From patchwork Wed Aug 28 10:04:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8063 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Wv0QP5Bvcz3wwl for ; Wed, 28 Aug 2024 10:05:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Wv0QK4HJxz4Sk; Wed, 28 Aug 2024 10:04:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Wv0QK0VySz33J6; Wed, 28 Aug 2024 10:04:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Wv0QG1RV4z33BH for ; Wed, 28 Aug 2024 10:04:54 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Wv0QF5Flpz17q; Wed, 28 Aug 2024 10:04:53 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1724839493; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=L6qom0sHYNJCvCvIZ2FEiWcFQSaFVa5an3tsX1ZzUdU=; b=zDaMtQrgzVk1ErNmTAOtXTov26/uFWFlEqTcut+eVq6c/AVXhJ6CvbS1DjLmIDAPFElR6E /fvdzj2Xy2a4m8Bw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1724839493; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=L6qom0sHYNJCvCvIZ2FEiWcFQSaFVa5an3tsX1ZzUdU=; b=vDBfNKoNcL9kZf9IhCmOotLkOKFuKGPmoL9kN9xlUJxJLOqJjE47Cwa1498n6kqFJcwNAL JxbjHpll3IUSiThEwJCB95SHDGSo8jJvyUKjzoEJM2HIrwV/89BumErctQ6ZoXyLi7gS92 zB5IPdMuJgmCHaMh829TxLyB7tChDSfSxkDLSJoTW9T/fW85ui35TutbGG29KFo3ONKUuL 7l+uWTNI3bkmoeXaY8kcViVG/F6HyE4Ipx5k+ilxgqXIh0el+IlWsxVXcP5eboKSImh+f1 mCdZcV+9wMmZQbJ/V5Ajc1reRm98iQt55/PX0HeFmHATa3mjVZh/b2VJXdYbjw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 2/2] logwatch: Fixes bug13762 - ssh logins not shown on Log Summary page Date: Wed, 28 Aug 2024 12:04:46 +0200 Message-ID: <20240828100446.6617-2-adolf.belka@ipfire.org> In-Reply-To: <20240828100446.6617-1-adolf.belka@ipfire.org> References: <20240828100446.6617-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: WXEXAY7DAUST2KKZDQHZQBIPXI43PPLX X-Message-ID-Hash: WXEXAY7DAUST2KKZDQHZQBIPXI43PPLX X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd login data from the messages log as the daemon was changed to sshd-session. - Therefore the daily logwatch files were missing the sshd information in them. - A patch to add support for openssh-9.8 sshd-session and port info has been merged into the logwatch git system and will be included into the next released version of logwatch - Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support. - Update the previous three logwatch patches for version 7.11 - Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information into the Log Summary page. - When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able to be removed. Fixes: bug13762 Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/common/logwatch | 3 ++ lfs/logwatch | 13 ++++--- ...SSH-9.8-sshd-session-and-port-number.patch | 39 +++++++++++++++++++ ....patch => logwatch-7.11-date_manip6.patch} | 8 ++-- .../logwatch-7.11-disable_iptables.patch | 14 +++++++ ... => logwatch-7.11-enable-mdadm-sudo.patch} | 14 +++---- .../logwatch-7.6-disable_iptables.patch | 14 ------- 7 files changed, 74 insertions(+), 31 deletions(-) create mode 100644 src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch rename src/patches/logwatch/{logwatch-7.3.6-date_manip6.patch => logwatch-7.11-date_manip6.patch} (61%) create mode 100644 src/patches/logwatch/logwatch-7.11-disable_iptables.patch rename src/patches/logwatch/{logwatch-7.6-enable-mdadm-sudo.patch => logwatch-7.11-enable-mdadm-sudo.patch} (71%) delete mode 100644 src/patches/logwatch/logwatch-7.6-disable_iptables.patch diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch index 2732215d5..026757b52 100644 --- a/config/rootfiles/common/logwatch +++ b/config/rootfiles/common/logwatch @@ -59,6 +59,7 @@ usr/share/logwatch/default.conf/logfiles/resolver.conf #usr/share/logwatch/default.conf/logfiles/rt314.conf usr/share/logwatch/default.conf/logfiles/samba.conf #usr/share/logwatch/default.conf/logfiles/secure.conf +#usr/share/logwatch/default.conf/logfiles/snort.conf #usr/share/logwatch/default.conf/logfiles/sonicwall.conf #usr/share/logwatch/default.conf/logfiles/spamassassin.conf usr/share/logwatch/default.conf/logfiles/syslog.conf @@ -167,6 +168,7 @@ usr/share/logwatch/default.conf/services/scsi.conf #usr/share/logwatch/default.conf/services/shaperd.conf #usr/share/logwatch/default.conf/services/slon.conf #usr/share/logwatch/default.conf/services/smartd.conf +#usr/share/logwatch/default.conf/services/snort.conf #usr/share/logwatch/default.conf/services/sonicwall.conf #usr/share/logwatch/default.conf/services/spamassassin.conf usr/share/logwatch/default.conf/services/sshd.conf @@ -317,6 +319,7 @@ usr/share/logwatch/scripts/services/scsi #usr/share/logwatch/scripts/services/shaperd #usr/share/logwatch/scripts/services/slon #usr/share/logwatch/scripts/services/smartd +#usr/share/logwatch/scripts/services/snort #usr/share/logwatch/scripts/services/sonicwall #usr/share/logwatch/scripts/services/spamassassin usr/share/logwatch/scripts/services/sshd diff --git a/lfs/logwatch b/lfs/logwatch index 391315de4..b2452e21e 100644 --- a/lfs/logwatch +++ b/lfs/logwatch @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 7.8 +VER = 7.11 THISAPP = logwatch-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 35480a22077e43b70d15a00cc0a3a8297c1e57c465d6fffe7a9a68a9b4fb14ef62c1d2bcae8a4ab2d70af16451b8f0b5dba8aec29beae1012501a118915edd92 +$(DL_FILE)_BLAKE2 = 074b9b1d58bd199c82edc6fb40703b71f9488966e2acb8afc015fde93806740d11a3c8705303139716bbc50c353f3e8c3f4c0e9cf1d5f870cbb8599fbdd526d1 install : $(TARGET) @@ -72,9 +72,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && sed -e "s/^TEMPDIR=.*/TEMPDIR=\"\/tmp\"/g" -i install_logwatch.sh - cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-disable_iptables.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch + cd $(DIR_APP)/lib && patch -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-date_manip6.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-disable_iptables.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch @cd $(DIR_APP) && chmod 755 install_logwatch.sh cd $(DIR_APP) && yes "" | ./install_logwatch.sh diff --git a/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch new file mode 100644 index 000000000..816f6b4e8 --- /dev/null +++ b/src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch @@ -0,0 +1,39 @@ +diff -Naur logwatch-7.11.orig/conf/services/secure.conf logwatch-7.11/conf/services/secure.conf +--- logwatch-7.11.orig/conf/services/secure.conf 2016-03-09 21:14:35.000000000 +0100 ++++ logwatch-7.11/conf/services/secure.conf 2024-08-27 14:48:48.453853293 +0200 +@@ -24,7 +24,7 @@ + # Use this to ignore certain services in the secure log. + # You can ignore as many services as you would like. + # (we ignore sshd because its entries are processed by the sshd script) +-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd ++$ignore_services = sshd sshd-session Pluto stunnel proftpd saslauthd imapd postfix/smtpd + + # For these services, summarize only (i.e. don't least each IP, just + # list the number of connections total) +diff -Naur logwatch-7.11.orig/conf/services/sshd.conf logwatch-7.11/conf/services/sshd.conf +--- logwatch-7.11.orig/conf/services/sshd.conf 2020-09-20 23:38:32.000000000 +0200 ++++ logwatch-7.11/conf/services/sshd.conf 2024-08-27 14:49:08.077782387 +0200 +@@ -19,7 +19,7 @@ + LogFile = messages + + # Only give lines pertaining to the sshd service... +-*OnlyService = sshd ++*OnlyService = (sshd|sshd-session) + *RemoveHeaders + + # Variable $sshd_ignore_host is used to filter out hosts that login +diff -Naur logwatch-7.11.orig/scripts/services/sshd logwatch-7.11/scripts/services/sshd +--- logwatch-7.11.orig/scripts/services/sshd 2022-12-29 01:34:28.000000000 +0100 ++++ logwatch-7.11/scripts/services/sshd 2024-08-27 14:49:21.908202288 +0200 +@@ -246,9 +246,9 @@ + $NoIdent{$name}++; + } elsif ( + ($ThisLine =~ m/^(?:error:.*|fatal:) Connection closed by remote host/ ) or +- ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or ++ ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+)(| port \d+): Connection reset by peer/ ) or + ($ThisLine =~ m/^error: .*: read: Connection reset by peer/ ) or +- ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or ++ ($ThisLine =~ m/^Read error from remote host [^ ]+(| port \d+): (Connection timed out|No route to host)/ ) or + ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or + ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or + ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or diff --git a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch b/src/patches/logwatch/logwatch-7.11-date_manip6.patch similarity index 61% rename from src/patches/logwatch/logwatch-7.3.6-date_manip6.patch rename to src/patches/logwatch/logwatch-7.11-date_manip6.patch index 015e7d6be..7f9ebd1c6 100644 --- a/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch +++ b/src/patches/logwatch/logwatch-7.11-date_manip6.patch @@ -1,9 +1,9 @@ ---- Logwatch.pm.orig 2012-06-20 09:58:12.786294471 +0200 -+++ Logwatch.pm 2012-06-20 09:41:59.443055298 +0200 +--- Logwatch.pm.orig 2022-02-07 01:59:10.000000000 +0100 ++++ Logwatch.pm 2024-08-27 15:16:30.023491645 +0200 @@ -4,6 +4,10 @@ - + package Logwatch; - + +# Define interace version 5 for Date::Manip +BEGIN { + $Date::Manip::Backend = 'DM5'; diff --git a/src/patches/logwatch/logwatch-7.11-disable_iptables.patch b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch new file mode 100644 index 000000000..9876c2ecb --- /dev/null +++ b/src/patches/logwatch/logwatch-7.11-disable_iptables.patch @@ -0,0 +1,14 @@ +--- logwatch-7.11/conf/logwatch.conf.orig 2024-01-22 20:31:51.000000000 +0100 ++++ logwatch-7.11/conf/logwatch.conf 2024-08-27 15:17:43.685786586 +0200 +@@ -126,6 +126,11 @@ + # prints useful system configuration info. + Service = "-eximstats" # Prevents execution of eximstats service, which + # is a wrapper for the eximstats program. ++ ++# Disabled: 'iptables' ++Service = "-iptables" ++ ++ + # Because the above sets "All" as the default, and disables certain + # services, you can also set the Service variable to an empty string + # in your local logwatch.conf (by default, under /etc/logwatch/conf). diff --git a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch similarity index 71% rename from src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch rename to src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch index af792250f..dc39ee401 100644 --- a/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch +++ b/src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch @@ -1,6 +1,6 @@ -diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf ---- a/conf/services/mdadm.conf Sat Jan 22 01:00:00 2022 -+++ b/conf/services/mdadm.conf Sun Apr 10 10:48:21 2022 +diff -Naur logwatch-7.11.orig/conf/services/mdadm.conf logwatch-7.11/conf/services/mdadm.conf +--- logwatch-7.11.orig/conf/services/mdadm.conf 2018-12-17 02:47:45.000000000 +0100 ++++ logwatch-7.11/conf/services/mdadm.conf 2024-08-27 15:18:31.430605943 +0200 @@ -13,7 +13,7 @@ # Logwatch will try to find md devices in /etc/mdadm.conf or # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively @@ -10,14 +10,14 @@ diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf # Logwatch will emit an error for md devices listed in /etc/mdadm.conf # that are not present. If you do not want this (e.g. raid devices may come -diff -U 3 a/scripts/services/mdadm b/scripts/services/mdadm ---- a/scripts/services/mdadm Sat Jan 22 01:00:00 2022 -+++ b/scripts/services/mdadm Sun Apr 10 10:38:19 2022 +diff -Naur logwatch-7.11.orig/scripts/services/mdadm logwatch-7.11/scripts/services/mdadm +--- logwatch-7.11.orig/scripts/services/mdadm 2023-05-21 02:25:35.000000000 +0200 ++++ logwatch-7.11/scripts/services/mdadm 2024-08-27 15:21:08.495487732 +0200 @@ -36,7 +36,7 @@ if ( open($mdadm, "<", "/etc/mdadm.conf") or open($mdadm, "<", "/etc/mdadm/mdadm.conf") or -- open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) { +- open($mdadm, "-|", "mdadm --detail --scan")) { + open($mdadm, "<", "sudo mdadm --detail --scan 2>/dev/null|")) { while (<$mdadm>) { if (/^ARRAY/) { diff --git a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch b/src/patches/logwatch/logwatch-7.6-disable_iptables.patch deleted file mode 100644 index 99c5b493b..000000000 --- a/src/patches/logwatch/logwatch-7.6-disable_iptables.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -U 3 a/conf/logwatch.conf b/conf/logwatch.conf ---- a/conf/logwatch.conf Sat Jan 22 01:00:00 2022 -+++ b/conf/logwatch.conf Sun Apr 10 10:33:20 2022 -@@ -96,6 +96,10 @@ - # prints useful system configuration info. - Service = "-eximstats" # Prevents execution of eximstats service, which - # is a wrapper for the eximstats program. -+ -+# Disabled: 'iptables' -+Service = "-iptables" -+ - # If you only cared about FTP messages, you could use these 2 lines - # instead of the above: - #Service = ftpd-messages # Processes ftpd messages in /var/log/messages