diff mbox series

[2/2] logwatch: Fixes bug13762 - ssh logins not shown on Log Summary page

Message ID 20240828100446.6617-2-adolf.belka@ipfire.org
State New
Headers
Series [1/2] log.dat: Fix bug13762 - ssh logins not shown in system logs |

Commit Message

Adolf Belka Aug. 28, 2024, 10:04 a.m. UTC 
  - Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd
   login data from the messages log as the daemon was changed to sshd-session.
- Therefore the daily logwatch files were missing the sshd information in them.
- A patch to add support for openssh-9.8 sshd-session and port info has been merged into
   the logwatch git system and will be included into the next released version of logwatch
- Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support.
- Update the previous three logwatch patches for version 7.11
- Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information
   into the Log Summary page.
- When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able
   to be removed.

Fixes: bug13762
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/logwatch              |  3 ++
 lfs/logwatch                                  | 13 ++++---
 ...SSH-9.8-sshd-session-and-port-number.patch | 39 +++++++++++++++++++
 ....patch => logwatch-7.11-date_manip6.patch} |  8 ++--
 .../logwatch-7.11-disable_iptables.patch      | 14 +++++++
 ... => logwatch-7.11-enable-mdadm-sudo.patch} | 14 +++----
 .../logwatch-7.6-disable_iptables.patch       | 14 -------
 7 files changed, 74 insertions(+), 31 deletions(-)
 create mode 100644 src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
 rename src/patches/logwatch/{logwatch-7.3.6-date_manip6.patch => logwatch-7.11-date_manip6.patch} (61%)
 create mode 100644 src/patches/logwatch/logwatch-7.11-disable_iptables.patch
 rename src/patches/logwatch/{logwatch-7.6-enable-mdadm-sudo.patch => logwatch-7.11-enable-mdadm-sudo.patch} (71%)
 delete mode 100644 src/patches/logwatch/logwatch-7.6-disable_iptables.patch
diff mbox series

Patch

diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch
index 2732215d5..026757b52 100644
--- a/config/rootfiles/common/logwatch
+++ b/config/rootfiles/common/logwatch
@@ -59,6 +59,7 @@  usr/share/logwatch/default.conf/logfiles/resolver.conf
 #usr/share/logwatch/default.conf/logfiles/rt314.conf
 usr/share/logwatch/default.conf/logfiles/samba.conf
 #usr/share/logwatch/default.conf/logfiles/secure.conf
+#usr/share/logwatch/default.conf/logfiles/snort.conf
 #usr/share/logwatch/default.conf/logfiles/sonicwall.conf
 #usr/share/logwatch/default.conf/logfiles/spamassassin.conf
 usr/share/logwatch/default.conf/logfiles/syslog.conf
@@ -167,6 +168,7 @@  usr/share/logwatch/default.conf/services/scsi.conf
 #usr/share/logwatch/default.conf/services/shaperd.conf
 #usr/share/logwatch/default.conf/services/slon.conf
 #usr/share/logwatch/default.conf/services/smartd.conf
+#usr/share/logwatch/default.conf/services/snort.conf
 #usr/share/logwatch/default.conf/services/sonicwall.conf
 #usr/share/logwatch/default.conf/services/spamassassin.conf
 usr/share/logwatch/default.conf/services/sshd.conf
@@ -317,6 +319,7 @@  usr/share/logwatch/scripts/services/scsi
 #usr/share/logwatch/scripts/services/shaperd
 #usr/share/logwatch/scripts/services/slon
 #usr/share/logwatch/scripts/services/smartd
+#usr/share/logwatch/scripts/services/snort
 #usr/share/logwatch/scripts/services/sonicwall
 #usr/share/logwatch/scripts/services/spamassassin
 usr/share/logwatch/scripts/services/sshd
diff --git a/lfs/logwatch b/lfs/logwatch
index 391315de4..b2452e21e 100644
--- a/lfs/logwatch
+++ b/lfs/logwatch
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 7.8
+VER        = 7.11
 
 THISAPP    = logwatch-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 35480a22077e43b70d15a00cc0a3a8297c1e57c465d6fffe7a9a68a9b4fb14ef62c1d2bcae8a4ab2d70af16451b8f0b5dba8aec29beae1012501a118915edd92
+$(DL_FILE)_BLAKE2 = 074b9b1d58bd199c82edc6fb40703b71f9488966e2acb8afc015fde93806740d11a3c8705303139716bbc50c353f3e8c3f4c0e9cf1d5f870cbb8599fbdd526d1
 
 install : $(TARGET)
 
@@ -72,9 +72,10 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && sed -e "s/^TEMPDIR=.*/TEMPDIR=\"\/tmp\"/g" -i install_logwatch.sh
 
-	cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
+	cd $(DIR_APP)/lib && patch -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-date_manip6.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-disable_iptables.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
 
 	@cd $(DIR_APP) && chmod 755 install_logwatch.sh
 	cd $(DIR_APP) && yes "" | ./install_logwatch.sh
diff --git a/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
new file mode 100644
index 000000000..816f6b4e8
--- /dev/null
+++ b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch
@@ -0,0 +1,39 @@ 
+diff -Naur logwatch-7.11.orig/conf/services/secure.conf logwatch-7.11/conf/services/secure.conf
+--- logwatch-7.11.orig/conf/services/secure.conf	2016-03-09 21:14:35.000000000 +0100
++++ logwatch-7.11/conf/services/secure.conf	2024-08-27 14:48:48.453853293 +0200
+@@ -24,7 +24,7 @@
+ # Use this to ignore certain services in the secure log.
+ # You can ignore as many services as you would like.
+ # (we ignore sshd because its entries are processed by the sshd script)
+-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
++$ignore_services = sshd sshd-session Pluto stunnel proftpd saslauthd imapd postfix/smtpd
+ 
+ # For these services, summarize only (i.e. don't least each IP, just
+ # list the number of connections total)
+diff -Naur logwatch-7.11.orig/conf/services/sshd.conf logwatch-7.11/conf/services/sshd.conf
+--- logwatch-7.11.orig/conf/services/sshd.conf	2020-09-20 23:38:32.000000000 +0200
++++ logwatch-7.11/conf/services/sshd.conf	2024-08-27 14:49:08.077782387 +0200
+@@ -19,7 +19,7 @@
+ LogFile = messages
+ 
+ # Only give lines pertaining to the sshd service...
+-*OnlyService = sshd
++*OnlyService = (sshd|sshd-session)
+ *RemoveHeaders
+ 
+ # Variable $sshd_ignore_host is used to filter out hosts that login
+diff -Naur logwatch-7.11.orig/scripts/services/sshd logwatch-7.11/scripts/services/sshd
+--- logwatch-7.11.orig/scripts/services/sshd	2022-12-29 01:34:28.000000000 +0100
++++ logwatch-7.11/scripts/services/sshd	2024-08-27 14:49:21.908202288 +0200
+@@ -246,9 +246,9 @@
+       $NoIdent{$name}++;
+    } elsif (
+       ($ThisLine =~ m/^(?:error:.*|fatal:) Connection closed by remote host/ ) or
+-      ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or
++      ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+)(| port \d+): Connection reset by peer/ ) or
+       ($ThisLine =~ m/^error: .*: read: Connection reset by peer/ ) or
+-      ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or
++      ($ThisLine =~ m/^Read error from remote host [^ ]+(| port \d+): (Connection timed out|No route to host)/ ) or
+       ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or
+       ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or
+       ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or
diff --git a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch b/src/patches/logwatch/logwatch-7.11-date_manip6.patch
similarity index 61%
rename from src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
rename to src/patches/logwatch/logwatch-7.11-date_manip6.patch
index 015e7d6be..7f9ebd1c6 100644
--- a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
+++ b/src/patches/logwatch/logwatch-7.11-date_manip6.patch
@@ -1,9 +1,9 @@ 
---- Logwatch.pm.orig    2012-06-20 09:58:12.786294471 +0200
-+++ Logwatch.pm 2012-06-20 09:41:59.443055298 +0200
+--- Logwatch.pm.orig	2022-02-07 01:59:10.000000000 +0100
++++ Logwatch.pm	2024-08-27 15:16:30.023491645 +0200
 @@ -4,6 +4,10 @@
-
+ 
  package Logwatch;
-
+ 
 +# Define interace version 5 for Date::Manip
 +BEGIN {
 +       $Date::Manip::Backend = 'DM5';
diff --git a/src/patches/logwatch/logwatch-7.11-disable_iptables.patch b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch
new file mode 100644
index 000000000..9876c2ecb
--- /dev/null
+++ b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch
@@ -0,0 +1,14 @@ 
+--- logwatch-7.11/conf/logwatch.conf.orig	2024-01-22 20:31:51.000000000 +0100
++++ logwatch-7.11/conf/logwatch.conf	2024-08-27 15:17:43.685786586 +0200
+@@ -126,6 +126,11 @@
+                             # prints useful system configuration info.
+ Service = "-eximstats"      # Prevents execution of eximstats service, which
+                             # is a wrapper for the eximstats program.
++
++# Disabled: 'iptables'
++Service = "-iptables"
++
++
+ # Because the above sets "All" as the default, and disables certain
+ # services, you can also set the Service variable to an empty string
+ # in your local logwatch.conf (by default, under /etc/logwatch/conf).
diff --git a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
similarity index 71%
rename from src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
rename to src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
index af792250f..dc39ee401 100644
--- a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
+++ b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch
@@ -1,6 +1,6 @@ 
-diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
---- a/conf/services/mdadm.conf	Sat Jan 22 01:00:00 2022
-+++ b/conf/services/mdadm.conf	Sun Apr 10 10:48:21 2022
+diff -Naur logwatch-7.11.orig/conf/services/mdadm.conf logwatch-7.11/conf/services/mdadm.conf
+--- logwatch-7.11.orig/conf/services/mdadm.conf	2018-12-17 02:47:45.000000000 +0100
++++ logwatch-7.11/conf/services/mdadm.conf	2024-08-27 15:18:31.430605943 +0200
 @@ -13,7 +13,7 @@
  # Logwatch will try to find md devices in /etc/mdadm.conf or 
  # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively
@@ -10,14 +10,14 @@  diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
  
  # Logwatch will emit an error for md devices listed in /etc/mdadm.conf
  # that are not present.  If you do not want this (e.g. raid devices may come
-diff -U 3 a/scripts/services/mdadm b/scripts/services/mdadm
---- a/scripts/services/mdadm	Sat Jan 22 01:00:00 2022
-+++ b/scripts/services/mdadm	Sun Apr 10 10:38:19 2022
+diff -Naur logwatch-7.11.orig/scripts/services/mdadm logwatch-7.11/scripts/services/mdadm
+--- logwatch-7.11.orig/scripts/services/mdadm	2023-05-21 02:25:35.000000000 +0200
++++ logwatch-7.11/scripts/services/mdadm	2024-08-27 15:21:08.495487732 +0200
 @@ -36,7 +36,7 @@
  if (
      open($mdadm, "<", "/etc/mdadm.conf") or
      open($mdadm, "<", "/etc/mdadm/mdadm.conf") or
--    open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) {
+-    open($mdadm, "-|", "mdadm --detail --scan")) {
 +    open($mdadm, "<", "sudo mdadm --detail --scan 2>/dev/null|")) {
     while (<$mdadm>) {
         if (/^ARRAY/) {
diff --git a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch b/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
deleted file mode 100644
index 99c5b493b..000000000
--- a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
+++ /dev/null
@@ -1,14 +0,0 @@ 
-diff -U 3 a/conf/logwatch.conf b/conf/logwatch.conf
---- a/conf/logwatch.conf	Sat Jan 22 01:00:00 2022
-+++ b/conf/logwatch.conf	Sun Apr 10 10:33:20 2022
-@@ -96,6 +96,10 @@
-                             # prints useful system configuration info.
- Service = "-eximstats"      # Prevents execution of eximstats service, which
-                             # is a wrapper for the eximstats program.
-+
-+# Disabled: 'iptables'
-+Service = "-iptables"
-+
- # If you only cared about FTP messages, you could use these 2 lines
- # instead of the above:
- #Service = ftpd-messages   # Processes ftpd messages in /var/log/messages