the Fink project is an effort to port
popular Unix programs to Mac OS X
Package: logcheck
Version: 1.1.1
Revision: 2
BuildDepends: fink (>= 0.24.12-1)
#Depends: anacron
Source: http://www.msiunix.com/downloads/software/unix/security/logsentry-%v.tar.gz
SourceRename: %n-%v.tar.gz
Source-MD5: e97c2f096e219e20310c1b80e9e1bc29
PatchFile: %n.patch
PatchFile-MD5: 9c154dd63070f985fb055e68548dcc28
DocFiles: <<
README LICENSE CREDITS INSTALL
README.how.to.interpret README.keywords
<<
#
ConfFiles: <<
%p/etc/logcheck/logcheck.ignore
%p/etc/logcheck/logcheck.violations
%p/etc/logcheck/logcheck.violations.ignore
%p/etc/logcheck/logcheck.hacking
<<
#
CompileScript: <<
perl -pi.bak -e '$p=qw(%i);s/\@PREFIX\@/$p/' Makefile
perl -pi.bak -e '$p=qw(%p);s/\@PREFIX\@/$p/' systems/generic/logcheck.sh
<<
#
InstallScript: <<
mkdir -p %i/etc/logcheck
mkdir -p %i/sbin
make generic
<<
#
Description: Log file auditing
DescDetail: <<
logcheck monitors the system logs and mails security violations on a periodic
basis.
<<
#
DescUsage: <<
In order to execute logcheck hourly, you should add a line like
0 * * * * root /sw/sbin/logcheck.sh
to your /etc/crontab file.
<<
License: GPL
Homepage: http://www.psionic.com/abacus/logcheck
Maintainer: None
diff -ru orig/logcheck-1.1.1/Makefile logcheck-1.1.1/Makefile
--- orig/logcheck-1.1.1/Makefile Sun Oct 31 15:07:29 1999
+++ logcheck-1.1.1/Makefile Thu Dec 6 04:52:57 2001
@@ -19,18 +19,17 @@
# the new paths!!
# This is where keyword files go.
-INSTALLDIR = /usr/local/etc
+INSTALLDIR = @PREFIX@/etc/logcheck
# This is where logtail will go
-INSTALLDIR_BIN = /usr/local/bin
+INSTALLDIR_BIN = @PREFIX@/sbin
# Some people want the logcheck.sh in /usr/local/bin. Uncomment this
# if you want this. /usr/local/etc was kept for compatibility reasons.
-#INSTALLDIR_SH = /usr/local/bin
-INSTALLDIR_SH = /usr/local/etc
+INSTALLDIR_SH = @PREFIX@/sbin
# The scratch directory for logcheck files.
-TMPDIR = /usr/local/etc/tmp
+TMPDIR = @PREFIX@/etc/logcheck/tmp
# Debug mode for logtail
# CFLAGS = -g -DDEBUG
@@ -60,9 +59,11 @@
/bin/rm $(INSTALLDIR)/logcheck.violations.ignore
/bin/rm $(INSTALLDIR_BIN)/logtail
-install:
+src/logtail:
@echo "Making $(SYSTYPE)"
$(CC) $(CFLAGS) -o ./src/logtail ./src/logtail.c
+
+install: src/logtail
@echo "Creating temp directory $(TMPDIR)"
@if [ ! -d $(TMPDIR) ]; then /bin/mkdir $(TMPDIR); fi
@echo "Setting temp directory permissions"
diff -ru orig/logcheck-1.1.1/systems/generic/logcheck.sh logcheck-1.1.1/systems/generic/logcheck.sh
--- orig/logcheck-1.1.1/systems/generic/logcheck.sh Sun Oct 31 15:07:29 1999
+++ logcheck-1.1.1/systems/generic/logcheck.sh Thu Dec 6 05:03:21 2001
@@ -30,8 +30,7 @@
# CONFIGURATION SECTION
-
-PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin
+PATH=@PREFIX@/bin:@PREFIX@/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
# Logcheck is pre-configured to work on most BSD like systems, however it
# is a rather dumb program and may need some help to work on other
@@ -44,7 +43,7 @@
# Full path to logtail program.
# This program is required to run this script and comes with the package.
-LOGTAIL=/usr/local/bin/logtail
+LOGTAIL=@PREFIX@/sbin/logtail
# Full path to SECURED (non public writable) /tmp directory.
# Prevents Race condition and potential symlink problems. I highly
@@ -52,7 +51,7 @@
# You would also be well advised to make sure all your system/cron scripts
# use this directory for their "scratch" area.
-TMPDIR=/usr/local/etc/tmp
+TMPDIR=@PREFIX@/etc/logcheck/tmp
# The 'grep' command. This command MUST support the
# '-i' '-v' and '-f' flags!! The GNU grep does this by default (that's
@@ -89,7 +88,7 @@
# look for generic ISS probes (who the hell else looks for
# "WIZ" besides ISS?), and obvious sendmail attacks/probes.
-HACKING_FILE=/usr/local/etc/logcheck.hacking
+HACKING_FILE=@PREFIX@/etc/logcheck/logcheck.hacking
# File of security violation patterns to specifically look for.
# This file should contain keywords of information administrators should
@@ -98,7 +97,7 @@
# some items, but these will be caught by the next check. Move suspicious
# items into this file to have them reported regularly.
-VIOLATIONS_FILE=/usr/local/etc/logcheck.violations
+VIOLATIONS_FILE=@PREFIX@/etc/logcheck/logcheck.violations
# File that contains more complete sentences that have keywords from
# the violations file. These keywords are normal and are not cause for
@@ -115,14 +114,14 @@
#
# Again, be careful what you put in here and DO NOT LEAVE IT EMPTY!
-VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore
+VIOLATIONS_IGNORE_FILE=@PREFIX@/etc/logcheck/logcheck.violations.ignore
# This is the name of a file that contains patterns that we should
# ignore if found in a log file. If you have repeated false alarms
# or want specific errors ignored, you should put them in here.
# Once again, be as specific as possible, and go easy on the wildcards
-IGNORE_FILE=/usr/local/etc/logcheck.ignore
+IGNORE_FILE=@PREFIX@/etc/logcheck/logcheck.ignore
# The files are reported in the order of hacking, security
# violations, and unusual system events. Notice that this
@@ -163,7 +162,11 @@
# ALWAYS BE chmod 600 OWNER root!!
# Generic and Linux Slackware 3.x
-$LOGTAIL /var/log/messages > $TMPDIR/check.$$
+$LOGTAIL /var/log/system.log > $TMPDIR/check.$$
+$LOGTAIL /var/log/ftp.log >> $TMPDIR/check.$$
+$LOGTAIL /var/log/lpr.log >> $TMPDIR/check.$$
+$LOGTAIL /var/log/mail.log >> $TMPDIR/check.$$
+$LOGTAIL /var/log/netinfo.log >> $TMPDIR/check.$$
# Linux Red Hat Version 3.x, 4.x
#$LOGTAIL /var/log/messages > $TMPDIR/check.$$