%define name logcheck %define version 1.1.1 %define release 5mdk Name: %{name} Summary: Psionic LogCheck Version: %{version} Release: %{release} Copyright: GPL Group: Monitoring URL: http://www.psionic.com Source: %{name}-%{version}.tar.bz2 Source1: %{name}.cron Patch: %{name}.patch.bz2 Patch1: %{name}-sh.patch.bz2 BuildRoot: %{_tmppath}/%{name}-buildroot %description Logcheck is a software package that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file and uses this position on subsequent runs to process new information. All source code is available for review and the implementation was kept simple to avoid problems. This package is a clone of the frequentcheck.sh script from the Trusted Information Systems Gauntlet(tm) firewall package. TIS has granted permission for me to clone this package. %prep %setup -q %patch -p1 %patch1 -p1 %build %install [ -n "%{buildroot}" -a "%{buildroot}" != / ] && rm -rf %{buildroot} mkdir -p %{buildroot} export INSTALLDIR=%{buildroot}%{_sysconfdir}/logcheck export INSTALLDIR_BIN=%{buildroot}%{_bindir} export INSTALLDIR_SH=%{buildroot}%{_bindir} export TMPDIR=%{buildroot}/var/%{name} export CFLAGS=$RPM_OPT_FLAGS mkdir -p %{buildroot}%{_sysconfdir}/logcheck mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}/var/%{name} make linux # rename files pushd %{buildroot}%{_sysconfdir}/logcheck mv -f logcheck.hacking hacking mv -f logcheck.violations violations mv -f logcheck.violations.ignore violations.ignore mv -f logcheck.ignore ignore popd mkdir -p %{buildroot}%{_sysconfdir}/cron.daily/ install -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.daily/logcheck %clean [ -n "%{buildroot}" -a "%{buildroot}" != / ] && rm -rf %{buildroot} rm -rf $RPM_BUILD_DIR/%{name}-%{version} %files %defattr(-,root,root,0755) %doc CHANGES CREDITS INSTALL LICENSE README* systems/linux/README* %config %{_sysconfdir}/cron.daily/logcheck %config(noreplace) %{_sysconfdir}/logcheck/hacking %config(noreplace) %{_sysconfdir}/logcheck/violations %config(noreplace) %{_sysconfdir}/logcheck/violations.ignore %config(noreplace) %{_sysconfdir}/logcheck/ignore %{_bindir}/logcheck.sh %{_bindir}/logtail %attr(0700,root,root) %dir /var/%{name} %changelog * Fri Oct 6 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-5mdk - change TEMPDIR to /var/logcheck with 0700 permissions (thanks to timp@redhat.com for the suggestion) - check mail/news logs * Mon Sep 18 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-4mdk - move logcheck script from running hourly to running daily * Thu Aug 3 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-3mdk - macros - fix path for config files - change group - add patch to fix configuration variables in logcheck.sh - add script in cron.hourly * Thu May 4 2000 Vincent Danen <vdanen@linux-mandrake.com> 1.1.1-2mdk - fix group - fix for spec-helper - change prefix to /usr - bzip patch * Wed Dec 1 1999 Vincent Danen <vdanen@linux-mandrake.com> - updated specfile for Mandrake contribs - specfile cleanups - bzip sources - 1.1.1 * Tue Nov 9 1999 Vincent Danen <vdanen@softhome.net> - updated spec file to clean up properly - specfile adaptations * Tue Sep 28 1999 Vincent Danen <vdanen@softhome.net> - updated spec file * Mon Sep 27 1999 Vincent Danen <vdanen@softhome.net> - 1.1 - Mandrake adaptions