Index: head/security/logcheck/Makefile =================================================================== --- head/security/logcheck/Makefile (revision 561860) +++ head/security/logcheck/Makefile (revision 561861) @@ -1,104 +1,105 @@ # Created by: Dan Langille # $FreeBSD$ PORTNAME= logcheck PORTVERSION= 1.3.20 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= DEBIAN_POOL DISTNAME= ${PORTNAME}_${PORTVERSION} MAINTAINER= yasu@utahime.org COMMENT= Auditing tool for system logs on Unix boxes LICENSE= GPLv2+ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= docbook-to-man>0:textproc/docbook-to-man RUN_DEPENDS= mime-construct:mail/mime-construct \ lockfile-create:sysutils/lockfile-progs \ bash:shells/bash # Enable Perl dependency for logtail script USES= perl5 shebangfix tar:xz LOGCHECK_USER= logcheck LOGCHECK_GROUP= ${LOGCHECK_USER} USERS= ${LOGCHECK_USER} GROUPS= ${LOGCHECK_GROUP} BASEDIR?= # None. portlint compliance DBDIR= ${BASEDIR}/var/db/${PORTNAME} RUNDIR= ${BASEDIR}/var/run/${PORTNAME} OPTIONS_DEFINE= CRON DOCS EXAMPLES CRON_DESC= Install cron script automatically .if !defined(BATCH) OPTIONS_DEFAULT=CRON .endif WRKSRC= ${WRKDIR}/${PORTNAME} BINMODE= 755 SUB_LIST+= LOGCHECK_USER=${LOGCHECK_USER} \ LOGCHECK_GROUP=${LOGCHECK_GROUP} \ DBDIR=${DBDIR} CRON=${PORT_OPTIONS:MCRON} SUB_FILES= pkg-install pkg-deinstall pkg-message PLIST_SUB+= LOGCHECK_USER=${LOGCHECK_USER} \ LOGCHECK_GROUP=${LOGCHECK_GROUP} \ DBDIR=${DBDIR} RUNDIR=${RUNDIR} SHEBANG_FILES= src/logcheck src/logtail src/logtail2 src/detectrotate/*.dtr CONFIG_DIRS= cracking.d ignore.d.paranoid ignore.d.server \ ignore.d.workstation violations.d violations.ignore.d DOCS= AUTHORS CHANGES CREDITS TODO docs/README* PORTDOCS= ${DOCS:T} MAN1_FILES= logcheck-test.1 MAN8_FILES= logcheck.8 logtail.8 logtail2.8 REINPLACE_FILES= debian/logcheck.cron.d docs/logcheck.sgml \ docs/logtail2.8 docs/README.logcheck \ docs/README.logcheck-database docs/README.logtail \ etc/logcheck.conf src/logcheck src/logtail2 .include do-build: .for file in ${REINPLACE_FILES} ${REINPLACE_CMD} ${_SUB_LIST_TEMP} ${WRKSRC}/${file} .endfor docbook-to-man ${WRKSRC}/docs/logcheck.sgml > ${WRKSRC}/docs/logcheck.8 ${FIND} ${WRKSRC} -type f \( -name \*.orig -o -name \*.bak \) -delete do-install: @${MKDIR} ${STAGEDIR}${DATADIR}/detectrotate \ ${STAGEDIR}${DBDIR} \ ${STAGEDIR}${DOCSDIR} \ ${STAGEDIR}${ETCDIR} \ ${STAGEDIR}${EXAMPLESDIR} \ ${STAGEDIR}${RUNDIR} ${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck-test ${STAGEDIR}${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/src/logcheck ${STAGEDIR}${PREFIX}/sbin ${INSTALL_SCRIPT} ${WRKSRC}/src/logtail ${STAGEDIR}${PREFIX}/sbin ${INSTALL_SCRIPT} ${WRKSRC}/src/logtail2 ${STAGEDIR}${PREFIX}/sbin ${INSTALL_DATA} ${WRKSRC}/etc/logcheck.conf \ ${STAGEDIR}${ETCDIR}/logcheck.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/logcheck.logfiles \ ${STAGEDIR}${ETCDIR}/logcheck.logfiles.sample .for i in ${CONFIG_DIRS} @${MKDIR} ${STAGEDIR}${ETCDIR}/${i} ${INSTALL_DATA} ${WRKSRC}/rulefiles/linux/${i}/* \ ${STAGEDIR}${ETCDIR}/${i} .endfor ${INSTALL_DATA} ${WRKSRC}/src/detectrotate/*.dtr \ ${STAGEDIR}${DATADIR}/detectrotate ${INSTALL_DATA} ${WRKSRC}/debian/logcheck.cron.d \ ${STAGEDIR}${EXAMPLESDIR}/crontab.in @${ECHO_CMD} '@exec ${CHGRP} -R ${LOGCHECK_GROUP} \ ${ETCDIR:S|^${PREFIX}/|%D/|} \ ${DATADIR:S|^${PREFIX}/|%D/|}' >> ${TMPPLIST} .for i in ${MAN1_FILES} ${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN1PREFIX}/man/man1 .endfor .for i in ${MAN8_FILES} ${INSTALL_MAN} ${WRKSRC}/docs/$i ${STAGEDIR}${MAN8PREFIX}/man/man8 .endfor cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR} .include Index: head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh =================================================================== --- head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh (revision 561860) +++ head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh (revision 561861) @@ -1,13 +1,22 @@ ---- rulefiles/linux/ignore.d.server/ssh.orig 2017-01-25 21:08:04 UTC +--- rulefiles/linux/ignore.d.server/ssh.orig 2019-03-01 22:27:31 UTC +++ rulefiles/linux/ignore.d.server/ssh +@@ -14,7 +14,7 @@ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]+:)11: (disconnected by user|Closed due to user request\.)$ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,255} \[preauth\]$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+$ @@ -27,8 +27,8 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: authentication error for( illegal user)? [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: unknown user for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: ssh_msg_send: write$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Timeout before authentication for [:[:alnum:].]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: (Connection (timed out|reset by peer)|Broken pipe)$ Index: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix =================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix (nonexistent) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix (revision 561861) @@ -0,0 +1,10 @@ +--- rulefiles/linux/ignore.d.paranoid/postfix.orig 2015-12-10 18:14:10 UTC ++++ rulefiles/linux/ignore.d.paranoid/postfix +@@ -1,5 +1,5 @@ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(local|pipe|virtual)\[[[:digit:]]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, |)relay=[^[:space:]]+, delay=[.[:digit:]]+, (delays=[.[:digit:]/]+, dsn=[.[:digit:]]+, )?status=[[:alnum:]]+ \(.*\)$ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-|)message-id=<[^[:space:]]+>$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(local|pipe|virtual)\[[[:digit:]]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, )?relay=[^[:space:]]+, delay=[.[:digit:]]+, (delays=[.[:digit:]/]+, dsn=[.[:digit:]]+, )?status=[[:alnum:]]+ \(.*\)$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-)?message-id=<[^[:space:]]+>$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/nqmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/pickup\[[[:digit:]]+\]: [[:alnum:]]+: uid=[[:digit:]]+ from=[^[:space:]]+$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/qmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$ Property changes on: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp =================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp (nonexistent) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp (revision 561861) @@ -0,0 +1,22 @@ +--- rulefiles/linux/ignore.d.server/dhcp.orig 2017-01-14 11:42:45 UTC ++++ rulefiles/linux/ignore.d.server/dhcp +@@ -10,13 +10,13 @@ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ + #Added for dhcp 3 +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+ \((not )?found\)$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|)\) via [._[:alnum:]-]+)?$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ Property changes on: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs =================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs (nonexistent) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs (revision 561861) @@ -0,0 +1,7 @@ +--- rulefiles/linux/ignore.d.server/nfs.orig 2015-12-10 18:14:10 UTC ++++ rulefiles/linux/ignore.d.server/nfs +@@ -1,2 +1,2 @@ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un)?mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un)?mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ Property changes on: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix =================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix (revision 561860) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix (revision 561861) @@ -1,11 +1,20 @@ --- rulefiles/linux/ignore.d.server/postfix.orig 2019-03-01 15:22:43 UTC +++ rulefiles/linux/ignore.d.server/postfix +@@ -8,7 +8,7 @@ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/anvil\[[[:digit:]]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at \w{3} [ :[:digit:]]{11}$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/anvil\[[[:digit:]]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :[:digit:]]{11}$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [[:xdigit:]]+: sender (delay|non-delivery|delivery status) notification: [[:xdigit:]]+$ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-|)message-id=]+>?( \(added by [^[:space:]]+\))?$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-)?message-id=]+>?( \(added by [^[:space:]]+\))?$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: milter-discard: END-OF-MESSAGE from [-._[:alnum:]]+\[([.[:digit:]]+|[:[:xdigit:]]+)\]: milter triggers DISCARD action; from=<[^[:space:]]*> to=<[^[:space:]]*> proto=E?SMTP helo=<[^[:space:]]+>$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:upper:][:digit:]]+: reject: header [^[:space:]]+:.+ from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=E?SMTP helo=<[^[:space:]]+>: .+$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:xdigit:]]+: milter-reject: END-OF-MESSAGE from [-._[:alnum:]]+\[[.[:digit:]]+\]: [45]\.7\.1 (virus [-._/[:alnum:]]+ detected by ClamAV - http://www\.clamav\.net|Command rejected); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$ @@ -60,7 +60,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: [^[:space:]]+ offered null AUTH mechanism list$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: mailer loop: best MX for [^[:space:]]+ is local$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: no MX host for [^[:space:]]+ has a valid (A|address) record$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: ((Anonymous|Trusted|Verified) )?TLS connection established (to|from) [^[:space:]]+: (TLSv1(\.[[:digit:]])?|SSLv[23]) with cipher [^[:space:]]+ \([/[:digit:]]+ bits\)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: ((Anonymous|Trusted|Verified) )?TLS connection established (to|from) [^[:space:]]+: (TLSv1(\.[[:digit:]])?|SSLv[23]) with cipher [^[:space:]]+ \([/[:digit:]]+ bits\)( key-exchange [^[:space:]]+ server-signature [^[:space:]]+ \([/[:digit:]]+ bits\) server-digest [^[:space:]]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: (Peer|Server) certificate could not be verified$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: Unverified: subject_CN=.*$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: Verified: subject_CN=.*, issuer=.*$ Index: head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel =================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel (nonexistent) +++ head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel (revision 561861) @@ -0,0 +1,6 @@ +--- rulefiles/linux/violations.d/kernel.orig 2015-12-10 18:14:10 UTC ++++ rulefiles/linux/violations.d/kernel +@@ -1,2 +1,2 @@ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error \(bad sector\): status=0x[[:xdigit:]]+ { DriveReady SeekComplete Error }$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error \(bad sector\): status=0x[[:xdigit:]]+ \{ DriveReady SeekComplete Error \}$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? end_request: I/O error, dev [[:alnum:]]+, sector [[:digit:]]+ Property changes on: head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property