diff --git a/.gitignore b/.gitignore index 876f0fa..2d0036c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /prelude-lml-4.1.0.tar.gz +/prelude-lml-5.0.0.tar.gz diff --git a/prelude-lml-4.1.0-fix_check.patch b/prelude-lml-4.1.0-fix_check.patch deleted file mode 100644 index 6177978..0000000 --- a/prelude-lml-4.1.0-fix_check.patch +++ /dev/null @@ -1,504 +0,0 @@ -diff -Nru src/file-server.c src/file-server.c ---- ./src/file-server.c 2016-09-15 08:49:20.170000884 +0200 -+++ ./src/file-server.c 2017-01-28 18:18:06.634761198 +0100 -@@ -346,6 +346,9 @@ - ssize_t ret; - struct stat st; - -+ if ( config.dry_run ) -+ return 0; -+ - if ( fstat(fileno(monitor->metadata_fd), &st) < 0 ) { - prelude_log(PRELUDE_LOG_WARN, "fstat failed : %s.\n", strerror(errno)); - return -1; -@@ -416,6 +419,9 @@ - off_t offset = 0, available = 65535; - unsigned char msum[METADATA_SIZE], *sumptr = msum; - -+ if ( config.dry_run ) -+ return 0; -+ - filename = lml_log_source_get_name(monitor->source); - - ret = file_metadata_read(monitor, &offset, &sumptr); -@@ -477,6 +483,9 @@ - int fd; - char file[PATH_MAX], path[PATH_MAX], *ptr; - -+ if ( config.dry_run ) -+ return 0; -+ - strncpy(file, lml_log_source_get_name(monitor->source), sizeof(file)); - - while ( (ptr = strchr(file, '/')) ) -diff -Nru src/prelude-lml.c src/prelude-lml.c ---- ./src/prelude-lml.c 2016-09-15 08:49:20.171000884 +0200 -+++ ./src/prelude-lml.c 2017-01-28 18:19:25.373006781 +0100 -@@ -361,6 +361,7 @@ - ev_timer evt; - struct timeval end; - struct sigaction action; -+ const char *env; - - /* - * Initialize libev. -@@ -389,7 +390,11 @@ - if ( ret < 0 ) - return ret; - -- ret = log_plugins_init(LOG_PLUGIN_DIR, lml_root_optlist); -+ env = getenv("PRELUDE_LML_PLUGIN_DIR"); -+ if ( !env ) -+ env = LOG_PLUGIN_DIR; -+ -+ ret = log_plugins_init(env, lml_root_optlist); - if (ret < 0) - return ret; - -diff -Nru src/regex.c src/regex.c ---- ./src/regex.c 2016-09-15 08:49:20.172000884 +0200 -+++ ./src/regex.c 2017-01-28 18:17:45.931222693 +0100 -@@ -156,16 +156,20 @@ - FILE *fd; - size_t len; - char buf[1024]; -- const char *errptr; -+ const char *errptr, *env; - int line = 0, erroff; - regex_table_item_t *rt; - pcre_extra *regex_regex_extra = NULL; - char *regex, *options, *source, *plugin; - pcre *regex_regex = NULL, *source_regex = NULL; - -- fd = fopen(REGEX_CONF, "r"); -+ env = getenv("PRELUDE_LML_REGEX_CONF"); -+ if ( !env ) -+ env = REGEX_CONF; -+ -+ fd = fopen(env, "r"); - if ( ! fd ) { -- prelude_log(PRELUDE_LOG_ERR, "couldn't open config file %s.\n", REGEX_CONF); -+ prelude_log(PRELUDE_LOG_ERR, "couldn't open config file %s.\n", env); - return -1; - } - -diff -Nru tests/Makefile.in tests/Makefile.in ---- ./tests/Makefile.in 2016-09-15 09:03:00.925000884 +0200 -+++ ./tests/Makefile.in 2017-01-28 18:22:00.268558881 +0100 -@@ -1362,7 +1362,10 @@ - cd $(top_srcdir)/prelude-lml && make - - check-am: -- $(srcdir)/loggrep.py $(top_srcdir)/plugins/pcre/ruleset/*.rules | $(top_srcdir)/src/prelude-lml --quiet --dry-run --metadata=nowrite,head --batch-mode --no-resolve --pcre --dump-unmatched --config $(srcdir)/prelude-lml.conf 2>&1 | $(GREP) -Fvf $(srcdir)/ignored -+ rm -rf plugins && mkdir plugins -+ cp $(top_srcdir)/plugins/*/.libs/*.so plugins -+ ./loggrep.py regex.test | PRELUDE_LML_PLUGIN_DIR=plugins PRELUDE_LML_REGEX_CONF=plugins.rules $(top_srcdir)/src/prelude-lml --quiet --dry-run --metadata=nowrite,head --batch-mode --no-resolve --pcre --dump-unmatched --config $(srcdir)/prelude-lml.conf 2>&1 | $(GREP) -Fvf $(srcdir)/ignored -+ rm -rf plugins - - -include $(top_srcdir)/git.mk - -diff -Nru tests/plugins.rules tests/plugins.rules ---- ./tests/plugins.rules 1970-01-01 01:00:00.000000000 +0100 -+++ ./tests/plugins.rules 2017-01-28 18:20:24.857682680 +0100 -@@ -0,0 +1 @@ -+ * Pcre - * -diff -Nru tests/prelude-lml.conf tests/prelude-lml.conf ---- ./tests/prelude-lml.conf 2016-09-15 08:49:20.172000884 +0200 -+++ ./tests/prelude-lml.conf 2017-01-28 18:20:30.037567378 +0100 -@@ -3,51 +3,5 @@ - prefix-regex = "^(?P.{15}) (?P\S+) (?:(?P\S+?)(?:\[(?P[0-9]+)\])?: )?" - file = - - --[format=apache] --time-format = "%d/%b/%Y:%H:%M:%S" --prefix-regex = "(?P\S+) \S+ \S+ \[(?P.{20}) [+-].{4}\] " --file = - -- --[format=apache-error] --#[Sat Mar 12 22:56:12 2005] [error] [client 127.0.0.1] --time-format = "%a %b %d %H:%M:%S %Y" --prefix-regex = "^\[(?P.{24})\]" --file = - -- --[format=checkpoint] --time-format = "%d%b%Y %H:%M:%S" --prefix-regex = "^(?P.{20})" --file = - -- --[format=squid] --#2005/11/28 06:00:44| --time-format = "%Y/%m/%d %H:%M:%S" --prefix-regex = "^(?P.{19})\| " --file = - -- --[format=honeyd] --#2006-08-18-12:21:12.1239 --time-format = "%Y-%m-%d-%H:%M:%S" --prefix-regex = "^(?P.{19})\." --file = - -- --[format=honeytrap] --#[2007-05-26 16:48:09] --time-format = "%Y-%m-%d %H:%M:%S" --prefix-regex = "^\[(?P.{19})\]" --file = - -- --[format=kojoney] --#2007/04/12 21:57 CEST --time-format = "%Y/%m/%d %H:%M" --prefix-regex = "^(?P.{16}) " --file = - -- --[format=rishi] --#2007-05-20 12:49:57,644 --time-format = "%Y-%m-%d %H:%M:%S" --prefix-regex = "^(?P.{19})," --file = - -- - [Pcre] --ruleset=../plugins/pcre/ruleset/pcre.rules -+ruleset=./regex.test -diff -Nru tests/regex.test tests/regex.test ---- ./tests/regex.test 1970-01-01 01:00:00.000000000 +0100 -+++ ./tests/regex.test 2017-01-28 18:20:17.921837067 +0100 -@@ -0,0 +1,340 @@ -+#FULLNAME: SSH -+#VERSION: 1.0 -+#DESCRIPTION: SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network. -+ -+##### -+# -+# Copyright (C) 2002,2004 Nicolas Delon -+# Copyright (C) 2005 G Ramon Gomez -+# All Rights Reserved -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2, or (at your option) -+# any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License along -+# with this program; if not, write to the Free Software Foundation, Inc., -+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+# -+##### -+ -+################### -+# Logging succeed # -+################### -+ -+#LOG:Dec 8 14:45:17 itguxweb1 sshd[32112]: Accepted publickey for root from 12.34.56.78 port 56634 ssh2 -+regex=for root from|user root; \ -+ id=1907; \ -+ assessment.impact.type=admin; \ -+ assessment.impact.severity=medium; \ -+ silent; chained -+ -+#LOG:Dec 8 14:45:17 itguxweb1 sshd[32112]: Accepted publickey for root from 12.34.56.78 port 56634 ssh2 -+#LOG:Jan 14 03:30:44 mail sshd[20298]: Accepted publickey for root from fec0:0:201::3 port 63018 ssh2 -+#LOG:Jan 14 03:30:44 mail sshd[20298]: Accepted publickey for john from fec0:0:201::3 port 63018 ssh2 -+#LOG:Dec 10 10:33:19 itguxweb2 sshd[29738]: Accepted password for ekwong from 12.34.56.78 port 39852 ssh2 -+regex=Accepted (\S+) for (\S+) from (\S+) port (\d+); \ -+ classification.text=Remote Login; \ -+ optgoto=1907; \ -+ id=1908; \ -+ revision=3; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=low; \ -+ assessment.impact.completion=succeeded; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=User $2 logged in from $3 port $4 using the $1 method; \ -+ source(0).node.address(0).address=$3; \ -+ source(0).service.port=$4; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$2; \ -+ additional_data(0).type=string; \ -+ additional_data(0).meaning=Authentication method; \ -+ additional_data(0).data=$1; \ -+ last; -+ -+ -+################ -+# Login failed # -+################ -+ -+#LOG:Dec 9 16:00:35 itguxweb2 sshd[24541]: Failed password for root from 12.34.56.78 port 1806 -+#LOG:Dec 9 21:29:56 devel5 sshd[17554]: Failed password for akarade from 12.34.56.78 port 4214 -+regex=Failed (\S+) for (\S+) from (\S+) port (\d+); \ -+ optgoto=1907; \ -+ classification.text=Remote Login; \ -+ id=1902; \ -+ revision=3; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=Someone tried to login as $2 from $3 port $4 using the $1 method; \ -+ source(0).node.address(0).address=$3; \ -+ source(0).service.port=$4; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$2; \ -+ additional_data(0).type=string; \ -+ additional_data(0).meaning=Authentication method; \ -+ additional_data(0).data=$1; \ -+ last -+ -+ -+############################################## -+# Invalid (not existing) user tried to login # -+############################################## -+ -+#LOG:Jan 20 14:10:02 blah sshd[25443]: Invalid user admin from 213.201.222.134 -+regex=(Illegal|Invalid) user (\S+) from (\S+); \ -+ classification.text=User login failed with an invalid user; \ -+ id=1904; \ -+ revision=2; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=Someone tried to login with the invalid user "$2" from $3; \ -+ source(0).node.address(0).address=$3; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$2; \ -+ last -+ -+################################################################################## -+# User listed in DenyGroups or DenyUsers (sshd_config directives) tried to login # -+################################################################################## -+ -+#LOG:Jan 6 22:50:24 localhost sshd[15489]: User nobody not allowed because none of user's groups are listed in AllowGroups -+regex=User (\S+) not allowed because (.*)listed in (\w+); \ -+ classification.text=User login failed with a denied user; \ -+ id=1905; \ -+ revision=3; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=User $1 failed to login because $2 listed in $3; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$1; \ -+ additional_data(0).type=string; \ -+ additional_data(0).meaning=ACL; \ -+ additional_data(0).data=$3; \ -+ additional_data(1).type=string; \ -+ additional_data(1).meaning=Failure reason; \ -+ additional_data(1).data=$2 listed in $3; \ -+ last -+ -+################################################################## -+# Sshd did not receive the identification string from the client # -+# (maybe a ssh server recognition) # -+################################################################## -+ -+#LOG:Jun 10 09:51:57 server sshd[9100]: Did not receive identification string from 1.2.3.4 -+regex=Did not receive identification string from (\S+); \ -+ classification.text=Server recognition; \ -+ id=1906; \ -+ revision=2; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=recon; \ -+ assessment.impact.description=$1 is probably making a server recognition; \ -+ source(0).node.address(0).address=$1; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ additional_data(0).type=string; \ -+ additional_data(0).meaning=Failure reason; \ -+ additional_data(0).data=Did not receive identification string; \ -+ last -+ -+######################################################################### -+# Forbidden root login # -+# (directive PermitRootLogin and keyword "no" or "forced-commands-only" # -+# of the sshd_config file) # -+######################################################################### -+ -+#LOG:Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4 -+regex=ROOT LOGIN REFUSED FROM (\S+); \ -+ classification.text=Admin login; \ -+ id=1909; \ -+ revision=2; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=admin; \ -+ assessment.impact.description=Root tried to login while it is forbidden; \ -+ source(0).node.address(0).address=$1; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=root; \ -+ last -+ -+ -+# Re: Generic Message Exchange Authentication For SSH -+# -+#LOG:Jan 14 08:19:21 ras sshd[22774]: input_userauth_request: invalid user remote-mail -+regex=input_userauth_request: (illegal|invalid) user (\S+); \ -+ classification.text=Invalid user in authentication request; \ -+ id=1910; \ -+ revision=3; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=General purpose authentication request was blocked. Reason: invalid user $2; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$2; \ -+ additional_data(0).type=string; \ -+ additional_data(0).meaning=Failure reason; \ -+ additional_data(0).data=$1 user; \ -+ last -+ -+# Re: Generic Message Exchange Authentication For SSH -+# -+# This rule catches several other combinations that can be output by -+# input_userauth_request() in auth2.c -+#LOG:Jan 14 08:19:21 ras sshd[22774]: input_userauth_request: invalid user remote-mail -+regex=input_userauth_request: (.+); \ -+ classification.text=Invalid user in authentication request; \ -+ id=1911; \ -+ revision=2; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=General purpose authentication request was blocked. Reason: $1; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ last -+ -+#LOG:Dec 9 18:48:29 itguxweb2 sshd[29536]: Failed password for illegal user ROOT from 12.34.56.78 port 2886 -+#LOG:Jan 14 08:19:21 ras sshd[22774]: Failed none for invalid user remote-mail from 192.168.1.22 port 65407 ssh2 -+#LOG:Jan 14 11:29:17 ras sshd[18163]: Failed publickey for invalid user fred from fec0:0:201::3 port 62788 ssh2 -+#LOG:Jan 14 11:29:17 ras sshd[18163]: Failed publickey for invalid user fred from 1.2.3.4 port 62788 ssh2 -+#LOG:Jan 14 11:29:17 ras sshd[18163]: Failed publickey for invalid user fred from hostname port 62788 ssh2 -+regex=Failed (\S+) for (illegal|invalid) user (\S+) from (\S+) port (\d+); \ -+ classification.text=Remote Login; \ -+ optgoto=1907; \ -+ id=1912; \ -+ revision=3; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=admin; \ -+ assessment.impact.description=Someone tried to login as $3 from $4 port $5 using the $1 method; \ -+ source(0).node.address(0).address=$4; \ -+ source(0).service.port=$5; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$3; \ -+ additional_data(0).type=string; \ -+ additional_data(0).meaning=Authentication method; \ -+ additional_data(0).data=$1; \ -+ additional_data(1).type=string; \ -+ additional_data(1).meaning=Failure reason; \ -+ additional_data(1).data=$2 user; \ -+ last -+ -+#LOG:Oct 2 14:40:05 suse-9.2 sshd[18725]: error: PAM: Authentication failure for root from unknown.anywhere.net -+#LOG:Oct 2 14:46:52 suse-9.2 sshd[18804]: error: PAM: Authentication failure for foobar from unknown.anywhere.net -+regex=error: PAM: Authentication failure for (\S+) from (\S+); \ -+ classification.text=Remote Login; \ -+ optgoto=1907; \ -+ id=1914; \ -+ revision=2; \ -+ analyzer(0).name=sshd; \ -+ analyzer(0).manufacturer=OpenSSH; \ -+ analyzer(0).class=Authentication; \ -+ assessment.impact.severity=medium; \ -+ assessment.impact.completion=failed; \ -+ assessment.impact.type=user; \ -+ assessment.impact.description=Someone tried to login as $1 from $2; \ -+ source(0).node.name=$2; \ -+ source(0).service.iana_protocol_name=tcp; \ -+ source(0).service.iana_protocol_number=6; \ -+ target(0).service.port=22; \ -+ target(0).service.name=ssh; \ -+ target(0).service.iana_protocol_name=tcp; \ -+ target(0).service.iana_protocol_number=6; \ -+ target(0).user.category=os-device; \ -+ target(0).user.user_id(0).type=target-user; \ -+ target(0).user.user_id(0).name=$1; \ -+ last diff --git a/prelude-lml-4.1.0-fix_etc_perms.patch b/prelude-lml-4.1.0-fix_etc_perms.patch deleted file mode 100644 index 28bba70..0000000 --- a/prelude-lml-4.1.0-fix_etc_perms.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- ./Makefile.in 2016-09-15 09:03:01.116000884 +0200 -+++ ./Makefile.in 2017-01-26 07:38:35.217447516 +0100 -@@ -1762,9 +1762,9 @@ - - - install-data-local: -- $(INSTALL) -m 700 -d $(DESTDIR)$(configdir); -- $(INSTALL) -m 700 -d $(DESTDIR)$(lml_run_dir); -- $(INSTALL) -m 700 -d $(DESTDIR)$(metadata_dir) -+ $(INSTALL) -m 755 -d $(DESTDIR)$(configdir); -+ $(INSTALL) -m 755 -d $(DESTDIR)$(lml_run_dir); -+ $(INSTALL) -m 755 -d $(DESTDIR)$(metadata_dir) - @if test -f $(DESTDIR)$(configdir)/prelude-lml.conf; then \ - echo "********************************************************************************"; \ - echo; \ -@@ -1772,9 +1772,9 @@ - echo "Installing default configuration in $(DESTDIR)$(configdir)/prelude-lml.conf-dist"; \ - echo; \ - echo "********************************************************************************"; \ -- $(INSTALL) -m 600 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/prelude-lml.conf-dist; \ -+ $(INSTALL) -m 644 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/prelude-lml.conf-dist; \ - else \ -- $(INSTALL) -m 600 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/; \ -+ $(INSTALL) -m 644 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/; \ - fi - @if test -f $(DESTDIR)$(configdir)/plugins.rules; then \ - echo "********************************************************************************"; \ -@@ -1783,9 +1783,9 @@ - echo "Installing default configuration in $(DESTDIR)$(configdir)/plugins.rules-dist"; \ - echo; \ - echo "********************************************************************************"; \ -- $(INSTALL) -m 600 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/plugins.rules-dist; \ -+ $(INSTALL) -m 644 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/plugins.rules-dist; \ - else \ -- $(INSTALL) -m 600 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/; \ -+ $(INSTALL) -m 644 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/; \ - fi - - uninstall-local: diff --git a/prelude-lml-4.1.0-gnutls_priority_set_direct.patch b/prelude-lml-4.1.0-gnutls_priority_set_direct.patch deleted file mode 100644 index 92b06ed..0000000 --- a/prelude-lml-4.1.0-gnutls_priority_set_direct.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ./src/tcp-server-tls.c 2016-09-15 08:49:20.172000884 +0200 -+++ ./src/tcp-server-tls.c2 2017-02-07 01:10:30.904772287 +0100 -@@ -489,7 +489,7 @@ - #else - # define TLS_DH_STR "+ANON-DH" - #endif -- const char *pstring = "NORMAL:" TLS_DH_STR; -+ const char *pstring = "@SYSTEM:" TLS_DH_STR; - - gnutls_set_default_priority(session); - diff --git a/prelude-lml-5.0.0-fix_check.patch b/prelude-lml-5.0.0-fix_check.patch new file mode 100644 index 0000000..6177978 --- /dev/null +++ b/prelude-lml-5.0.0-fix_check.patch @@ -0,0 +1,504 @@ +diff -Nru src/file-server.c src/file-server.c +--- ./src/file-server.c 2016-09-15 08:49:20.170000884 +0200 ++++ ./src/file-server.c 2017-01-28 18:18:06.634761198 +0100 +@@ -346,6 +346,9 @@ + ssize_t ret; + struct stat st; + ++ if ( config.dry_run ) ++ return 0; ++ + if ( fstat(fileno(monitor->metadata_fd), &st) < 0 ) { + prelude_log(PRELUDE_LOG_WARN, "fstat failed : %s.\n", strerror(errno)); + return -1; +@@ -416,6 +419,9 @@ + off_t offset = 0, available = 65535; + unsigned char msum[METADATA_SIZE], *sumptr = msum; + ++ if ( config.dry_run ) ++ return 0; ++ + filename = lml_log_source_get_name(monitor->source); + + ret = file_metadata_read(monitor, &offset, &sumptr); +@@ -477,6 +483,9 @@ + int fd; + char file[PATH_MAX], path[PATH_MAX], *ptr; + ++ if ( config.dry_run ) ++ return 0; ++ + strncpy(file, lml_log_source_get_name(monitor->source), sizeof(file)); + + while ( (ptr = strchr(file, '/')) ) +diff -Nru src/prelude-lml.c src/prelude-lml.c +--- ./src/prelude-lml.c 2016-09-15 08:49:20.171000884 +0200 ++++ ./src/prelude-lml.c 2017-01-28 18:19:25.373006781 +0100 +@@ -361,6 +361,7 @@ + ev_timer evt; + struct timeval end; + struct sigaction action; ++ const char *env; + + /* + * Initialize libev. +@@ -389,7 +390,11 @@ + if ( ret < 0 ) + return ret; + +- ret = log_plugins_init(LOG_PLUGIN_DIR, lml_root_optlist); ++ env = getenv("PRELUDE_LML_PLUGIN_DIR"); ++ if ( !env ) ++ env = LOG_PLUGIN_DIR; ++ ++ ret = log_plugins_init(env, lml_root_optlist); + if (ret < 0) + return ret; + +diff -Nru src/regex.c src/regex.c +--- ./src/regex.c 2016-09-15 08:49:20.172000884 +0200 ++++ ./src/regex.c 2017-01-28 18:17:45.931222693 +0100 +@@ -156,16 +156,20 @@ + FILE *fd; + size_t len; + char buf[1024]; +- const char *errptr; ++ const char *errptr, *env; + int line = 0, erroff; + regex_table_item_t *rt; + pcre_extra *regex_regex_extra = NULL; + char *regex, *options, *source, *plugin; + pcre *regex_regex = NULL, *source_regex = NULL; + +- fd = fopen(REGEX_CONF, "r"); ++ env = getenv("PRELUDE_LML_REGEX_CONF"); ++ if ( !env ) ++ env = REGEX_CONF; ++ ++ fd = fopen(env, "r"); + if ( ! fd ) { +- prelude_log(PRELUDE_LOG_ERR, "couldn't open config file %s.\n", REGEX_CONF); ++ prelude_log(PRELUDE_LOG_ERR, "couldn't open config file %s.\n", env); + return -1; + } + +diff -Nru tests/Makefile.in tests/Makefile.in +--- ./tests/Makefile.in 2016-09-15 09:03:00.925000884 +0200 ++++ ./tests/Makefile.in 2017-01-28 18:22:00.268558881 +0100 +@@ -1362,7 +1362,10 @@ + cd $(top_srcdir)/prelude-lml && make + + check-am: +- $(srcdir)/loggrep.py $(top_srcdir)/plugins/pcre/ruleset/*.rules | $(top_srcdir)/src/prelude-lml --quiet --dry-run --metadata=nowrite,head --batch-mode --no-resolve --pcre --dump-unmatched --config $(srcdir)/prelude-lml.conf 2>&1 | $(GREP) -Fvf $(srcdir)/ignored ++ rm -rf plugins && mkdir plugins ++ cp $(top_srcdir)/plugins/*/.libs/*.so plugins ++ ./loggrep.py regex.test | PRELUDE_LML_PLUGIN_DIR=plugins PRELUDE_LML_REGEX_CONF=plugins.rules $(top_srcdir)/src/prelude-lml --quiet --dry-run --metadata=nowrite,head --batch-mode --no-resolve --pcre --dump-unmatched --config $(srcdir)/prelude-lml.conf 2>&1 | $(GREP) -Fvf $(srcdir)/ignored ++ rm -rf plugins + + -include $(top_srcdir)/git.mk + +diff -Nru tests/plugins.rules tests/plugins.rules +--- ./tests/plugins.rules 1970-01-01 01:00:00.000000000 +0100 ++++ ./tests/plugins.rules 2017-01-28 18:20:24.857682680 +0100 +@@ -0,0 +1 @@ ++ * Pcre - * +diff -Nru tests/prelude-lml.conf tests/prelude-lml.conf +--- ./tests/prelude-lml.conf 2016-09-15 08:49:20.172000884 +0200 ++++ ./tests/prelude-lml.conf 2017-01-28 18:20:30.037567378 +0100 +@@ -3,51 +3,5 @@ + prefix-regex = "^(?P.{15}) (?P\S+) (?:(?P\S+?)(?:\[(?P[0-9]+)\])?: )?" + file = - + +-[format=apache] +-time-format = "%d/%b/%Y:%H:%M:%S" +-prefix-regex = "(?P\S+) \S+ \S+ \[(?P.{20}) [+-].{4}\] " +-file = - +- +-[format=apache-error] +-#[Sat Mar 12 22:56:12 2005] [error] [client 127.0.0.1] +-time-format = "%a %b %d %H:%M:%S %Y" +-prefix-regex = "^\[(?P.{24})\]" +-file = - +- +-[format=checkpoint] +-time-format = "%d%b%Y %H:%M:%S" +-prefix-regex = "^(?P.{20})" +-file = - +- +-[format=squid] +-#2005/11/28 06:00:44| +-time-format = "%Y/%m/%d %H:%M:%S" +-prefix-regex = "^(?P.{19})\| " +-file = - +- +-[format=honeyd] +-#2006-08-18-12:21:12.1239 +-time-format = "%Y-%m-%d-%H:%M:%S" +-prefix-regex = "^(?P.{19})\." +-file = - +- +-[format=honeytrap] +-#[2007-05-26 16:48:09] +-time-format = "%Y-%m-%d %H:%M:%S" +-prefix-regex = "^\[(?P.{19})\]" +-file = - +- +-[format=kojoney] +-#2007/04/12 21:57 CEST +-time-format = "%Y/%m/%d %H:%M" +-prefix-regex = "^(?P.{16}) " +-file = - +- +-[format=rishi] +-#2007-05-20 12:49:57,644 +-time-format = "%Y-%m-%d %H:%M:%S" +-prefix-regex = "^(?P.{19})," +-file = - +- + [Pcre] +-ruleset=../plugins/pcre/ruleset/pcre.rules ++ruleset=./regex.test +diff -Nru tests/regex.test tests/regex.test +--- ./tests/regex.test 1970-01-01 01:00:00.000000000 +0100 ++++ ./tests/regex.test 2017-01-28 18:20:17.921837067 +0100 +@@ -0,0 +1,340 @@ ++#FULLNAME: SSH ++#VERSION: 1.0 ++#DESCRIPTION: SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network. ++ ++##### ++# ++# Copyright (C) 2002,2004 Nicolas Delon ++# Copyright (C) 2005 G Ramon Gomez ++# All Rights Reserved ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2, or (at your option) ++# any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License along ++# with this program; if not, write to the Free Software Foundation, Inc., ++# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++# ++##### ++ ++################### ++# Logging succeed # ++################### ++ ++#LOG:Dec 8 14:45:17 itguxweb1 sshd[32112]: Accepted publickey for root from 12.34.56.78 port 56634 ssh2 ++regex=for root from|user root; \ ++ id=1907; \ ++ assessment.impact.type=admin; \ ++ assessment.impact.severity=medium; \ ++ silent; chained ++ ++#LOG:Dec 8 14:45:17 itguxweb1 sshd[32112]: Accepted publickey for root from 12.34.56.78 port 56634 ssh2 ++#LOG:Jan 14 03:30:44 mail sshd[20298]: Accepted publickey for root from fec0:0:201::3 port 63018 ssh2 ++#LOG:Jan 14 03:30:44 mail sshd[20298]: Accepted publickey for john from fec0:0:201::3 port 63018 ssh2 ++#LOG:Dec 10 10:33:19 itguxweb2 sshd[29738]: Accepted password for ekwong from 12.34.56.78 port 39852 ssh2 ++regex=Accepted (\S+) for (\S+) from (\S+) port (\d+); \ ++ classification.text=Remote Login; \ ++ optgoto=1907; \ ++ id=1908; \ ++ revision=3; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=low; \ ++ assessment.impact.completion=succeeded; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=User $2 logged in from $3 port $4 using the $1 method; \ ++ source(0).node.address(0).address=$3; \ ++ source(0).service.port=$4; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$2; \ ++ additional_data(0).type=string; \ ++ additional_data(0).meaning=Authentication method; \ ++ additional_data(0).data=$1; \ ++ last; ++ ++ ++################ ++# Login failed # ++################ ++ ++#LOG:Dec 9 16:00:35 itguxweb2 sshd[24541]: Failed password for root from 12.34.56.78 port 1806 ++#LOG:Dec 9 21:29:56 devel5 sshd[17554]: Failed password for akarade from 12.34.56.78 port 4214 ++regex=Failed (\S+) for (\S+) from (\S+) port (\d+); \ ++ optgoto=1907; \ ++ classification.text=Remote Login; \ ++ id=1902; \ ++ revision=3; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=Someone tried to login as $2 from $3 port $4 using the $1 method; \ ++ source(0).node.address(0).address=$3; \ ++ source(0).service.port=$4; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$2; \ ++ additional_data(0).type=string; \ ++ additional_data(0).meaning=Authentication method; \ ++ additional_data(0).data=$1; \ ++ last ++ ++ ++############################################## ++# Invalid (not existing) user tried to login # ++############################################## ++ ++#LOG:Jan 20 14:10:02 blah sshd[25443]: Invalid user admin from 213.201.222.134 ++regex=(Illegal|Invalid) user (\S+) from (\S+); \ ++ classification.text=User login failed with an invalid user; \ ++ id=1904; \ ++ revision=2; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=Someone tried to login with the invalid user "$2" from $3; \ ++ source(0).node.address(0).address=$3; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$2; \ ++ last ++ ++################################################################################## ++# User listed in DenyGroups or DenyUsers (sshd_config directives) tried to login # ++################################################################################## ++ ++#LOG:Jan 6 22:50:24 localhost sshd[15489]: User nobody not allowed because none of user's groups are listed in AllowGroups ++regex=User (\S+) not allowed because (.*)listed in (\w+); \ ++ classification.text=User login failed with a denied user; \ ++ id=1905; \ ++ revision=3; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=User $1 failed to login because $2 listed in $3; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$1; \ ++ additional_data(0).type=string; \ ++ additional_data(0).meaning=ACL; \ ++ additional_data(0).data=$3; \ ++ additional_data(1).type=string; \ ++ additional_data(1).meaning=Failure reason; \ ++ additional_data(1).data=$2 listed in $3; \ ++ last ++ ++################################################################## ++# Sshd did not receive the identification string from the client # ++# (maybe a ssh server recognition) # ++################################################################## ++ ++#LOG:Jun 10 09:51:57 server sshd[9100]: Did not receive identification string from 1.2.3.4 ++regex=Did not receive identification string from (\S+); \ ++ classification.text=Server recognition; \ ++ id=1906; \ ++ revision=2; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=recon; \ ++ assessment.impact.description=$1 is probably making a server recognition; \ ++ source(0).node.address(0).address=$1; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ additional_data(0).type=string; \ ++ additional_data(0).meaning=Failure reason; \ ++ additional_data(0).data=Did not receive identification string; \ ++ last ++ ++######################################################################### ++# Forbidden root login # ++# (directive PermitRootLogin and keyword "no" or "forced-commands-only" # ++# of the sshd_config file) # ++######################################################################### ++ ++#LOG:Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4 ++regex=ROOT LOGIN REFUSED FROM (\S+); \ ++ classification.text=Admin login; \ ++ id=1909; \ ++ revision=2; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=admin; \ ++ assessment.impact.description=Root tried to login while it is forbidden; \ ++ source(0).node.address(0).address=$1; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=root; \ ++ last ++ ++ ++# Re: Generic Message Exchange Authentication For SSH ++# ++#LOG:Jan 14 08:19:21 ras sshd[22774]: input_userauth_request: invalid user remote-mail ++regex=input_userauth_request: (illegal|invalid) user (\S+); \ ++ classification.text=Invalid user in authentication request; \ ++ id=1910; \ ++ revision=3; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=General purpose authentication request was blocked. Reason: invalid user $2; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$2; \ ++ additional_data(0).type=string; \ ++ additional_data(0).meaning=Failure reason; \ ++ additional_data(0).data=$1 user; \ ++ last ++ ++# Re: Generic Message Exchange Authentication For SSH ++# ++# This rule catches several other combinations that can be output by ++# input_userauth_request() in auth2.c ++#LOG:Jan 14 08:19:21 ras sshd[22774]: input_userauth_request: invalid user remote-mail ++regex=input_userauth_request: (.+); \ ++ classification.text=Invalid user in authentication request; \ ++ id=1911; \ ++ revision=2; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=General purpose authentication request was blocked. Reason: $1; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ last ++ ++#LOG:Dec 9 18:48:29 itguxweb2 sshd[29536]: Failed password for illegal user ROOT from 12.34.56.78 port 2886 ++#LOG:Jan 14 08:19:21 ras sshd[22774]: Failed none for invalid user remote-mail from 192.168.1.22 port 65407 ssh2 ++#LOG:Jan 14 11:29:17 ras sshd[18163]: Failed publickey for invalid user fred from fec0:0:201::3 port 62788 ssh2 ++#LOG:Jan 14 11:29:17 ras sshd[18163]: Failed publickey for invalid user fred from 1.2.3.4 port 62788 ssh2 ++#LOG:Jan 14 11:29:17 ras sshd[18163]: Failed publickey for invalid user fred from hostname port 62788 ssh2 ++regex=Failed (\S+) for (illegal|invalid) user (\S+) from (\S+) port (\d+); \ ++ classification.text=Remote Login; \ ++ optgoto=1907; \ ++ id=1912; \ ++ revision=3; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=admin; \ ++ assessment.impact.description=Someone tried to login as $3 from $4 port $5 using the $1 method; \ ++ source(0).node.address(0).address=$4; \ ++ source(0).service.port=$5; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$3; \ ++ additional_data(0).type=string; \ ++ additional_data(0).meaning=Authentication method; \ ++ additional_data(0).data=$1; \ ++ additional_data(1).type=string; \ ++ additional_data(1).meaning=Failure reason; \ ++ additional_data(1).data=$2 user; \ ++ last ++ ++#LOG:Oct 2 14:40:05 suse-9.2 sshd[18725]: error: PAM: Authentication failure for root from unknown.anywhere.net ++#LOG:Oct 2 14:46:52 suse-9.2 sshd[18804]: error: PAM: Authentication failure for foobar from unknown.anywhere.net ++regex=error: PAM: Authentication failure for (\S+) from (\S+); \ ++ classification.text=Remote Login; \ ++ optgoto=1907; \ ++ id=1914; \ ++ revision=2; \ ++ analyzer(0).name=sshd; \ ++ analyzer(0).manufacturer=OpenSSH; \ ++ analyzer(0).class=Authentication; \ ++ assessment.impact.severity=medium; \ ++ assessment.impact.completion=failed; \ ++ assessment.impact.type=user; \ ++ assessment.impact.description=Someone tried to login as $1 from $2; \ ++ source(0).node.name=$2; \ ++ source(0).service.iana_protocol_name=tcp; \ ++ source(0).service.iana_protocol_number=6; \ ++ target(0).service.port=22; \ ++ target(0).service.name=ssh; \ ++ target(0).service.iana_protocol_name=tcp; \ ++ target(0).service.iana_protocol_number=6; \ ++ target(0).user.category=os-device; \ ++ target(0).user.user_id(0).type=target-user; \ ++ target(0).user.user_id(0).name=$1; \ ++ last diff --git a/prelude-lml-5.0.0-fix_etc_perms.patch b/prelude-lml-5.0.0-fix_etc_perms.patch new file mode 100644 index 0000000..28bba70 --- /dev/null +++ b/prelude-lml-5.0.0-fix_etc_perms.patch @@ -0,0 +1,39 @@ +--- ./Makefile.in 2016-09-15 09:03:01.116000884 +0200 ++++ ./Makefile.in 2017-01-26 07:38:35.217447516 +0100 +@@ -1762,9 +1762,9 @@ + + + install-data-local: +- $(INSTALL) -m 700 -d $(DESTDIR)$(configdir); +- $(INSTALL) -m 700 -d $(DESTDIR)$(lml_run_dir); +- $(INSTALL) -m 700 -d $(DESTDIR)$(metadata_dir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(configdir); ++ $(INSTALL) -m 755 -d $(DESTDIR)$(lml_run_dir); ++ $(INSTALL) -m 755 -d $(DESTDIR)$(metadata_dir) + @if test -f $(DESTDIR)$(configdir)/prelude-lml.conf; then \ + echo "********************************************************************************"; \ + echo; \ +@@ -1772,9 +1772,9 @@ + echo "Installing default configuration in $(DESTDIR)$(configdir)/prelude-lml.conf-dist"; \ + echo; \ + echo "********************************************************************************"; \ +- $(INSTALL) -m 600 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/prelude-lml.conf-dist; \ ++ $(INSTALL) -m 644 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/prelude-lml.conf-dist; \ + else \ +- $(INSTALL) -m 600 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/; \ ++ $(INSTALL) -m 644 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/; \ + fi + @if test -f $(DESTDIR)$(configdir)/plugins.rules; then \ + echo "********************************************************************************"; \ +@@ -1783,9 +1783,9 @@ + echo "Installing default configuration in $(DESTDIR)$(configdir)/plugins.rules-dist"; \ + echo; \ + echo "********************************************************************************"; \ +- $(INSTALL) -m 600 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/plugins.rules-dist; \ ++ $(INSTALL) -m 644 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/plugins.rules-dist; \ + else \ +- $(INSTALL) -m 600 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/; \ ++ $(INSTALL) -m 644 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/; \ + fi + + uninstall-local: diff --git a/prelude-lml-5.0.0-fix_libmissing_tests.patch b/prelude-lml-5.0.0-fix_libmissing_tests.patch new file mode 100644 index 0000000..c2e5258 --- /dev/null +++ b/prelude-lml-5.0.0-fix_libmissing_tests.patch @@ -0,0 +1,449 @@ +--- ./libmissing/tests/Makefile.in 2018-12-23 23:02:42.650000000 +0100 ++++ ./libmissing/tests/Makefile.in 2019-07-14 16:38:32.317816764 +0200 +@@ -129,18 +129,17 @@ + test-langinfo$(EXEEXT) test-limits-h$(EXEEXT) \ + test-listen$(EXEEXT) test-locale$(EXEEXT) \ + test-localeconv$(EXEEXT) test-localename$(EXEEXT) \ +- test-rwlock1$(EXEEXT) test-lock$(EXEEXT) test-once1$(EXEEXT) \ +- test-once2$(EXEEXT) test-lseek.sh test-lstat$(EXEEXT) \ +- test-malloca$(EXEEXT) test-mbrtowc1.sh test-mbrtowc2.sh \ +- test-mbrtowc3.sh test-mbrtowc4.sh test-mbrtowc5.sh \ +- test-mbrtowc-w32-1.sh test-mbrtowc-w32-2.sh \ +- test-mbrtowc-w32-3.sh test-mbrtowc-w32-4.sh \ +- test-mbrtowc-w32-5.sh test-mbsinit.sh test-mbsrtowcs1.sh \ +- test-mbsrtowcs2.sh test-mbsrtowcs3.sh test-mbsrtowcs4.sh \ +- test-memchr$(EXEEXT) test-nanosleep$(EXEEXT) \ +- test-netdb$(EXEEXT) test-netinet_in$(EXEEXT) \ +- test-nl_langinfo.sh test-open$(EXEEXT) test-pathmax$(EXEEXT) \ +- test-perror.sh test-perror2$(EXEEXT) test-pipe$(EXEEXT) \ ++ test-lseek.sh test-lstat$(EXEEXT) test-malloca$(EXEEXT) \ ++ test-mbrtowc1.sh test-mbrtowc2.sh test-mbrtowc3.sh \ ++ test-mbrtowc4.sh test-mbrtowc5.sh test-mbrtowc-w32-1.sh \ ++ test-mbrtowc-w32-2.sh test-mbrtowc-w32-3.sh \ ++ test-mbrtowc-w32-4.sh test-mbrtowc-w32-5.sh test-mbsinit.sh \ ++ test-mbsrtowcs1.sh test-mbsrtowcs2.sh test-mbsrtowcs3.sh \ ++ test-mbsrtowcs4.sh test-memchr$(EXEEXT) \ ++ test-nanosleep$(EXEEXT) test-netdb$(EXEEXT) \ ++ test-netinet_in$(EXEEXT) test-nl_langinfo.sh \ ++ test-open$(EXEEXT) test-pathmax$(EXEEXT) test-perror.sh \ ++ test-perror2$(EXEEXT) test-pipe$(EXEEXT) \ + test-pthread_sigmask1$(EXEEXT) test-pthread_sigmask2$(EXEEXT) \ + test-raise$(EXEEXT) test-recvfrom$(EXEEXT) \ + test-scratch-buffer$(EXEEXT) test-select$(EXEEXT) \ +@@ -158,8 +157,7 @@ + test-sys_ioctl$(EXEEXT) test-sys_select$(EXEEXT) \ + test-sys_socket$(EXEEXT) test-sys_stat$(EXEEXT) \ + test-sys_time$(EXEEXT) test-sys_types$(EXEEXT) \ +- test-sys_uio$(EXEEXT) test-init.sh test-thread_self$(EXEEXT) \ +- test-thread_create$(EXEEXT) test-time$(EXEEXT) \ ++ test-sys_uio$(EXEEXT) test-init.sh test-time$(EXEEXT) \ + test-unistd$(EXEEXT) test-unsetenv$(EXEEXT) \ + test-usleep$(EXEEXT) test-vasnprintf$(EXEEXT) \ + test-verify$(EXEEXT) test-verify.sh test-wchar$(EXEEXT) \ +@@ -195,14 +193,13 @@ + test-langinfo$(EXEEXT) test-limits-h$(EXEEXT) \ + test-listen$(EXEEXT) test-locale$(EXEEXT) \ + test-localeconv$(EXEEXT) test-localename$(EXEEXT) \ +- test-rwlock1$(EXEEXT) test-lock$(EXEEXT) test-once1$(EXEEXT) \ +- test-once2$(EXEEXT) test-lseek$(EXEEXT) test-lstat$(EXEEXT) \ +- test-malloca$(EXEEXT) test-mbrtowc$(EXEEXT) \ +- test-mbrtowc-w32$(EXEEXT) test-mbsinit$(EXEEXT) \ +- test-mbsrtowcs$(EXEEXT) test-memchr$(EXEEXT) \ +- test-nanosleep$(EXEEXT) test-netdb$(EXEEXT) \ +- test-netinet_in$(EXEEXT) test-nl_langinfo$(EXEEXT) \ +- test-open$(EXEEXT) test-pathmax$(EXEEXT) test-perror$(EXEEXT) \ ++ test-lseek$(EXEEXT) test-lstat$(EXEEXT) test-malloca$(EXEEXT) \ ++ test-mbrtowc$(EXEEXT) test-mbrtowc-w32$(EXEEXT) \ ++ test-mbsinit$(EXEEXT) test-mbsrtowcs$(EXEEXT) \ ++ test-memchr$(EXEEXT) test-nanosleep$(EXEEXT) \ ++ test-netdb$(EXEEXT) test-netinet_in$(EXEEXT) \ ++ test-nl_langinfo$(EXEEXT) test-open$(EXEEXT) \ ++ test-pathmax$(EXEEXT) test-perror$(EXEEXT) \ + test-perror2$(EXEEXT) test-pipe$(EXEEXT) \ + test-pthread_sigmask1$(EXEEXT) test-pthread_sigmask2$(EXEEXT) \ + test-raise$(EXEEXT) test-recvfrom$(EXEEXT) \ +@@ -222,11 +219,10 @@ + test-sys_ioctl$(EXEEXT) test-sys_select$(EXEEXT) \ + test-sys_socket$(EXEEXT) test-sys_stat$(EXEEXT) \ + test-sys_time$(EXEEXT) test-sys_types$(EXEEXT) \ +- test-sys_uio$(EXEEXT) test-thread_self$(EXEEXT) \ +- test-thread_create$(EXEEXT) test-time$(EXEEXT) \ +- test-unistd$(EXEEXT) test-unsetenv$(EXEEXT) \ +- test-usleep$(EXEEXT) test-vasnprintf$(EXEEXT) \ +- test-verify$(EXEEXT) test-wchar$(EXEEXT) test-wcrtomb$(EXEEXT) \ ++ test-sys_uio$(EXEEXT) test-time$(EXEEXT) test-unistd$(EXEEXT) \ ++ test-unsetenv$(EXEEXT) test-usleep$(EXEEXT) \ ++ test-vasnprintf$(EXEEXT) test-verify$(EXEEXT) \ ++ test-wchar$(EXEEXT) test-wcrtomb$(EXEEXT) \ + test-wcrtomb-w32$(EXEEXT) test-wctype-h$(EXEEXT) + EXTRA_PROGRAMS = test-verify-try$(EXEEXT) + subdir = libmissing/tests +@@ -747,9 +743,6 @@ + test_localename_OBJECTS = test-localename.$(OBJEXT) + test_localename_DEPENDENCIES = $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) +-test_lock_SOURCES = test-lock.c +-test_lock_OBJECTS = test-lock.$(OBJEXT) +-test_lock_DEPENDENCIES = $(am__DEPENDENCIES_2) + test_lseek_SOURCES = test-lseek.c + test_lseek_OBJECTS = test-lseek.$(OBJEXT) + test_lseek_LDADD = $(LDADD) +@@ -813,12 +806,6 @@ + test_nl_langinfo_DEPENDENCIES = libtests.a \ + ../../libmissing/libmissing.la libtests.a \ + $(am__DEPENDENCIES_1) +-am_test_once1_OBJECTS = test-once.$(OBJEXT) +-test_once1_OBJECTS = $(am_test_once1_OBJECTS) +-test_once1_DEPENDENCIES = $(am__DEPENDENCIES_2) +-am_test_once2_OBJECTS = test-once.$(OBJEXT) +-test_once2_OBJECTS = $(am_test_once2_OBJECTS) +-test_once2_DEPENDENCIES = $(am__DEPENDENCIES_2) + test_open_SOURCES = test-open.c + test_open_OBJECTS = test-open.$(OBJEXT) + test_open_LDADD = $(LDADD) +@@ -858,9 +845,6 @@ + test_recvfrom_SOURCES = test-recvfrom.c + test_recvfrom_OBJECTS = test-recvfrom.$(OBJEXT) + test_recvfrom_DEPENDENCIES = $(am__DEPENDENCIES_2) +-test_rwlock1_SOURCES = test-rwlock1.c +-test_rwlock1_OBJECTS = test-rwlock1.$(OBJEXT) +-test_rwlock1_DEPENDENCIES = $(am__DEPENDENCIES_2) + am_test_scratch_buffer_OBJECTS = test-scratch-buffer.$(OBJEXT) + test_scratch_buffer_OBJECTS = $(am_test_scratch_buffer_OBJECTS) + test_scratch_buffer_LDADD = $(LDADD) +@@ -1028,12 +1012,6 @@ + test_sys_uio_LDADD = $(LDADD) + test_sys_uio_DEPENDENCIES = libtests.a ../../libmissing/libmissing.la \ + libtests.a $(am__DEPENDENCIES_1) +-test_thread_create_SOURCES = test-thread_create.c +-test_thread_create_OBJECTS = test-thread_create.$(OBJEXT) +-test_thread_create_DEPENDENCIES = $(am__DEPENDENCIES_2) +-test_thread_self_SOURCES = test-thread_self.c +-test_thread_self_OBJECTS = test-thread_self.$(OBJEXT) +-test_thread_self_DEPENDENCIES = $(am__DEPENDENCIES_2) + test_time_SOURCES = test-time.c + test_time_OBJECTS = test-time.$(OBJEXT) + test_time_LDADD = $(LDADD) +@@ -1144,25 +1122,23 @@ + test-intprops.c test-inttypes.c test-ioctl.c test-isblank.c \ + test-langinfo.c test-limits-h.c test-listen.c \ + test-localcharset.c test-locale.c test-localeconv.c \ +- test-localename.c test-lock.c test-lseek.c test-lstat.c \ +- test-malloca.c test-mbrtowc.c test-mbrtowc-w32.c \ +- test-mbsinit.c test-mbsrtowcs.c test-memchr.c test-nanosleep.c \ +- test-netdb.c test-netinet_in.c test-nl_langinfo.c \ +- $(test_once1_SOURCES) $(test_once2_SOURCES) test-open.c \ ++ test-localename.c test-lseek.c test-lstat.c test-malloca.c \ ++ test-mbrtowc.c test-mbrtowc-w32.c test-mbsinit.c \ ++ test-mbsrtowcs.c test-memchr.c test-nanosleep.c test-netdb.c \ ++ test-netinet_in.c test-nl_langinfo.c test-open.c \ + test-pathmax.c test-perror.c test-perror2.c test-pipe.c \ + test-pthread_sigmask1.c test-pthread_sigmask2.c test-raise.c \ +- test-recvfrom.c test-rwlock1.c $(test_scratch_buffer_SOURCES) \ +- test-select.c test-select-fd.c test-select-stdin.c \ +- test-setenv.c test-setlocale1.c test-setlocale2.c \ +- test-setsockopt.c test-sigaction.c test-signal-h.c \ +- test-sigprocmask.c test-sleep.c test-snprintf.c test-sockets.c \ +- test-stat.c test-stat-time.c test-stdalign.c test-stdbool.c \ +- test-stddef.c test-stdint.c test-stdio.c test-stdlib.c \ +- test-strerror.c test-strerror_r.c test-string.c test-strings.c \ +- test-symlink.c test-sys_ioctl.c test-sys_select.c \ +- test-sys_socket.c test-sys_stat.c test-sys_time.c \ +- test-sys_types.c test-sys_uio.c test-thread_create.c \ +- test-thread_self.c test-time.c test-unistd.c test-unsetenv.c \ ++ test-recvfrom.c $(test_scratch_buffer_SOURCES) test-select.c \ ++ test-select-fd.c test-select-stdin.c test-setenv.c \ ++ test-setlocale1.c test-setlocale2.c test-setsockopt.c \ ++ test-sigaction.c test-signal-h.c test-sigprocmask.c \ ++ test-sleep.c test-snprintf.c test-sockets.c test-stat.c \ ++ test-stat-time.c test-stdalign.c test-stdbool.c test-stddef.c \ ++ test-stdint.c test-stdio.c test-stdlib.c test-strerror.c \ ++ test-strerror_r.c test-string.c test-strings.c test-symlink.c \ ++ test-sys_ioctl.c test-sys_select.c test-sys_socket.c \ ++ test-sys_stat.c test-sys_time.c test-sys_types.c \ ++ test-sys_uio.c test-time.c test-unistd.c test-unsetenv.c \ + test-usleep.c test-vasnprintf.c test-verify.c \ + test-verify-try.c test-wchar.c test-wcrtomb.c \ + test-wcrtomb-w32.c test-wctype-h.c +@@ -1184,25 +1160,23 @@ + test-intprops.c test-inttypes.c test-ioctl.c test-isblank.c \ + test-langinfo.c test-limits-h.c test-listen.c \ + test-localcharset.c test-locale.c test-localeconv.c \ +- test-localename.c test-lock.c test-lseek.c test-lstat.c \ +- test-malloca.c test-mbrtowc.c test-mbrtowc-w32.c \ +- test-mbsinit.c test-mbsrtowcs.c test-memchr.c test-nanosleep.c \ +- test-netdb.c test-netinet_in.c test-nl_langinfo.c \ +- $(test_once1_SOURCES) $(test_once2_SOURCES) test-open.c \ ++ test-localename.c test-lseek.c test-lstat.c test-malloca.c \ ++ test-mbrtowc.c test-mbrtowc-w32.c test-mbsinit.c \ ++ test-mbsrtowcs.c test-memchr.c test-nanosleep.c test-netdb.c \ ++ test-netinet_in.c test-nl_langinfo.c test-open.c \ + test-pathmax.c test-perror.c test-perror2.c test-pipe.c \ + test-pthread_sigmask1.c test-pthread_sigmask2.c test-raise.c \ +- test-recvfrom.c test-rwlock1.c $(test_scratch_buffer_SOURCES) \ +- test-select.c test-select-fd.c test-select-stdin.c \ +- test-setenv.c test-setlocale1.c test-setlocale2.c \ +- test-setsockopt.c test-sigaction.c test-signal-h.c \ +- test-sigprocmask.c test-sleep.c test-snprintf.c test-sockets.c \ +- test-stat.c test-stat-time.c test-stdalign.c test-stdbool.c \ +- test-stddef.c test-stdint.c test-stdio.c test-stdlib.c \ +- test-strerror.c test-strerror_r.c test-string.c test-strings.c \ +- test-symlink.c test-sys_ioctl.c test-sys_select.c \ +- test-sys_socket.c test-sys_stat.c test-sys_time.c \ +- test-sys_types.c test-sys_uio.c test-thread_create.c \ +- test-thread_self.c test-time.c test-unistd.c test-unsetenv.c \ ++ test-recvfrom.c $(test_scratch_buffer_SOURCES) test-select.c \ ++ test-select-fd.c test-select-stdin.c test-setenv.c \ ++ test-setlocale1.c test-setlocale2.c test-setsockopt.c \ ++ test-sigaction.c test-signal-h.c test-sigprocmask.c \ ++ test-sleep.c test-snprintf.c test-sockets.c test-stat.c \ ++ test-stat-time.c test-stdalign.c test-stdbool.c test-stddef.c \ ++ test-stdint.c test-stdio.c test-stdlib.c test-strerror.c \ ++ test-strerror_r.c test-string.c test-strings.c test-symlink.c \ ++ test-sys_ioctl.c test-sys_select.c test-sys_socket.c \ ++ test-sys_stat.c test-sys_time.c test-sys_types.c \ ++ test-sys_uio.c test-time.c test-unistd.c test-unsetenv.c \ + test-usleep.c test-vasnprintf.c test-verify.c \ + test-verify-try.c test-wchar.c test-wcrtomb.c \ + test-wcrtomb-w32.c test-wctype-h.c +@@ -2563,12 +2537,11 @@ + test-listen.c signature.h macros.h test-localcharset.c \ + test-locale.c test-localeconv.c signature.h macros.h \ + localename.h test-localename.c macros.h localtime-buffer.c \ +- localtime-buffer.h test-rwlock1.c test-lock.c test-once.c \ +- test-lseek.c test-lseek.sh signature.h macros.h test-lstat.h \ +- test-lstat.c signature.h macros.h test-malloca.c \ +- test-mbrtowc1.sh test-mbrtowc2.sh test-mbrtowc3.sh \ +- test-mbrtowc4.sh test-mbrtowc5.sh test-mbrtowc.c \ +- test-mbrtowc-w32-1.sh test-mbrtowc-w32-2.sh \ ++ localtime-buffer.h test-lseek.c test-lseek.sh signature.h \ ++ macros.h test-lstat.h test-lstat.c signature.h macros.h \ ++ test-malloca.c test-mbrtowc1.sh test-mbrtowc2.sh \ ++ test-mbrtowc3.sh test-mbrtowc4.sh test-mbrtowc5.sh \ ++ test-mbrtowc.c test-mbrtowc-w32-1.sh test-mbrtowc-w32-2.sh \ + test-mbrtowc-w32-3.sh test-mbrtowc-w32-4.sh \ + test-mbrtowc-w32-5.sh test-mbrtowc-w32.c signature.h macros.h \ + test-mbsinit.sh test-mbsinit.c signature.h macros.h \ +@@ -2605,13 +2578,12 @@ + test-symlink.c signature.h macros.h test-sys_ioctl.c \ + test-sys_select.c signature.h test-sys_socket.c \ + test-sys_stat.c test-sys_time.c test-sys_types.c \ +- test-sys_uio.c init.sh test-init.sh test-thread_self.c \ +- test-thread_create.c macros.h $(top_srcdir)/./config.rpath \ +- test-time.c test-unistd.c unsetenv.c test-unsetenv.c \ +- signature.h macros.h usleep.c test-usleep.c signature.h \ +- macros.h test-vasnprintf.c macros.h test-verify.c \ +- test-verify-try.c test-verify.sh test-wchar.c wcrtomb.c \ +- test-wcrtomb.sh test-wcrtomb.c test-wcrtomb-w32-1.sh \ ++ test-sys_uio.c init.sh test-init.sh \ ++ $(top_srcdir)/./config.rpath test-time.c test-unistd.c \ ++ unsetenv.c test-unsetenv.c signature.h macros.h usleep.c \ ++ test-usleep.c signature.h macros.h test-vasnprintf.c macros.h \ ++ test-verify.c test-verify-try.c test-verify.sh test-wchar.c \ ++ wcrtomb.c test-wcrtomb.sh test-wcrtomb.c test-wcrtomb-w32-1.sh \ + test-wcrtomb-w32-2.sh test-wcrtomb-w32-3.sh \ + test-wcrtomb-w32-4.sh test-wcrtomb-w32-5.sh test-wcrtomb-w32.c \ + signature.h macros.h wctob.c wctomb-impl.h wctomb.c \ +@@ -2661,12 +2633,6 @@ + test_inet_pton_LDADD = $(LDADD) @INET_PTON_LIB@ + test_listen_LDADD = $(LDADD) @LIBSOCKET@ + test_localename_LDADD = $(LDADD) @INTL_MACOSX_LIBS@ $(LIBTHREAD) +-test_rwlock1_LDADD = $(LDADD) @LIBMULTITHREAD@ @YIELD_LIB@ +-test_lock_LDADD = $(LDADD) @LIBMULTITHREAD@ @YIELD_LIB@ +-test_once1_SOURCES = test-once.c +-test_once1_LDADD = $(LDADD) @LIBTHREAD@ +-test_once2_SOURCES = test-once.c +-test_once2_LDADD = $(LDADD) @LIBMULTITHREAD@ + test_nanosleep_LDADD = $(LDADD) $(LIB_NANOSLEEP) + test_pthread_sigmask1_LDADD = $(LDADD) @LIB_PTHREAD_SIGMASK@ + test_pthread_sigmask2_LDADD = $(LDADD) @LIB_PTHREAD_SIGMASK@ @LIBMULTITHREAD@ +@@ -2699,8 +2665,6 @@ + test_sockets_LDADD = $(LDADD) @LIBSOCKET@ + test_stat_LDADD = $(LDADD) $(LIBINTL) + test_stat_time_LDADD = $(LDADD) $(LIB_NANOSLEEP) +-test_thread_self_LDADD = $(LDADD) @LIBTHREAD@ +-test_thread_create_LDADD = $(LDADD) @LIBMULTITHREAD@ + all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +@@ -3026,10 +2990,6 @@ + @rm -f test-localename$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_localename_OBJECTS) $(test_localename_LDADD) $(LIBS) + +-test-lock$(EXEEXT): $(test_lock_OBJECTS) $(test_lock_DEPENDENCIES) $(EXTRA_test_lock_DEPENDENCIES) +- @rm -f test-lock$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(test_lock_OBJECTS) $(test_lock_LDADD) $(LIBS) +- + test-lseek$(EXEEXT): $(test_lseek_OBJECTS) $(test_lseek_DEPENDENCIES) $(EXTRA_test_lseek_DEPENDENCIES) + @rm -f test-lseek$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_lseek_OBJECTS) $(test_lseek_LDADD) $(LIBS) +@@ -3078,14 +3038,6 @@ + @rm -f test-nl_langinfo$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_nl_langinfo_OBJECTS) $(test_nl_langinfo_LDADD) $(LIBS) + +-test-once1$(EXEEXT): $(test_once1_OBJECTS) $(test_once1_DEPENDENCIES) $(EXTRA_test_once1_DEPENDENCIES) +- @rm -f test-once1$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(test_once1_OBJECTS) $(test_once1_LDADD) $(LIBS) +- +-test-once2$(EXEEXT): $(test_once2_OBJECTS) $(test_once2_DEPENDENCIES) $(EXTRA_test_once2_DEPENDENCIES) +- @rm -f test-once2$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(test_once2_OBJECTS) $(test_once2_LDADD) $(LIBS) +- + test-open$(EXEEXT): $(test_open_OBJECTS) $(test_open_DEPENDENCIES) $(EXTRA_test_open_DEPENDENCIES) + @rm -f test-open$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_open_OBJECTS) $(test_open_LDADD) $(LIBS) +@@ -3122,10 +3074,6 @@ + @rm -f test-recvfrom$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_recvfrom_OBJECTS) $(test_recvfrom_LDADD) $(LIBS) + +-test-rwlock1$(EXEEXT): $(test_rwlock1_OBJECTS) $(test_rwlock1_DEPENDENCIES) $(EXTRA_test_rwlock1_DEPENDENCIES) +- @rm -f test-rwlock1$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(test_rwlock1_OBJECTS) $(test_rwlock1_LDADD) $(LIBS) +- + test-scratch-buffer$(EXEEXT): $(test_scratch_buffer_OBJECTS) $(test_scratch_buffer_DEPENDENCIES) $(EXTRA_test_scratch_buffer_DEPENDENCIES) + @rm -f test-scratch-buffer$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_scratch_buffer_OBJECTS) $(test_scratch_buffer_LDADD) $(LIBS) +@@ -3262,14 +3210,6 @@ + @rm -f test-sys_uio$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_sys_uio_OBJECTS) $(test_sys_uio_LDADD) $(LIBS) + +-test-thread_create$(EXEEXT): $(test_thread_create_OBJECTS) $(test_thread_create_DEPENDENCIES) $(EXTRA_test_thread_create_DEPENDENCIES) +- @rm -f test-thread_create$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(test_thread_create_OBJECTS) $(test_thread_create_LDADD) $(LIBS) +- +-test-thread_self$(EXEEXT): $(test_thread_self_OBJECTS) $(test_thread_self_DEPENDENCIES) $(EXTRA_test_thread_self_DEPENDENCIES) +- @rm -f test-thread_self$(EXEEXT) +- $(AM_V_CCLD)$(LINK) $(test_thread_self_OBJECTS) $(test_thread_self_LDADD) $(LIBS) +- + test-time$(EXEEXT): $(test_time_OBJECTS) $(test_time_DEPENDENCIES) $(EXTRA_test_time_DEPENDENCIES) + @rm -f test-time$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(test_time_OBJECTS) $(test_time_LDADD) $(LIBS) +@@ -3419,7 +3359,6 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-locale.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-localeconv.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-localename.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-lock.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-lseek.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-lstat.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-malloca.Po@am__quote@ +@@ -3432,7 +3371,6 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-netdb.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-netinet_in.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-nl_langinfo.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-once.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-open.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-pathmax.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-perror.Po@am__quote@ +@@ -3442,7 +3380,6 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-pthread_sigmask2.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-raise.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-recvfrom.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-rwlock1.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-scratch-buffer.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-select-fd.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-select-stdin.Po@am__quote@ +@@ -3477,8 +3414,6 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-sys_time.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-sys_types.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-sys_uio.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-thread_create.Po@am__quote@ +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-thread_self.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-time.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-unistd.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-unsetenv.Po@am__quote@ +@@ -4224,34 +4159,6 @@ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-rwlock1.log: test-rwlock1$(EXEEXT) +- @p='test-rwlock1$(EXEEXT)'; \ +- b='test-rwlock1'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-lock.log: test-lock$(EXEEXT) +- @p='test-lock$(EXEEXT)'; \ +- b='test-lock'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-once1.log: test-once1$(EXEEXT) +- @p='test-once1$(EXEEXT)'; \ +- b='test-once1'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-once2.log: test-once2$(EXEEXT) +- @p='test-once2$(EXEEXT)'; \ +- b='test-once2'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) + test-lseek.sh.log: test-lseek.sh + @p='test-lseek.sh'; \ + b='test-lseek.sh'; \ +@@ -4720,20 +4627,6 @@ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-thread_self.log: test-thread_self$(EXEEXT) +- @p='test-thread_self$(EXEEXT)'; \ +- b='test-thread_self'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ +- "$$tst" $(AM_TESTS_FD_REDIRECT) +-test-thread_create.log: test-thread_create$(EXEEXT) +- @p='test-thread_create$(EXEEXT)'; \ +- b='test-thread_create'; \ +- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ +- --log-file $$b.log --trs-file $$b.trs \ +- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) + test-time.log: test-time$(EXEEXT) + @p='test-time$(EXEEXT)'; \ +--- ./libmissing/tests/Makefile.am 2018-12-23 23:01:43.411000000 +0100 ++++ ./libmissing/tests/Makefile.am 2019-07-14 16:38:43.056599840 +0200 +@@ -781,20 +781,6 @@ + + ## end gnulib module lock + +-## begin gnulib module lock-tests +- +-TESTS += test-rwlock1 test-lock test-once1 test-once2 +-check_PROGRAMS += test-rwlock1 test-lock test-once1 test-once2 +-test_rwlock1_LDADD = $(LDADD) @LIBMULTITHREAD@ @YIELD_LIB@ +-test_lock_LDADD = $(LDADD) @LIBMULTITHREAD@ @YIELD_LIB@ +-test_once1_SOURCES = test-once.c +-test_once1_LDADD = $(LDADD) @LIBTHREAD@ +-test_once2_SOURCES = test-once.c +-test_once2_LDADD = $(LDADD) @LIBMULTITHREAD@ +-EXTRA_DIST += test-rwlock1.c test-lock.c test-once.c +- +-## end gnulib module lock-tests +- + ## begin gnulib module lseek-tests + + TESTS += test-lseek.sh +@@ -1429,16 +1415,6 @@ + + ## end gnulib module thread + +-## begin gnulib module thread-tests +- +-TESTS += test-thread_self test-thread_create +-check_PROGRAMS += test-thread_self test-thread_create +-test_thread_self_LDADD = $(LDADD) @LIBTHREAD@ +-test_thread_create_LDADD = $(LDADD) @LIBMULTITHREAD@ +-EXTRA_DIST += test-thread_self.c test-thread_create.c macros.h +- +-## end gnulib module thread-tests +- + ## begin gnulib module threadlib + + libtests_a_SOURCES += glthread/threadlib.c diff --git a/prelude-lml-5.0.0-gnutls_priority_set_direct.patch b/prelude-lml-5.0.0-gnutls_priority_set_direct.patch new file mode 100644 index 0000000..92b06ed --- /dev/null +++ b/prelude-lml-5.0.0-gnutls_priority_set_direct.patch @@ -0,0 +1,11 @@ +--- ./src/tcp-server-tls.c 2016-09-15 08:49:20.172000884 +0200 ++++ ./src/tcp-server-tls.c2 2017-02-07 01:10:30.904772287 +0100 +@@ -489,7 +489,7 @@ + #else + # define TLS_DH_STR "+ANON-DH" + #endif +- const char *pstring = "NORMAL:" TLS_DH_STR; ++ const char *pstring = "@SYSTEM:" TLS_DH_STR; + + gnutls_set_default_priority(session); + diff --git a/prelude-lml.spec b/prelude-lml.spec index 3d7f00d..d754eda 100644 --- a/prelude-lml.spec +++ b/prelude-lml.spec @@ -3,8 +3,8 @@ # prelude-lml-4.1.0-gnutls_priority_set_direct.patch Name: prelude-lml -Version: 4.1.0 -Release: 5%{?dist} +Version: 5.0.0 +Release: 1%{?dist} Summary: Log analyzer sensor with IDMEF output # Prelude is GPL-2.0+ # libmissing is LGPL-2.1+ @@ -14,11 +14,12 @@ Source0: https://www.prelude-siem.org/pkg/src/%{version}/%{name}-%{versio Source1: %{name}.service Source2: %{name}-tmpfiles.conf # https://www.prelude-siem.org/issues/862 -Patch0: prelude-lml-4.1.0-gnutls_priority_set_direct.patch +Patch0: prelude-lml-5.0.0-gnutls_priority_set_direct.patch # https://www.prelude-siem.org/issues/870 -Patch1: prelude-lml-4.1.0-fix_etc_perms.patch +Patch1: prelude-lml-5.0.0-fix_etc_perms.patch # https://www.prelude-siem.org/issues/872 -Patch2: prelude-lml-4.1.0-fix_check.patch +Patch2: prelude-lml-5.0.0-fix_check.patch +Patch3: prelude-lml-5.0.0-fix_libmissing_tests.patch %{?systemd_requires} BuildRequires: gcc BuildRequires: chrpath @@ -35,9 +36,9 @@ BuildRequires: valgrind %endif # Upstream do not use explicit version of gnulib, just checkout -# and update files. In libprelude 4.0.0, the checkout has been done -# on 2017-07-10 -Provides: bundled(gnulib) = 20170710 +# and update files. In prelude-lml 5.0.0, the checkout has been done +# on 2018-09-03 +Provides: bundled(gnulib) = 20180903 %description The Prelude Log Monitoring Lackey (LML) is the host-based sensor program part of @@ -138,6 +139,9 @@ make check %doc ChangeLog README NEWS AUTHORS %changelog +* Sun Jul 14 2019 Thomas Andrejak - 5.0.0-1 +- Bump version 5.0.0 + * Sat Feb 02 2019 Fedora Release Engineering - 4.1.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index 0a4e75e..22d72f7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (prelude-lml-4.1.0.tar.gz) = e34d542e3b9e12873f9e2a19e2573b32e2b686574cbc8678cefbb198d7397695f8a2512effb58be9e6703663158c2294d741e0f6f8db23c5541e58bdd3c7f035 +SHA512 (prelude-lml-5.0.0.tar.gz) = 11fa1aceba56c9331c54a76665f8e3e0b57f241bbf887659f6cb720e4484259cd76c6f0643f57dc5dce67bde9a6a196218caadf3b5e8b39f77de38e8d0b51732