diff options
Diffstat (limited to 'security/logcheck')
-rw-r--r-- | security/logcheck/Makefile | 25 | ||||
-rw-r--r-- | security/logcheck/distinfo | 6 | ||||
-rw-r--r-- | security/logcheck/patches/patch-aa | 90 | ||||
-rw-r--r-- | security/logcheck/patches/patch-ab | 78 | ||||
-rwxr-xr-x | security/logcheck/pkg/DEINSTALL | 8 | ||||
-rw-r--r-- | security/logcheck/pkg/DESCR | 14 | ||||
-rw-r--r-- | security/logcheck/pkg/MESSAGE.in | 14 | ||||
-rw-r--r-- | security/logcheck/pkg/PLIST | 7 |
8 files changed, 242 insertions, 0 deletions
diff --git a/security/logcheck/Makefile b/security/logcheck/Makefile new file mode 100644 index 00000000000..6e19f400496 --- /dev/null +++ b/security/logcheck/Makefile @@ -0,0 +1,25 @@ +# $NetBSD: Makefile,v 1.1.1.1 2001/07/17 15:00:48 nra Exp $ + +DISTNAME= logcheck-1.1.1 +CATEGORIES= security +MASTER_SITES= http://www.psionic.com/tools/ + +MAINTAINER= packages@netbsd.org +HOMEPAGE= http://www.psionic.com/ +COMMENT= Auditing tool for system logs on Unix boxes + +PKGMESSAGE= ${WRKDIR}/MESSAGE + +post-patch: + @${MV} ${WRKSRC}/Makefile ${WRKSRC}/Makefile.old + @${SED} -e "s+/usr/local+${PREFIX}+g" \ + < ${WRKSRC}/Makefile.old > ${WRKSRC}/Makefile + +post-build: + @${SED} -e "s+%%PREFIX%%+${PREFIX}+g" \ + ${PKGDIR}/MESSAGE.in > ${PKGMESSAGE} + +post-install: + @${CAT} ${PKGMESSAGE} + +.include "../../mk/bsd.pkg.mk" diff --git a/security/logcheck/distinfo b/security/logcheck/distinfo new file mode 100644 index 00000000000..d5998d9621e --- /dev/null +++ b/security/logcheck/distinfo @@ -0,0 +1,6 @@ +$NetBSD: distinfo,v 1.1.1.1 2001/07/17 15:00:48 nra Exp $ + +SHA1 (logcheck-1.1.1.tar.gz) = 18f89f0dacfe9ff31076c006d58e1bcfedaa7f22 +Size (logcheck-1.1.1.tar.gz) = 30267 bytes +SHA1 (patch-aa) = a0d57a4554d670add82c8df7df7ec84515497b3d +SHA1 (patch-ab) = 8dd4c3a6c7bba07792c5fc6ac5caaf5e7cde7242 diff --git a/security/logcheck/patches/patch-aa b/security/logcheck/patches/patch-aa new file mode 100644 index 00000000000..7be2ec21ef4 --- /dev/null +++ b/security/logcheck/patches/patch-aa @@ -0,0 +1,90 @@ +$NetBSD: patch-aa,v 1.1.1.1 2001/07/17 15:00:48 nra Exp $ + +--- Makefile.orig Sun Oct 31 16:07:29 1999 ++++ Makefile Thu Jun 21 09:19:45 2001 +@@ -5,13 +5,15 @@ + # Thanks to rbulling@obscure.org for cleaning this Makefile up.. + # + ++SYSTYPE=freebsd ++ + # Generic compiler +- CC = cc ++ CC ?= cc + # GNU.. + # CC = gcc + + # Normal systems flags +-CFLAGS = -O ++CFLAGS ?= -O + # Braindead HPUX compiler flags + #CFLAGS = -O -Aa + +@@ -30,24 +32,12 @@ + INSTALLDIR_SH = /usr/local/etc + + # The scratch directory for logcheck files. +-TMPDIR = /usr/local/etc/tmp ++TMPDIR = /var/adm/tmp + + # Debug mode for logtail + # CFLAGS = -g -DDEBUG + +-all: +- @echo "Usage: make <systype>" +- @echo "<systype> is one of: " +- @echo " linux, bsdos, freebsd, sun, generic, hpux, digital" +- @echo "" +- @echo "NOTE: This will make and install the package in these" +- @echo " directories:" +- @echo " logcheck configuration files : $(INSTALLDIR)" +- @echo " logcheck.sh shell script : $(INSTALLDIR_SH)" +- @echo " logtail program : $(INSTALLDIR_BIN)" +- @echo "" +- @echo "Edit the makefile if you wish to change these paths." +- @echo "Any existing files will be overwritten." ++all: build + + clean: + /bin/rm ./src/logtail ./src/logtail.o +@@ -60,27 +50,29 @@ + /bin/rm $(INSTALLDIR)/logcheck.violations.ignore + /bin/rm $(INSTALLDIR_BIN)/logtail + +-install: ++build: + @echo "Making $(SYSTYPE)" + $(CC) $(CFLAGS) -o ./src/logtail ./src/logtail.c ++ ++install: + @echo "Creating temp directory $(TMPDIR)" +- @if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fi ++ @if [ ! -d $(TMPDIR) ]; then /bin/mkdir -p $(TMPDIR); fi + @echo "Setting temp directory permissions" + chmod 700 $(TMPDIR) + @echo "Copying files" +- cp ./systems/$(SYSTYPE)/logcheck.hacking $(INSTALLDIR) +- cp ./systems/$(SYSTYPE)/logcheck.violations $(INSTALLDIR) +- cp ./systems/$(SYSTYPE)/logcheck.violations.ignore $(INSTALLDIR) +- cp ./systems/$(SYSTYPE)/logcheck.ignore $(INSTALLDIR) +- cp ./systems/$(SYSTYPE)/logcheck.sh $(INSTALLDIR_SH) ++ cp ./systems/$(SYSTYPE)/logcheck.hacking $(INSTALLDIR)/logcheck.hacking.sample ++ cp ./systems/$(SYSTYPE)/logcheck.violations $(INSTALLDIR)/logcheck.violations.sample ++ cp ./systems/$(SYSTYPE)/logcheck.violations.ignore $(INSTALLDIR)/logcheck.violations.ignore.sample ++ cp ./systems/$(SYSTYPE)/logcheck.ignore $(INSTALLDIR)/logcheck.ignore.sample ++ cp ./systems/$(SYSTYPE)/logcheck.sh $(INSTALLDIR_SH)/logcheck.sh + cp ./src/logtail $(INSTALLDIR_BIN) + @echo "Setting permissions" + chmod 700 $(INSTALLDIR_SH)/logcheck.sh + chmod 700 $(INSTALLDIR_BIN)/logtail +- chmod 600 $(INSTALLDIR)/logcheck.violations.ignore +- chmod 600 $(INSTALLDIR)/logcheck.violations +- chmod 600 $(INSTALLDIR)/logcheck.hacking +- chmod 600 $(INSTALLDIR)/logcheck.ignore ++ chmod 600 $(INSTALLDIR)/logcheck.violations.ignore.sample ++ chmod 600 $(INSTALLDIR)/logcheck.violations.sample ++ chmod 600 $(INSTALLDIR)/logcheck.hacking.sample ++ chmod 600 $(INSTALLDIR)/logcheck.ignore.sample + @echo "Done. Don't forget to set your crontab." + + generic: diff --git a/security/logcheck/patches/patch-ab b/security/logcheck/patches/patch-ab new file mode 100644 index 00000000000..54cc08844bf --- /dev/null +++ b/security/logcheck/patches/patch-ab @@ -0,0 +1,78 @@ +$NetBSD: patch-ab,v 1.1.1.1 2001/07/17 15:00:48 nra Exp $ + +--- systems/freebsd/logcheck.sh.orig Sun Oct 31 16:07:29 1999 ++++ systems/freebsd/logcheck.sh Thu Jun 21 08:42:39 2001 +@@ -31,7 +31,7 @@ + + # CONFIGURATION SECTION + +-PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin ++PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/pkg/sbin:/usr/pkg/bin + + # Logcheck is pre-configured to work on most BSD like systems, however it + # is a rather dumb program and may need some help to work on other +@@ -44,7 +44,7 @@ + # Full path to logtail program. + # This program is required to run this script and comes with the package. + +-LOGTAIL=/usr/local/bin/logtail ++LOGTAIL=/usr/pkg/bin/logtail + + # Full path to SECURED (non public writable) /tmp directory. + # Prevents Race condition and potential symlink problems. I highly +@@ -52,7 +52,7 @@ + # You would also be well advised to make sure all your system/cron scripts + # use this directory for their "scratch" area. + +-TMPDIR=/usr/local/etc/tmp ++TMPDIR=/var/adm/tmp + + # The 'grep' command. This command MUST support the + # '-i' '-v' and '-f' flags!! The GNU grep does this by default (that's +@@ -89,7 +89,7 @@ + # look for generic ISS probes (who the hell else looks for + # "WIZ" besides ISS?), and obvious sendmail attacks/probes. + +-HACKING_FILE=/usr/local/etc/logcheck.hacking ++HACKING_FILE=/usr/pkg/etc/logcheck.hacking + + # File of security violation patterns to specifically look for. + # This file should contain keywords of information administrators should +@@ -98,7 +98,7 @@ + # some items, but these will be caught by the next check. Move suspicious + # items into this file to have them reported regularly. + +-VIOLATIONS_FILE=/usr/local/etc/logcheck.violations ++VIOLATIONS_FILE=/usr/pkg/etc/logcheck.violations + + # File that contains more complete sentences that have keywords from + # the violations file. These keywords are normal and are not cause for +@@ -115,14 +115,14 @@ + # + # Again, be careful what you put in here and DO NOT LEAVE IT EMPTY! + +-VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore ++VIOLATIONS_IGNORE_FILE=/usr/pkg/etc/logcheck.violations.ignore + + # This is the name of a file that contains patterns that we should + # ignore if found in a log file. If you have repeated false alarms + # or want specific errors ignored, you should put them in here. + # Once again, be as specific as possible, and go easy on the wildcards + +-IGNORE_FILE=/usr/local/etc/logcheck.ignore ++IGNORE_FILE=/usr/pkg/etc/logcheck.ignore + + # The files are reported in the order of hacking, security + # violations, and unusual system events. Notice that this +@@ -170,9 +170,10 @@ + #$LOGTAIL /var/log/secure >> $TMPDIR/check.$$ + #$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$ + +-# FreeBSD 2.x ++# NetBSD + $LOGTAIL /var/log/messages > $TMPDIR/check.$$ + $LOGTAIL /var/log/maillog >> $TMPDIR/check.$$ ++$LOGTAIL /var/log/authlog >> $TMPDIR/check.$$ + + # BSDI 2.x + #$LOGTAIL /var/log/messages > $TMPDIR/check.$$ diff --git a/security/logcheck/pkg/DEINSTALL b/security/logcheck/pkg/DEINSTALL new file mode 100755 index 00000000000..f8dfee1d9eb --- /dev/null +++ b/security/logcheck/pkg/DEINSTALL @@ -0,0 +1,8 @@ +#!/bin/sh +# +# $NetBSD: DEINSTALL,v 1.1.1.1 2001/07/17 15:00:48 nra Exp $ +# + +[ -d /var/adm/tmp ] && rmdir /var/adm/tmp +[ -d /var/adm ] && rmdir /var/adm +exit 0 diff --git a/security/logcheck/pkg/DESCR b/security/logcheck/pkg/DESCR new file mode 100644 index 00000000000..91ccbe4c5b7 --- /dev/null +++ b/security/logcheck/pkg/DESCR @@ -0,0 +1,14 @@ +Logcheck helps spot problems and security violations in your logfiles +automatically and will send the results to you in e-mail. + +Logcheck is part of the Abacus Project of security tools. It is a program +created to help in the processing of UNIX system logfiles generated by the +various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper +and Log Daemon packages, and the Firewall Toolkit(c) by Trusted Information +Systems Inc.(TIS). Logcheck also works very well at reporting on other +common operating system security violations and strange events. + +WWW: http://www.psionic.com/ + +- Dan Langille +dan@freebsddiary.org diff --git a/security/logcheck/pkg/MESSAGE.in b/security/logcheck/pkg/MESSAGE.in new file mode 100644 index 00000000000..5dae1b02af9 --- /dev/null +++ b/security/logcheck/pkg/MESSAGE.in @@ -0,0 +1,14 @@ +---------------------------------------------------------------------------- + + Remember to copy the sample files to the real file names. + Here is an example what you need to do: + + cd %%PREFIX%%/etc/ + cp logcheck.ignore.sample logcheck.ignore + cp logcheck.violations.ignore.sample logcheck.violations.ignore + cp logcheck.violations.sample logcheck.violations + cp logcheck.hacking.sample logcheck.hacking + + Note that logcheck is started with %%PREFIX%%/etc/logcheck.sh + +---------------------------------------------------------------------------- diff --git a/security/logcheck/pkg/PLIST b/security/logcheck/pkg/PLIST new file mode 100644 index 00000000000..be909d84380 --- /dev/null +++ b/security/logcheck/pkg/PLIST @@ -0,0 +1,7 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2001/07/17 15:00:48 nra Exp $ +bin/logtail +etc/logcheck.hacking.sample +etc/logcheck.ignore.sample +etc/logcheck.sh +etc/logcheck.violations.ignore.sample +etc/logcheck.violations.sample |