revision 1.8  2000/06/09 07:23:25  kloczek
-- added using %{__make} macro.
-
-Revision 1.7  2000/04/01 11:14:52  zagrodzki
-- changed all BuildRoot definitons
-- removed all applnkdir defs
-- changed some prereqs/requires
-- removed duplicate empty lines
-
-Revision 1.6  2000/03/28 16:54:41  baggins
-- translated kloczkish into english
-
-Revision 1.5  2000/03/15 15:30:16  kloczek
-- cosmetics.
-
-Revision 1.4  2000/03/07 18:16:12  baggins
-- cleaned up to PLD standards
+Revision 1.30  2006/07/18 20:57:59  glen
+- switched to debian source
 
-Revision 1.3  1999/07/12 23:06:06  kloczek
-- added using CVS keywords in %changelog (for automating them).
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/logcheck.spec?r1=1.29&r2=1.30&f=u

More information about the pld-cvs-commit mailing list