Index: UIDs =================================================================== RCS file: /home/pcvs/ports/UIDs,v retrieving revision 1.74 diff -u -r1.74 UIDs --- UIDs 8 Sep 2008 20:09:59 -0000 1.74 +++ UIDs 9 Sep 2008 18:49:35 -0000 @@ -144,4 +144,4 @@ _sj3:*:912:912::0:0:SJ3 Daemon:/nonexistent:/usr/sbin/nologin _relayd:*:913:913::0:0:Relay Daemon:/var/empty:/usr/sbin/nologin bitlbee:*:914:914::0:0:Bitlbee pseudo-user:/nonexistent:/sbin/nologin -logcheck:*:915:915::0:0:Logcheck system account:/var/lib/logcheck:/sbin/nologin +logcheck:*:915:915::0:0:Logcheck system account:/var/lib/logcheck:/usr/local/bin/bash Index: UPDATING =================================================================== RCS file: /home/pcvs/ports/UPDATING,v retrieving revision 1.716 diff -u -r1.716 UPDATING --- UPDATING 7 Sep 2008 21:48:44 -0000 1.716 +++ UPDATING 9 Sep 2008 18:49:37 -0000 @@ -6,6 +6,54 @@ time you update your ports collection, before attempting any port upgrades. +20080909: + AFFECTS: users of security/logcheck + AUTHOR: glarkin@FreeBSD.org + + logcheck now stores its configuration files in + /usr/local/etc/logcheck instead of /usr/local/etc. If you are + upgrading the port from version 1.1.1 to version 1.2.54, copy + the following files to a temporary directory, in case they are + removed during the upgrade: + + /usr/local/etc/logcheck.hacking + /usr/local/etc/logcheck.ignore + /usr/local/etc/logcheck.violations + /usr/local/etc/logcheck.violations.ignore + + e.g.: + cd /usr/local/etc + mkdir /tmp/logcheck.saveconf + cp logcheck.hacking logcheck.ignore logcheck.violations* \ + /tmp/logcheck.saveconf + + After the upgrade, integrate your local changes to the files listed + above into the new configuration files found in the following + directories: + + /usr/local/etc/logcheck/cracking.d + /usr/local/etc/logcheck/ignore.d.paranoid + /usr/local/etc/logcheck/ignore.d.server + /usr/local/etc/logcheck/ignore.d.workstation + /usr/local/etc/logcheck/violations.d + /usr/local/etc/logcheck/violations.ignore.d + + Please consult the following files for more information about + logcheck rules and reporting levels: + + /usr/local/share/doc/logcheck/README.logcheck + /usr/local/share/doc/logcheck/README.logcheck-database + + Also note that the upgraded port installs a crontab file for user + "logcheck" that executes the logcheck script every hour and emails + the results to root. If the installation process cannot install + the crontab file, it can be installed manually from: + + /usr/local/share/examples/logcheck/crontab.in + + e.g.: + crontab -u logcheck /usr/local/share/examples/logcheck/crontab.in + 20080907: AFFECTS: users of www/mediawiki AUTHOR: miwi@FreeBSD.org Index: security/logcheck/Makefile =================================================================== RCS file: /home/pcvs/ports/security/logcheck/Makefile,v retrieving revision 1.22 diff -u -r1.22 Makefile --- security/logcheck/Makefile 8 Sep 2008 20:09:59 -0000 1.22 +++ security/logcheck/Makefile 9 Sep 2008 18:49:37 -0000 @@ -7,7 +7,7 @@ PORTNAME= logcheck PORTVERSION= 1.2.54 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= ftp://ftp.debian.org/debian/pool/main/l/logcheck/ \ http://ftp.de.debian.org/debian/pool/main/l/logcheck/ @@ -18,12 +18,23 @@ BUILD_DEPENDS= docbook-to-man:${PORTSDIR}/textproc/docbook-to-man RUN_DEPENDS= lockfile:${PORTSDIR}/mail/procmail \ - bash:${PORTSDIR}/shells/bash \ - perl:${PORTSDIR}/lang/perl5 + bash:${PORTSDIR}/shells/bash + +LOGCHECK_USER= logcheck +LOGCHECK_UID= 915 +LOGCHECK_GROUP= ${LOGCHECK_USER} +LOGCHECK_GID= ${LOGCHECK_UID} + +# Enable Perl dependency for logtail script +USE_PERL5= 5.8.0+ WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} BINMODE= 755 SHAREMODE= 640 +SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \ + LOGCHECK_UID=${LOGCHECK_UID} \ + LOGCHECK_GROUP=${LOGCHECK_GROUP} \ + LOGCHECK_GID=${LOGCHECK_GID} SUB_FILES= pkg-install pkg-deinstall pkg-message CONFIG_DIRS= cracking.d ignore.d.paranoid ignore.d.server \ ignore.d.workstation violations.d violations.ignore.d @@ -31,13 +42,10 @@ PORTDOCS= ${DOCS:T} MAN8= logcheck.8 logtail.8 -LOGCHECK_USER= logcheck -LOGCHECK_GROUP= ${LOGCHECK_USER} - do-build: ${REINPLACE_CMD} -e 's!/var/log/syslog!/var/log/messages!' \ ${WRKSRC}/etc/logcheck.logfiles - ${REINPLACE_CMD} -e 's!/etc/logcheck!/usr/local/etc/logcheck!' \ + ${REINPLACE_CMD} -e 's!/etc/logcheck!${ETCDIR}!' \ -e 's!/usr/share/doc/logcheck-database/README.logcheck-database.gz!${DOCSDIR}/README.logcheck-database!' \ ${WRKSRC}/docs/logcheck.sgml docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8 Index: security/logcheck/files/patch-src__logcheck =================================================================== RCS file: /home/pcvs/ports/security/logcheck/files/patch-src__logcheck,v retrieving revision 1.1 diff -u -r1.1 patch-src__logcheck --- security/logcheck/files/patch-src__logcheck 7 Sep 2008 01:31:56 -0000 1.1 +++ security/logcheck/files/patch-src__logcheck 9 Sep 2008 18:49:37 -0000 @@ -11,7 +11,7 @@ if [ $UID == 0 ]; then echo "logcheck should not be run as root. Use su to invoke logcheck:" - echo "su -s /bin/bash -c \"/usr/sbin/logcheck${@:+ $@}\" logcheck" -+ echo "su logcheck -c \"/usr/local/bin/bash /usr/local/sbin/logcheck${@:+ $@}\"" ++ echo "su -m logcheck -c \"/usr/local/bin/bash /usr/local/sbin/logcheck${@:+ $@}\"" echo "Or use sudo: sudo -u logcheck logcheck${@:+ $@}." # you may want to uncomment that hack to let logcheck invoke itself. - # su -s /bin/bash -c "$0 $*" logcheck Index: security/logcheck/files/pkg-deinstall.in =================================================================== RCS file: /home/pcvs/ports/security/logcheck/files/pkg-deinstall.in,v retrieving revision 1.1 diff -u -r1.1 pkg-deinstall.in --- security/logcheck/files/pkg-deinstall.in 7 Sep 2008 01:31:56 -0000 1.1 +++ security/logcheck/files/pkg-deinstall.in 9 Sep 2008 18:49:37 -0000 @@ -1,7 +1,7 @@ #!/bin/sh -user="logcheck" -group="logcheck" +user="%%LOGCHECK_USER%%" +group="%%LOGCHECK_GROUP%%" configfiles="logcheck.conf logcheck.logfiles" case $2 in Index: security/logcheck/files/pkg-install.in =================================================================== RCS file: /home/pcvs/ports/security/logcheck/files/pkg-install.in,v retrieving revision 1.1 diff -u -r1.1 pkg-install.in --- security/logcheck/files/pkg-install.in 7 Sep 2008 01:31:56 -0000 1.1 +++ security/logcheck/files/pkg-install.in 9 Sep 2008 18:49:37 -0000 @@ -1,10 +1,12 @@ #!/bin/sh -user="logcheck" -group="logcheck" +user="%%LOGCHECK_USER%%" +uid="%%LOGCHECK_UID%%" +group="%%LOGCHECK_GROUP%%" +gid="%%LOGCHECK_GID%%" descr="Logcheck system account" homedir="/var/lib/logcheck" -shell="/usr/bin/false" +shell="/usr/local/bin/bash" configfiles="logcheck.conf logcheck.logfiles" case $2 in @@ -12,13 +14,13 @@ if pw group show ${group} > /dev/null 2>&1; then echo "---> You already have a group \"${group}\", so I will use it." else - pw group add "${group}" + pw group add "${group}" -g "${gid}" echo "---> Created group \"${group}\"." fi if pw user show ${user} > /dev/null 2>&1; then echo "---> You already have a user \"${user}\", so I will use it." else - pw user add -n logcheck -c "${descr}" -d "${homedir}" -s "${shell}" -g logcheck -G wheel + pw user add -n ${user} -c "${descr}" -d "${homedir}" -s "${shell}" -g ${group} -G wheel -u "${uid}" echo "---> Created user \"${user}\"." fi ;; @@ -34,8 +36,15 @@ echo "---> Installed crontab(5) file for user \"${user}\"" fi else - /usr/bin/crontab -u "${user}" "%%EXAMPLESDIR%%/crontab.in" || exit 1 - echo "---> Created crontab(5) file for user \"${user}\"" + if grep -q "are not allowed to use this program" /tmp/logchecktab$$ ; then + echo "---> The logcheck user is not allowed to run crontab." + echo "---> Please check the contents of /var/cron/allow and /var/cron/deny" + echo "---> and grant access, if necessary." + exit 1 + else + /usr/bin/crontab -u "${user}" "%%EXAMPLESDIR%%/crontab.in" || exit 1 + echo "---> Created crontab(5) file for user \"${user}\"" + fi fi rm -f /tmp/logchecktab$$ fi