--- logcheck-1.1.1/systems/linux/logcheck.sh.org Sun Oct 31 08:07:29 1999 +++ logcheck-1.1.1/systems/linux/logcheck.sh Fri Oct 6 12:31:52 2000 @@ -44,7 +44,7 @@ # Full path to logtail program. # This program is required to run this script and comes with the package. -LOGTAIL=/usr/local/bin/logtail +LOGTAIL=/usr/bin/logtail # Full path to SECURED (non public writable) /tmp directory. # Prevents Race condition and potential symlink problems. I highly @@ -52,7 +52,7 @@ # You would also be well advised to make sure all your system/cron scripts # use this directory for their "scratch" area. -TMPDIR=/usr/local/etc/tmp +TMPDIR=/var/lib/logcheck # The 'grep' command. This command MUST support the # '-i' '-v' and '-f' flags!! The GNU grep does this by default (that's @@ -89,7 +89,7 @@ # look for generic ISS probes (who the hell else looks for # "WIZ" besides ISS?), and obvious sendmail attacks/probes. -HACKING_FILE=/usr/local/etc/logcheck.hacking +HACKING_FILE=/etc/logcheck/hacking # File of security violation patterns to specifically look for. # This file should contain keywords of information administrators should @@ -98,7 +98,7 @@ # some items, but these will be caught by the next check. Move suspicious # items into this file to have them reported regularly. -VIOLATIONS_FILE=/usr/local/etc/logcheck.violations +VIOLATIONS_FILE=/etc/logcheck/violations # File that contains more complete sentences that have keywords from # the violations file. These keywords are normal and are not cause for @@ -115,14 +115,14 @@ # # Again, be careful what you put in here and DO NOT LEAVE IT EMPTY! -VIOLATIONS_IGNORE_FILE=/usr/local/etc/logcheck.violations.ignore +VIOLATIONS_IGNORE_FILE=/etc/logcheck/violations.ignore # This is the name of a file that contains patterns that we should # ignore if found in a log file. If you have repeated false alarms # or want specific errors ignored, you should put them in here. # Once again, be as specific as possible, and go easy on the wildcards -IGNORE_FILE=/usr/local/etc/logcheck.ignore +IGNORE_FILE=/etc/logcheck/ignore # The files are reported in the order of hacking, security # violations, and unusual system events. Notice that this @@ -165,10 +165,13 @@ # Generic and Linux Slackware 3.x #$LOGTAIL /var/log/messages > $TMPDIR/check.$$ -# Linux Red Hat Version 3.x, 4.x +# Mandriva Linux 2008 $LOGTAIL /var/log/messages > $TMPDIR/check.$$ $LOGTAIL /var/log/secure >> $TMPDIR/check.$$ -$LOGTAIL /var/log/maillog >> $TMPDIR/check.$$ +$LOGTAIL /var/log/mail/info.log >> $TMPDIR/check.$$ +$LOGTAIL /var/log/mail/warnings.log >> $TMPDIR/check.$$ +$LOGTAIL /var/log/news/info.log >> $TMPDIR/check.$$ +$LOGTAIL /var/log/news/warnings.log >> $TMPDIR/check.$$ # FreeBSD 2.x #$LOGTAIL /var/log/messages > $TMPDIR/check.$$