Name: logcheck
Summary: Psionic LogCheck
Version: 1.1.1
Release: 9.1.100mdk
License: GPL
Group: Monitoring
URL: http://www.psionic.com
Source: %name-%version.tar.bz2
Source1: logcheck.cron
Patch: logcheck.patch.bz2
Patch1: logcheck-sh.patch.bz2
Patch2: logcheck-1.1.1-crond-ignore.patch.bz2
Patch3: logcheck-1.1.1-CAN-2004-0404.patch
Requires: grep
BuildRoot: %_tmppath/%name-%version-%release-root
%description
Logcheck is a software package that is designed to automatically run and check
system log files for security violations and unusual activity. Logcheck
utilizes a program called logtail that remembers the last position it read
from in a log file and uses this position on subsequent runs to process new
information. All source code is available for review and the implementation
was kept simple to avoid problems. This package is a clone of the
frequentcheck.sh script from the Trusted Information Systems Gauntlet(tm)
firewall package. TIS has granted permission for me to clone this package.
%prep
%setup -q
%patch -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1 -b .can-2004-0404
%install
export INSTALLDIR=%{buildroot}%{_sysconfdir}/logcheck
export INSTALLDIR_BIN=%{buildroot}%{_bindir}
export INSTALLDIR_SH=%{buildroot}%{_bindir}
export TMPDIR=%{buildroot}%{_localstatedir}/%{name}
chmod -R go+r *
export CFLAGS=$RPM_OPT_FLAGS
install -d $INSTALLDIR
install -d $INSTALLDIR_BIN
install -d $INSTALLDIR_SH
install -d $TMPDIR
make linux TMPDIR=%buildroot%{_localstatedir}/%name
# rename files
pushd %buildroot/%_sysconfdir/logcheck
mv -f logcheck.hacking hacking
mv -f logcheck.violations violations
mv -f logcheck.violations.ignore violations.ignore
mv -f logcheck.ignore ignore
popd
install -d %buildroot/%_sysconfdir/cron.daily/
install -m755 %SOURCE1 %buildroot/%_sysconfdir/cron.daily/logcheck
%clean
rm -fr %buildroot
%pre
if [ -d /var/logcheck ]; then
mv /var/logcheck %{_localstatedir}/logcheck
fi
%files
%defattr(-,root,root,0755)
%doc CHANGES CREDITS INSTALL LICENSE README* systems/linux/README*
%config(noreplace) %_sysconfdir/cron.daily/logcheck
%dir %_sysconfdir/logcheck
%config(noreplace) %_sysconfdir/logcheck/hacking
%config(noreplace) %_sysconfdir/logcheck/violations
%config(noreplace) %_sysconfdir/logcheck/violations.ignore
%config(noreplace) %_sysconfdir/logcheck/ignore
%_bindir/logcheck.sh
%_bindir/logtail
%attr(0700,root,root) %dir %{_localstatedir}/%name
%changelog
* Tue Dec 21 2004 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-9.1.100mdk
- security fix for CAN-2004-0404
* Tue Jul 22 2003 Per Øyvind Karlsen <peroyvind@sintrax.net> 1.1.1-9mdk
- rebuild
- macroize
- be sure to own %%_sysconfdir/logcheck
* Sat Aug 10 2002 Warly <warly@mandrakesoft.com> 1.1.1-8mdk
- rpmlint fixes
* Sat Jan 12 2002 Frederic Lepied <flepied@mandrakesoft.com> 1.1.1-7mdk
- requires grep
- corrected crond cmd regexp for the ignore file
- FHS
* Sun Jan 07 2001 David BAUDENS <baudens@mandrakesoft.com> 1.1.1-6mdk
- Fix build
- %%config(noreplace)
- Spec clean up
* Fri Oct 6 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-5mdk
- change TEMPDIR to /var/logcheck with 0700 permissions (thanks to
timp@redhat.com for the suggestion)
- check mail/news logs
* Mon Sep 18 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-4mdk
- move logcheck script from running hourly to running daily
* Thu Aug 3 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-3mdk
- macros
- fix path for config files
- change group
- add patch to fix configuration variables in logcheck.sh
- add script in cron.hourly
* Thu May 4 2000 Vincent Danen <vdanen@linux-mandrake.com> 1.1.1-2mdk
- fix group
- fix for spec-helper
- change prefix to /usr
- bzip patch
* Wed Dec 1 1999 Vincent Danen <vdanen@linux-mandrake.com>
- updated specfile for Mandrake contribs
- specfile cleanups
- bzip sources
- 1.1.1
* Tue Nov 9 1999 Vincent Danen <vdanen@softhome.net>
- updated spec file to clean up properly
- specfile adaptations
* Tue Sep 28 1999 Vincent Danen <vdanen@softhome.net>
- updated spec file
* Mon Sep 27 1999 Vincent Danen <vdanen@softhome.net>
- 1.1
- Mandrake adaptions
