webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0472dcf2a4c014a016ff7527859cd80da40c635
bpfire/lfs/logwatch
Peter Müller a260900c8d Do not permit world-readability of /etc/sudoers.d/ 
Lynis (rightly) complains about this directory and its contents being
world-readable on current IPFire installations. Since there is no
necessity for this, we might as well chmod them to 750 / 640.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
2022-05-02 05:36:32 +00:00

115 lines
5.0 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 7.6
THISAPP = logwatch-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/logwatch-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = fd7f2a7c65151dbfbd924102b01ead00f92d74a59a417361b65be972368f7ed93810feefedf1ad9bba2de5ebbc74589c3fc0a8a484f19b5a9782c9799ffdf656
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -e "s/^TEMPDIR=.*/TEMPDIR=\"\/tmp\"/g" -i install_logwatch.sh
cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-disable_iptables.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.6-enable-mdadm-sudo.patch
@cd $(DIR_APP) && chmod 755 install_logwatch.sh
cd $(DIR_APP) && yes "" | ./install_logwatch.sh
#sed -i 's/^Print = .*$$/Print = Yes/' /etc/log.d/conf/logwatch.conf
# comment out line with unused example
#sed -i '/-zz-network/s/Service/#Service/' /etc/log.d/conf/logwatch.conf
# Strip out some filters for services we don't run - no point wasting log keeping them
# cron filter don't support fcron
# final selection for remaining files is in rootfile
#UNNEEDED="afpd amavis arpwatch audit automount autorpm cisco \
# courier emerge exim extreme-networks ftpd-messages ftpd-xferlog \
# identd in.qpopper ipop3d mountd named netopia netscreen \
# oidentd pam_pwdb portsentry pound pureftp \
# pureftpd qmail rt314 sendmail-largeboxes shaperd smartd \
# sonicwall stunnel tac_acc up2date vpopmail vsftpd windows xferlog yum zz-fortune" && \
# for i in $$UNNEEDED ; do \
# rm -f /etc/log.d/{conf,scripts}/services/$$i{,.conf} /etc/log.d/conf/logfiles/$$i.conf; \
# done
cp -f $(DIR_SRC)/config/logwatch/dialup /usr/share/logwatch/scripts/services/dialup
cp -f $(DIR_SRC)/config/logwatch/dialup.conf /usr/share/logwatch/dist.conf/services/dialup.conf
-mkdir -p /var/cache/logwatch
chmod -v 777 /var/cache/logwatch
-mkdir -p /var/log/logwatch
chmod -v 755 /var/log/logwatch
-rm -rf /etc/logwatch/conf
ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf
-mkdir -p /etc/sudoers.d
chmod -v 750 /etc/sudoers.d
install -v -m 640 $(DIR_SRC)/config/logwatch/sudoers/logwatch-mdadm \
/etc/sudoers.d/logwatch-mdadm
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink