- Jul 18, 2023
-
-
Mathias Gibbens authored
-
- Jul 07, 2023
-
-
Richard Lewis authored
Add an md5sum for header.txt that was shipped in woody - the preinst now covers all versions of header.txt in git. Update comments and prepare changelog for upload
-
-
- Mar 01, 2023
-
-
Mathias Gibbens authored
-
Mathias Gibbens authored
-
- Feb 11, 2023
-
-
Mathias Gibbens authored
-
- Feb 10, 2023
-
-
Mathias Gibbens authored
-
Mathias Gibbens authored
Don't install the root-level CHANGES file, as this confuses dh_installchangelogs into thinking that file is the package's changelog
-
Mathias Gibbens authored
Add lintian overrides for debian-news-entry-has-unknown-version, since dh_installchangelogs now trims ancient entries
-
Mathias Gibbens authored
-
Mathias Gibbens authored
-
Mathias Gibbens authored
-
- Feb 09, 2023
-
-
Richard Lewis authored
-
Richard Lewis authored
-
Richard Lewis authored
This includes messages produced in routine circumstances on most systems, but does not attempt to cover every single log entry, and in particular does not filter startup messages
-
- Jan 01, 2023
-
-
Richard Lewis authored
rulefiles/linux/violations.d/sudo - Only the 3rd line is needed - it implies the others rulefiles/linux/violations.ignore.d/logcheck-sudo - generalise rules to cope with optional fields that can precede COMMAND - add (optional) PID, which is present in the journal - include links to sources.debian.org to help track what log entries are produced
-
Richard Lewis authored
rulefiles/linux/violations.d/su - only the second line is needed - it already implies the others rulefiles/linux/violations.ignore.d/logcheck-su - comment out lines which seem to be no longer produced by su - include links to sources.debian.org to help track what log entries are produced - add (optional) PID, which is present in the journal
-
Richard Lewis authored
-
Richard Lewis authored
In the Makefile, use dpkg-parsechangelog to put version (as stated in debian/changelog) into the copy of logcheck that is included in the package
-
Richard Lewis authored
-
Richard Lewis authored
- logtail.prerm removed - the dpkg diversion was already removed in 2006, according to commit 3be46d08 - src/detectrotate/*.dtr do not need to be executables (they are run by logtail2) - logtail.NEWS - headers should refer to 'logcheck' package not 'logtail'
-
Richard Lewis authored
-
Richard Lewis authored
Before, logcheck was changing permissions of all files in /etc/logcheck on install, including rules put there by other packages, and not restoring them on purge. This is, rightly, flagged by piuparts as an issue. This change simplifies the change in permissons to just the /etc/logcheck directory, and on purge restores it to root:root ownership. It also restores the contents, but once this version is in stable that could be further simplified to avoid a recursive use of chown -R, which is safe here (given it changes to root) but flagged by lintian. It also moves header.txt to /etc so it can be a conffile
-
Richard Lewis authored
-
Richard Lewis authored
- logcheck does not need to depend on rsyslog now that the journal is checked by default (move it, and systemd-journald to suggests and enhances) - Reorder dependencies with most needed at the top - Edit descriptions for clarity - logcheck-database and logtail enhance: logcheck
-
Richard Lewis authored
Move all content from /etc/logcheck/logcheck.logfiles to /etc/logcheck/logcheck.logfiles.d/syslog.logfiles and enable checking of the journal by default Although new debian installations do not always include a syslog daemon, rsyslog is common enough that the default should include both systemd and syslog logs
-
Richard Lewis authored
When told to check the journal, logcheck was trying to check every single entry, which is likely to cause logcheck to consume all the memory on the system and be killed. This patch limits the first check to the most recent 5 hours worth of entries. (Subsequent runs are unchanged)
-
Richard Lewis authored
-
Richard Lewis authored
- Use mkdir -p to ensure dir for cleaned rules exists - Skip the final filtering stages in greplogoutput if there is nothing to actually filter - Replace the last use of 'ls' with globbing
-
Richard Lewis authored
Shows the user diskspace when logcheck ran
-
Richard Lewis authored
This adds an optional second argument to debug() which gives a file to show the user This gives a lot more information about what lines are being checked and lets you see which rules files (but not individual rules) were used, and which matched (or failed to match) log entries
-
Richard Lewis authored
cleanup() and error() both had the same code to remove the LOCKFILE, this code is now moved to a new function remove_lockfile
-
Richard Lewis authored
No new functionality, but this commit improves code comments (language, grammar, but also to make them more accurately describe what is being done) It adds more calls to debug() to make 'logcheck -d' slightly more useful It also marks local variables as local
-
Richard Lewis authored
This commit does code cleanup, fixing issues spotted by shellcheck: - Use $(....) instead of `...` - Do not use -o or -a inside [ ...] - Use bash arrays for command arguments (MIMECONSTRUCTARGS, ENCODING, JOURNALCTL_OPTS) (logcheck was already running under bash) - Remove inconsistently used $CAT - Retabify to imporve indentation in a number of places - A couple of improvements to comments for clarity (more to come here!) - Do not need to use eval to run mime-construct - use 'command grep -E' not 'egrep' - simplify the 'underlining' in printheader - do not need to use wc to count characters - use globbing rather than 'ls' to list files (which would allow spaces in filenames in a number of places, although this is perhaps unlikely to matter) -
-
Richard Lewis authored
-
- Dec 23, 2022
-
-
Richard Lewis authored
Exit with a (fatal) error if a list of logs to check is not readable This prevents silently falling back to the default set of logs (logfiles themselves still give a non-fatal error)
-
Richard Lewis authored
When checking for system events, the filtering out of log entries already reported at higher priority (as either cracking (alerts) or violations (security events)) needs to happen even if there are no rules (ie if all ignore.d.* directories empty), otherwise no system events are reported.
-
Richard Lewis authored
Previously there was a single autopkgtest plus 4 tests run via python in tests/ This change makes all of these pass, and runs them all from autopkgtests. It drops the python test.py, which did not work with python3, but keeps the substance. It also adds tests of the various REPORTLEVEL and of some simple "error conditions"
-
Richard Lewis authored
-
Richard Lewis authored
-