Name: logcheck Summary: Psionic LogCheck Version: 1.1.1 Release: 8mdk License: GPL Group: Monitoring URL: http://www.psionic.com Source: %name-%version.tar.bz2 Source1: logcheck.cron Patch: logcheck.patch.bz2 Patch1: logcheck-sh.patch.bz2 Patch2: logcheck-1.1.1-crond-ignore.patch.bz2 Requires: grep BuildRoot: %_tmppath/%name-%version-%release-root %description Logcheck is a software package that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file and uses this position on subsequent runs to process new information. All source code is available for review and the implementation was kept simple to avoid problems. This package is a clone of the frequentcheck.sh script from the Trusted Information Systems Gauntlet(tm) firewall package. TIS has granted permission for me to clone this package. %prep %setup -q %patch -p1 %patch1 -p1 %patch2 -p1 %install export INSTALLDIR=%{buildroot}%{_sysconfdir}/logcheck export INSTALLDIR_BIN=%{buildroot}%{_bindir} export INSTALLDIR_SH=%{buildroot}%{_bindir} export TMPDIR=%{buildroot}/var/lib/%{name} chmod -R go+r * export CFLAGS=$RPM_OPT_FLAGS install -d $INSTALLDIR install -d $INSTALLDIR_BIN install -d $INSTALLDIR_SH install -d $TMPDIR make linux TMPDIR=%buildroot/var/lib/%name # rename files pushd %buildroot/%_sysconfdir/logcheck mv -f logcheck.hacking hacking mv -f logcheck.violations violations mv -f logcheck.violations.ignore violations.ignore mv -f logcheck.ignore ignore popd install -d %buildroot/%_sysconfdir/cron.daily/ install -m755 %SOURCE1 %buildroot/%_sysconfdir/cron.daily/logcheck %clean rm -fr %buildroot %pre if [ -d /var/logcheck ]; then mv /var/logcheck /var/lib/logcheck fi %files %defattr(-,root,root,0755) %doc CHANGES CREDITS INSTALL LICENSE README* systems/linux/README* %config(noreplace) %_sysconfdir/cron.daily/logcheck %config(noreplace) %_sysconfdir/logcheck/hacking %config(noreplace) %_sysconfdir/logcheck/violations %config(noreplace) %_sysconfdir/logcheck/violations.ignore %config(noreplace) %_sysconfdir/logcheck/ignore %_bindir/logcheck.sh %_bindir/logtail %attr(0700,root,root) %dir /var/lib/%name %changelog * Sat Aug 10 2002 Warly <warly@mandrakesoft.com> 1.1.1-8mdk - rpmlint fixes * Sat Jan 12 2002 Frederic Lepied <flepied@mandrakesoft.com> 1.1.1-7mdk - requires grep - corrected crond cmd regexp for the ignore file - FHS * Sun Jan 07 2001 David BAUDENS <baudens@mandrakesoft.com> 1.1.1-6mdk - Fix build - %%config(noreplace) - Spec clean up * Fri Oct 6 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-5mdk - change TEMPDIR to /var/logcheck with 0700 permissions (thanks to timp@redhat.com for the suggestion) - check mail/news logs * Mon Sep 18 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-4mdk - move logcheck script from running hourly to running daily * Thu Aug 3 2000 Vincent Danen <vdanen@mandrakesoft.com> 1.1.1-3mdk - macros - fix path for config files - change group - add patch to fix configuration variables in logcheck.sh - add script in cron.hourly * Thu May 4 2000 Vincent Danen <vdanen@linux-mandrake.com> 1.1.1-2mdk - fix group - fix for spec-helper - change prefix to /usr - bzip patch * Wed Dec 1 1999 Vincent Danen <vdanen@linux-mandrake.com> - updated specfile for Mandrake contribs - specfile cleanups - bzip sources - 1.1.1 * Tue Nov 9 1999 Vincent Danen <vdanen@softhome.net> - updated spec file to clean up properly - specfile adaptations * Tue Sep 28 1999 Vincent Danen <vdanen@softhome.net> - updated spec file * Mon Sep 27 1999 Vincent Danen <vdanen@softhome.net> - 1.1 - Mandrake adaptions