cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/security/logcheck/patches/patch-logcheck_sh
jsyn d1edbcc265 Import of logcheck-1.1.1: 
--
Logcheck is a scheduled auditing tool that scans system log files
for security violations and unusual activity.  Reports of suspicious
log entries are mailed to a specified user (usually root).

WWW: http://www.psionic.com/abacus/logcheck

MAINTAINER= Srebrenko Sehic <haver@insecure.dk>
2001-12-03 19:17:33 +00:00

79 lines
3.1 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-logcheck_sh,v 1.1.1.1 2001/12/03 19:17:33 jsyn Exp $
--- systems/generic/logcheck.sh.orig Sun Dec 2 14:40:46 2001
+++ systems/generic/logcheck.sh Sun Dec 2 15:21:27 2001
@@ -31,7 +31,7 @@
# CONFIGURATION SECTION
-PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin
+PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
# Logcheck is pre-configured to work on most BSD like systems, however it
# is a rather dumb program and may need some help to work on other
@@ -44,7 +44,7 @@ SYSADMIN=root
# Full path to logtail program.
# This program is required to run this script and comes with the package.
-LOGTAIL=/usr/local/bin/logtail
+LOGTAIL=%%LOCALBASE%%/bin/logtail
# Full path to SECURED (non public writable) /tmp directory.
# Prevents Race condition and potential symlink problems. I highly
@@ -52,7 +52,7 @@ LOGTAIL=/usr/local/bin/logtail
# You would also be well advised to make sure all your system/cron scripts
# use this directory for their "scratch" area.
-TMPDIR=/usr/local/etc/tmp
+TMPDIR=%%LOGCHECK_TMP%%
# The 'grep' command. This command MUST support the
# '-i' '-v' and '-f' flags!! The GNU grep does this by default (that's
@@ -89,7 +89,7 @@ MAIL=mail
# look for generic ISS probes (who the hell else looks for
# "WIZ" besides ISS?), and obvious sendmail attacks/probes.
-HACKING_FILE=/usr/local/etc/logcheck.hacking
+HACKING_FILE=%%SYSCONFDIR%%/logcheck/logcheck.hacking
# File of security violation patterns to specifically look for.
# This file should contain keywords of information administrators should
@@ -98,7 +98,7 @@ HACKING_FILE=/usr/local/etc/logcheck.hac
# some items, but these will be caught by the next check. Move suspicious
# items into this file to have them reported regularly.
-VIOLATIONS_FILE=/usr/local/etc/logcheck.violations
+VIOLATIONS_FILE=%%SYSCONFDIR%%/logcheck/logcheck.violations
# File that contains more complete sentences that have keywords from
# the violations file. These keywords are normal and are not cause for
@@ -115,14 +115,14 @@ VIOLATIONS_FILE=/usr/local/etc/logcheck.
#
# Again, be careful what you put in here and DO NOT LEAVE IT EMPTY!
-VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore
+VIOLATIONS_IGNORE_FILE=%%SYSCONFDIR%%/logcheck/logcheck.violations.ignore
# This is the name of a file that contains patterns that we should
# ignore if found in a log file. If you have repeated false alarms
# or want specific errors ignored, you should put them in here.
# Once again, be as specific as possible, and go easy on the wildcards
-IGNORE_FILE=/usr/local/etc/logcheck.ignore
+IGNORE_FILE=%%SYSCONFDIR%%/logcheck/logcheck.ignore
# The files are reported in the order of hacking, security
# violations, and unusual system events. Notice that this
@@ -163,7 +163,12 @@ fi
# ALWAYS BE chmod 600 OWNER root!!
# Generic and Linux Slackware 3.x
+#$LOGTAIL /var/log/messages > $TMPDIR/check.$$
+
+# OpenBSD 2.x, 3.x
$LOGTAIL /var/log/messages > $TMPDIR/check.$$
+$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$
+$LOGTAIL /var/log/authlog >> $TMPDIR/check.$$
# Linux Red Hat Version 3.x, 4.x
#$LOGTAIL /var/log/messages > $TMPDIR/check.$$
Reference in New Issue View Git Blame Copy Permalink