logwatch: Fixes bug13762 - ssh logins not shown on Log Summary page

- Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd
   login data from the messages log as the daemon was changed to sshd-session.
- Therefore the daily logwatch files were missing the sshd information in them.
- A patch to add support for openssh-9.8 sshd-session and port info has been merged into
   the logwatch git system and will be included into the next released version of logwatch
- Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support.
- Update the previous three logwatch patches for version 7.11
- Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information
   into the Log Summary page.
- When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able
   to be removed.

Fixes: bug13762
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/patches/logwatch/logwatch-7.11-Added-support-for-OpenSSH-9.8-sshd-session-and-port-number.patch

@@ -0,0 +1,39 @@
+diff -Naur logwatch-7.11.orig/conf/services/secure.conf logwatch-7.11/conf/services/secure.conf
+--- logwatch-7.11.orig/conf/services/secure.conf	2016-03-09 21:14:35.000000000 +0100
++++ logwatch-7.11/conf/services/secure.conf	2024-08-27 14:48:48.453853293 +0200
+@@ -24,7 +24,7 @@
+ # Use this to ignore certain services in the secure log.
+ # You can ignore as many services as you would like.
+ # (we ignore sshd because its entries are processed by the sshd script)
+-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
++$ignore_services = sshd sshd-session Pluto stunnel proftpd saslauthd imapd postfix/smtpd
+ 
+ # For these services, summarize only (i.e. don't least each IP, just
+ # list the number of connections total)
+diff -Naur logwatch-7.11.orig/conf/services/sshd.conf logwatch-7.11/conf/services/sshd.conf
+--- logwatch-7.11.orig/conf/services/sshd.conf	2020-09-20 23:38:32.000000000 +0200
++++ logwatch-7.11/conf/services/sshd.conf	2024-08-27 14:49:08.077782387 +0200
+@@ -19,7 +19,7 @@
+ LogFile = messages
+ 
+ # Only give lines pertaining to the sshd service...
+-*OnlyService = sshd
++*OnlyService = (sshd|sshd-session)
+ *RemoveHeaders
+ 
+ # Variable $sshd_ignore_host is used to filter out hosts that login
+diff -Naur logwatch-7.11.orig/scripts/services/sshd logwatch-7.11/scripts/services/sshd
+--- logwatch-7.11.orig/scripts/services/sshd	2022-12-29 01:34:28.000000000 +0100
++++ logwatch-7.11/scripts/services/sshd	2024-08-27 14:49:21.908202288 +0200
+@@ -246,9 +246,9 @@
+       $NoIdent{$name}++;
+    } elsif (
+       ($ThisLine =~ m/^(?:error:.*|fatal:) Connection closed by remote host/ ) or
+-      ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or
++      ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+)(| port \d+): Connection reset by peer/ ) or
+       ($ThisLine =~ m/^error: .*: read: Connection reset by peer/ ) or
+-      ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or
++      ($ThisLine =~ m/^Read error from remote host [^ ]+(| port \d+): (Connection timed out|No route to host)/ ) or
+       ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or
+       ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or
+       ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or

src/patches/logwatch/logwatch-7.11-date_manip6.patch

@@ -1,9 +1,9 @@
---- Logwatch.pm.orig    2012-06-20 09:58:12.786294471 +0200
-+++ Logwatch.pm 2012-06-20 09:41:59.443055298 +0200
+--- Logwatch.pm.orig	2022-02-07 01:59:10.000000000 +0100
++++ Logwatch.pm	2024-08-27 15:16:30.023491645 +0200
 @@ -4,6 +4,10 @@
-
+ 
  package Logwatch;
-
+ 
 +# Define interace version 5 for Date::Manip
 +BEGIN {
 +       $Date::Manip::Backend = 'DM5';

src/patches/logwatch/logwatch-7.11-disable_iptables.patch

@@ -0,0 +1,14 @@
+--- logwatch-7.11/conf/logwatch.conf.orig	2024-01-22 20:31:51.000000000 +0100
++++ logwatch-7.11/conf/logwatch.conf	2024-08-27 15:17:43.685786586 +0200
+@@ -126,6 +126,11 @@
+                             # prints useful system configuration info.
+ Service = "-eximstats"      # Prevents execution of eximstats service, which
+                             # is a wrapper for the eximstats program.
++
++# Disabled: 'iptables'
++Service = "-iptables"
++
++
+ # Because the above sets "All" as the default, and disables certain
+ # services, you can also set the Service variable to an empty string
+ # in your local logwatch.conf (by default, under /etc/logwatch/conf).

src/patches/logwatch/logwatch-7.11-enable-mdadm-sudo.patch

@@ -1,6 +1,6 @@
-diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
---- a/conf/services/mdadm.conf	Sat Jan 22 01:00:00 2022
-+++ b/conf/services/mdadm.conf	Sun Apr 10 10:48:21 2022
+diff -Naur logwatch-7.11.orig/conf/services/mdadm.conf logwatch-7.11/conf/services/mdadm.conf
+--- logwatch-7.11.orig/conf/services/mdadm.conf	2018-12-17 02:47:45.000000000 +0100
++++ logwatch-7.11/conf/services/mdadm.conf	2024-08-27 15:18:31.430605943 +0200
 @@ -13,7 +13,7 @@
  # Logwatch will try to find md devices in /etc/mdadm.conf or 
  # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively
@@ -10,14 +10,14 @@ diff -U 3 a/conf/services/mdadm.conf b/conf/services/mdadm.conf
  
  # Logwatch will emit an error for md devices listed in /etc/mdadm.conf
  # that are not present.  If you do not want this (e.g. raid devices may come
-diff -U 3 a/scripts/services/mdadm b/scripts/services/mdadm
---- a/scripts/services/mdadm	Sat Jan 22 01:00:00 2022
-+++ b/scripts/services/mdadm	Sun Apr 10 10:38:19 2022
+diff -Naur logwatch-7.11.orig/scripts/services/mdadm logwatch-7.11/scripts/services/mdadm
+--- logwatch-7.11.orig/scripts/services/mdadm	2023-05-21 02:25:35.000000000 +0200
++++ logwatch-7.11/scripts/services/mdadm	2024-08-27 15:21:08.495487732 +0200
 @@ -36,7 +36,7 @@
  if (
      open($mdadm, "<", "/etc/mdadm.conf") or
      open($mdadm, "<", "/etc/mdadm/mdadm.conf") or
--    open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) {
+-    open($mdadm, "-|", "mdadm --detail --scan")) {
 +    open($mdadm, "<", "sudo mdadm --detail --scan 2>/dev/null|")) {
     while (<$mdadm>) {
         if (/^ARRAY/) {

src/patches/logwatch/logwatch-7.6-disable_iptables.patch

@@ -1,14 +0,0 @@
-diff -U 3 a/conf/logwatch.conf b/conf/logwatch.conf
---- a/conf/logwatch.conf	Sat Jan 22 01:00:00 2022
-+++ b/conf/logwatch.conf	Sun Apr 10 10:33:20 2022
-@@ -96,6 +96,10 @@
-                             # prints useful system configuration info.
- Service = "-eximstats"      # Prevents execution of eximstats service, which
-                             # is a wrapper for the eximstats program.
-+
-+# Disabled: 'iptables'
-+Service = "-iptables"
-+
- # If you only cared about FTP messages, you could use these 2 lines
- # instead of the above:
- #Service = ftpd-messages   # Processes ftpd messages in /var/log/messages