diff --git a/security/logcheck/Makefile b/security/logcheck/Makefile
index 11831dceaf40..57395e7ab68f 100644
--- a/security/logcheck/Makefile
+++ b/security/logcheck/Makefile
@@ -1,105 +1,105 @@
 PORTNAME=	logcheck
-DISTVERSION=	1.4.1
+DISTVERSION=	1.4.2
 CATEGORIES=	security
 MASTER_SITES=	DEBIAN_POOL
 DISTNAME=	${PORTNAME}_${PORTVERSION}
 
 MAINTAINER=	yasu@FreeBSD.org
 COMMENT=	Auditing tool for system logs on Unix boxes
 WWW=		https://salsa.debian.org/debian/logcheck
 
 LICENSE=	GPLv2+
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	docbook-to-man>0:textproc/docbook-to-man
 RUN_DEPENDS=	bash:shells/bash \
 		lockfile-create:sysutils/lockfile-progs \
 		mime-construct:mail/mime-construct
 
 # Enable Perl dependency for logtail script
 USES=		perl5 shebangfix tar:xz
 SHEBANG_FILES=	src/detectrotate/*.dtr src/logcheck src/logtail src/logtail2
 BINMODE=	755
 SUB_FILES=	pkg-deinstall pkg-install pkg-message
 SUB_LIST+=	CRON=${PORT_OPTIONS:MCRON} \
 		DBDIR=${DBDIR} \
 		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
 		LOGCHECK_USER=${LOGCHECK_USER}
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 USERS=		${LOGCHECK_USER}
 GROUPS=		${LOGCHECK_GROUP}
 PLIST_SUB+=	CHGRP=${CHGRP} \
 		CHMOD=${CHMOD} \
 		DBDIR=${DBDIR} \
 		FIND=${FIND} \
 		LOGCHECK_GROUP=${LOGCHECK_GROUP} \
 		LOGCHECK_USER=${LOGCHECK_USER} \
 		RUNDIR=${RUNDIR}
 PORTDOCS=	${DOCS:T}
 
 OPTIONS_DEFINE=		CRON DOCS EXAMPLES
 OPTIONS_DEFAULT=	CRON
 CRON_DESC=		Install cron script automatically
 
 # None. portlint compliance
 BASEDIR?=
 CONFIG_DIRS=		cracking.d ignore.d.paranoid ignore.d.server \
 			ignore.d.workstation violations.d violations.ignore.d
 DBDIR=			${BASEDIR}/var/db/${PORTNAME}
 DOCS=			AUTHORS CHANGES CREDITS TODO docs/README*
 LOGCHECK_GROUP=		${LOGCHECK_USER}
 LOGCHECK_USER=		logcheck
 MAN1_FILES=		logcheck-test.1
 MAN8_FILES=		logcheck.8 logtail.8 logtail2.8
 REINPLACE_FILES=	debian/logcheck.cron.d docs/logcheck.sgml \
 			docs/logtail2.8 docs/README.logcheck \
 			docs/README.logcheck-database docs/README.logtail \
 			etc/logcheck.conf etc/logcheck.logfiles src/logcheck \
 			src/logtail2
 RUNDIR=			${BASEDIR}/var/run/${PORTNAME}
 
 .include <bsd.port.pre.mk>
 
 do-build:
 .for file in ${REINPLACE_FILES}
 	${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file}
 .endfor
 	docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8
 	${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete
 
 do-install:
 	@${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \
 		  ${STAGEDIR}${DBDIR} \
 		  ${STAGEDIR}${DOCSDIR} \
 		  ${STAGEDIR}${ETCDIR} \
 		  ${STAGEDIR}${ETCDIR}/logcheck.logfiles.d \
 		  ${STAGEDIR}${EXAMPLESDIR} \
 		  ${STAGEDIR}${RUNDIR}
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_SCRIPT} ${WRKSRC}/src/logtail2 ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.conf \
 		${STAGEDIR}${ETCDIR}/logcheck.conf.sample
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles \
 		${STAGEDIR}${ETCDIR}/
 	${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles.d/syslog.logfiles \
 		${STAGEDIR}${ETCDIR}/logcheck.logfiles.d/syslog.logfiles.sample
 .for i in ${CONFIG_DIRS}
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/${i}
 	${INSTALL_DATA} ${WRKSRC}/rulefiles/linux/${i}/* \
 		${STAGEDIR}${ETCDIR}/${i}
 .endfor
 	${INSTALL_DATA} ${WRKSRC}/src/detectrotate/*.dtr \
 		${STAGEDIR}${DATADIR}/detectrotate
 	${INSTALL_DATA} ${WRKSRC}/debian/logcheck.cron.d \
 		${STAGEDIR}${EXAMPLESDIR}/crontab.in
 .for i in ${MAN1_FILES}
 	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN1PREFIX}/man/man1
 .endfor
 .for i in ${MAN8_FILES}
 	${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN8PREFIX}/man/man8
 .endfor
 	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}
 
 .include <bsd.port.post.mk>
diff --git a/security/logcheck/distinfo b/security/logcheck/distinfo
index f8a41fb03453..f7eae3d435d1 100644
--- a/security/logcheck/distinfo
+++ b/security/logcheck/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1676208609
-SHA256 (logcheck_1.4.1.tar.xz) = 6ea06d7a4607c025cb45d7ab230d8b0245b26015a03f13ce109874817ca2d853
-SIZE (logcheck_1.4.1.tar.xz) = 138260
+TIMESTAMP = 1677745122
+SHA256 (logcheck_1.4.2.tar.xz) = 0c651deb31dc201f1584ecea292b259932bae6e3e8cef846db3109e89a7f217e
+SIZE (logcheck_1.4.2.tar.xz) = 138440
diff --git a/security/logcheck/files/patch-docs_README.logcheck b/security/logcheck/files/patch-docs_README.logcheck
index 0ad63ce7b395..13c4a91bb864 100644
--- a/security/logcheck/files/patch-docs_README.logcheck
+++ b/security/logcheck/files/patch-docs_README.logcheck
@@ -1,16 +1,11 @@
---- docs/README.logcheck.orig	2017-01-25 21:08:04 UTC
+--- docs/README.logcheck.orig	2023-03-01 22:37:09 UTC
 +++ docs/README.logcheck
-@@ -17,11 +17,11 @@ don't start overlapping.
- ======================================================================
- LOG ENTRIES
- -----------
--These are taken from a specified set of logfiles (usually syslog and
-+These are taken from a specified set of logfiles (usually messages and
- auth.log); a special Perl utility named "logtail" is used which
- "bookmarks" its place in the logs, so that events aren't reported
+@@ -21,7 +21,7 @@ These are taken from a specified set of logfiles (usua
+ journal and syslog); a special Perl utility named "logtail" is used
+ which "bookmarks" its place in the logs, so that events aren't reported
  twice in successive logcheck runs.  The offset records are stored as
 -(eg) "/var/lib/logcheck/offset.var.log.syslog"; lines to be
 +(eg) "%%DBDIR%%/offset.var.log.messages"; lines to be
  considered by logcheck are copied into tempfiles in the working
  directory "/var/tmp/logcheck".  See the corresponding README for
  logtail for further notes on complications such as log-rotation.
diff --git a/security/logcheck/files/patch-etc_logcheck.logfiles b/security/logcheck/files/patch-etc_logcheck.logfiles
index 1f2f8f8709af..6b0e38d74a4c 100644
--- a/security/logcheck/files/patch-etc_logcheck.logfiles
+++ b/security/logcheck/files/patch-etc_logcheck.logfiles
@@ -1,15 +1,15 @@
---- etc/logcheck.logfiles.orig	2023-02-10 21:19:27 UTC
+--- etc/logcheck.logfiles.orig	2023-03-01 22:30:51 UTC
 +++ etc/logcheck.logfiles
 @@ -1,10 +1,10 @@
  ## Logs that will be checked by logcheck
  #
  # This file is empty and all settings are in files (whose name must
 -# end in '.logfiles') under /etc/logcheck/logcheck.logfiles.d/
 +# end in '.logfiles') under %%ETCDIR%%/logcheck.logfiles.d/
  #
  # It is recommended that you put local settings into
--# /etc/logcheck.d/local.logfiles instead of editing this file
+-# /etc/logcheck/logcheck.logfiles.d/local.logfiles instead of editing this file
 +# %%ETCDIR%%/logcheck.logfiles.d/local.logfiles instead of editing this file
  #
  # Each line should be:
  # - an absolute path to a log
diff --git a/security/logcheck/files/patch-src_logcheck b/security/logcheck/files/patch-src_logcheck
index cd584e1e9827..933a2cd2bf81 100644
--- a/security/logcheck/files/patch-src_logcheck
+++ b/security/logcheck/files/patch-src_logcheck
@@ -1,97 +1,115 @@
---- src/logcheck.orig	2023-02-13 01:15:18 UTC
+--- src/logcheck.orig	2023-03-02 08:19:09 UTC
 +++ src/logcheck
 @@ -24,16 +24,16 @@
  
  if [ "$(id -u)" = 0 ]; then
      echo "logcheck should not be run as root. Use su to invoke logcheck:"
 -    echo "su -s /bin/bash -c \"/usr/sbin/logcheck${*:+ $*}\" logcheck"
 +    echo "su -m %%LOGCHECK_USER%% -c \"%%LOCALBASE%%/bin/bash %%LOCALBASE%%/sbin/logcheck${*:+ $*}\" logcheck"
      echo "Or use sudo: sudo -u logcheck logcheck${*:+ $*}."
      # you may want to uncomment that hack to let logcheck invoke itself.
 -    # su -s /bin/bash -c "$0 $*" logcheck
 +    # su -s %%LOCALBASE%%/bin/bash -c "$0 $*" logcheck
      exit 1
  fi
  
 -if [ ! -f /usr/bin/lockfile-create ] || \
 -   [ ! -f /usr/bin/lockfile-remove ] || \
 -   [ ! -f /usr/bin/lockfile-touch ]; then
 +if [ ! -f %%LOCALBASE%%/bin/lockfile-create ] || \
 +   [ ! -f %%LOCALBASE%%/bin/lockfile-remove ] || \
 +   [ ! -f %%LOCALBASE%%/bin/lockfile-touch ]; then
      echo "fatal: lockfile-progs is a prerequisite for logcheck, but was not found."
      exit 1
  fi
 @@ -71,13 +71,13 @@ EVENTSSUBJECT="System Events"
  ADDTAG="no"
  
  # Default paths
 -RULEDIR="/etc/logcheck"
 -CONFFILE="/etc/logcheck/logcheck.conf"
 -STATEDIR="/var/lib/logcheck"
 -LOGFILES_LIST="/etc/logcheck/logcheck.logfiles"
 -LOGFILES_LIST_D="/etc/logcheck/logcheck.logfiles.d"
 -LOGFILE_FALLBACK="/var/log/syslog"
 -LOGTAIL="/usr/sbin/logtail2"
 +RULEDIR="%%ETCDIR%%"
 +CONFFILE="%%ETCDIR%%/logcheck.conf"
 +STATEDIR="%%DBDIR%%"
 +LOGFILES_LIST="%%ETCDIR%%/logcheck.logfiles"
 +LOGFILES_LIST_D="%%ETCDIR%%/logcheck.logfiles.d"
 +LOGFILE_FALLBACK="/var/log/messages"
 +LOGTAIL="%%PREFIX%%/sbin/logtail2"
  SYSLOG_SUMMARY="/usr/bin/syslog-summary"
  
  # Defaults for options
 @@ -92,7 +92,7 @@ FQDN=0
  SORTUNIQ=0
  SUPPORT_CRACKING_IGNORE=0
  SYSLOGSUMMARY=0
 -LOCKDIR=/run/lock/logcheck
 +LOCKDIR=/var/run/logcheck
  LOCKFILE="$LOCKDIR/logcheck"
  
  # Allow globs to return zero files
 @@ -183,8 +183,8 @@ ${TMPDIR:+"- Check temporary directory: $TMPDIR"
  }
  - verify that the logcheck user can read all
  logfiles specified in;
 -  /etc/logcheck/logcheck.logfiles
 -  /etc/logcheck/logcheck.logfiled.d/*.logfiles
 +  %%ETCDIR%%/logcheck.logfiles
 +  %%ETCDIR%%/logcheck.logfiled.d/*.logfiles
  - check the system has enough space; (df -h output follows):
  $(df -h 2>&1|| :)
  - check the settings (environment follows):
 @@ -237,7 +237,7 @@ cleanrules() {
  								error "Could not read $x"
  						fi
  				done
 -				for rulefile in $(run-parts --list "$dir"); do
 +				for rulefile in $(ls -1R "$dir"); do
  						rulefile="$(basename "$rulefile")"
  						if [ -f "${dir}/${rulefile}" ]; then
  								debug "cleanrules: ${dir}/${rulefile} -> $cleaned/$rulefile"
-@@ -616,9 +616,9 @@ fi
+@@ -503,7 +503,7 @@ logoutput() {
+ 										 >> "$TMPDIR/report" || error "Could not write message about first-time check of journal to report"
+ 								echo "Only recent entries (from the last 5 hours) will be checked" \
+ 										 >> "$TMPDIR/report" || error "Could not write message about first-time check of journal to report"
+-								echo "If you do not wish to check the systemd journal, please see /etc/logcheck/logcheck.logfiles.d/journal.logfiles" \
++								echo "If you do not wish to check the systemd journal, please see %%ETCDIR%%/logcheck.logfiles.d/journal.logfiles" \
+ 										 >> "$TMPDIR/report" || error "Could not write message about first-time check of journal to report"
+ 								offsettime="--since=-5h"
+ 						fi
+@@ -587,7 +587,7 @@ debug "Sourcing - $CONFFILE"
+ 
+ # Now source the config file - before things that should not be changed
+ if [ -r "$CONFFILE" ]; then
+-		# shellcheck source=/etc/logcheck/logcheck.conf
++		# shellcheck source=%%ETCDIR%%/logcheck.conf
+ 		. "$CONFFILE"
+ elif [ -f "$CONFFILE" ]; then
+ 		error  "Config file $CONFFILE could not be read"
+@@ -618,9 +618,9 @@ fi
  
  # HOSTNAME is either 'fully qualified' or 'short'
  if [ "$FQDN" -eq 1 ]; then
 -		HOSTNAME="$(hostname --fqdn 2>/dev/null)"
 +		HOSTNAME="$(hostname -f 2>/dev/null)"
  else
 -		HOSTNAME="$(hostname --short 2>/dev/null)"
 +		HOSTNAME="$(hostname -s 2>/dev/null)"
  fi
  
  # Now check for the other options
-@@ -723,8 +723,8 @@ else
+@@ -725,8 +725,8 @@ else
  fi
  
  # Create a secure temporary working directory (or exit)
 -TMPDIR="$(mktemp -d -p "${TMP:-/tmp}" logcheck.XXXXXX)" \
 -		|| TMPDIR="$(mktemp -d -p /var/tmp logcheck.XXXXXX)" \
 +TMPDIR="$(mktemp -d ${TMP:-/tmp}/logcheck.XXXXXX)" \
 +		|| TMPDIR="$(mktemp -d /var/tmp/logcheck.XXXXXX)" \
  		|| error "Could not create temporary directory"
  
  debug "Using working dir: $TMPDIR"