#981446 ITA: logcheck -- mails anomalies in the system logfiles to the administrator

Package:
wnpp
Source:
wnpp
Submitter:
Hannes von Haugwitz
Date:
2022-07-14 21:09:05 UTC
Severity:
normal
#981446#5
Date:
2021-01-31 12:29:46 UTC
From:
To:
I would like to put the logcheck package up for adoption. I haven't been
using the package for years. If no one speaks up, I eventually will move
on with orphaning the package.

Feel free to contact me with any questions.

The package description is:
 Logcheck helps spot problems and security violations in your logfiles
 automatically and will send the results to you in e-mail.
 .
 Logcheck was part of the Abacus Project of security tools, but this
 version has been rewritten.

Best regards

Hannes

#981446#10
Date:
2021-08-30 18:58:21 UTC
From:
To:
Hi,

I am a user of logckeck as I use on all my machines that I sysadmin
and I maintain some packages on Debian like for example at and amanda.

As now I would like to offer my help to package and fix logcheck as a
learning experience for a possibility in the future to be the
maintainer of logcheck.

Kind regards
Jose M Calhariz

#981446#15
Date:
2021-09-02 19:55:36 UTC
From:
To:
Hi Jose,

This is great news!

The logcheck VCS repo is in the `debian` group on salsa.debina.org[0];
so (as DD) you can just start to work on the package.

Please let me know if you have any questions or want some review.

Best regards

Hannes

[0] https://salsa.debian.org/debian/logcheck/

#981446#20
Date:
2021-09-03 12:46:23 UTC
From:
To:
Hi,

For now my question is:  Who is the upstream that you are using?


Kind regards
Jose M Calhariz

#981446#25
Date:
2021-09-05 20:34:23 UTC
From:
To:
There is no upstream, since logcheck is a native Debian package (see
debian/copyright for details[0]).

Best regards

Hannes

[0] https://salsa.debian.org/debian/logcheck/-/blob/master/debian/copyright

#981446#30
Date:
2021-09-23 11:10:16 UTC
From:
To:
Hi - longtime logcheck user here (since 2004 at least).

Very keen to keep logcheck in the distribution and looking to get involved
in Debian (spare time only).


happy to submit patches etc but how should that be done - to the bts or via
salsa? will anyone review and merge things?

Is there an email list to enable collaboration and discussion?


It seems to me that logcheck needs some or all of:

1. refreshed documentation (for example i can see from the source that the
systemd journalctl is being consulted as well as syslog but exactly what
"logs" now include needs documenting. There also seems to have been some
drift between documentation, rules, and the main script.

2. review and potential incorporation of patches and other things in the bts

3. very simple "macros" /tags to make rules easier to write (but this needs
to be kept very simple)

4. systend timer as well as cron job

5. (potentially controversial) a simplification of concepts -- i dont find
either of the server/workstation/paranoid or the violations/cracking
concepts really that helpful and feel it could all be simplified.
My view is that would be better to have a simpler setup where rules files
are either enabled or not and the user would pick and choose what they
want. This could take account of which packages are installed so if you
dont have apache you dont apply the apache "rules" at all, which might also
make things faster.


6. Underlying all this is a need for a clearer statement of what logcheck
is for: is it security tool or merely something that filters logs? - in my
view, the latter is more important and the benefits to security are more
incidental.

All the above needs to learn from and incorporate what is already there -
it's not a huge rewrite at all but evolution.


R

#981446#35
Date:
2021-09-24 09:12:07 UTC
From:
To:
I would like to adopt the logcheck package

I have Debian packaging experience, ref
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983146

I am
* A long time user of logcheck
* Author of
https://redmine.auroville.org.in/projects/public-pages/wiki/Logcheck
* Maintainer of https://gitlab.com/aurinoco-systems/logcheck-filter-files

#981446#40
Date:
2021-10-10 16:39:25 UTC
From:
To:
Hi,

@Jose Do you still plan to adopt logcheck? You might want to collaborate
with Richard and Charles to maintain the package all together.

You can use the #logcheck channel on the OFTC IRC network to collaborate
and discuss logcheck with some users and previous maintainers.

Best regards

Hannes

#981446#45
Date:
2021-10-11 01:37:36 UTC
From:
To:
Hi

I am happy to collaborate with Jose and Richard as logcheck maintainers
and to discuss logcheck in the #logcheck channel on the OFTC IRC network

#981446#50
Date:
2021-12-02 21:05:06 UTC
From:
To:
@Jose Can you please report back if you still want to maintain logcheck?

Best regards

Hannes

#981446#55
Date:
2021-12-06 14:13:30 UTC
From:
To:
Sorry for no reply until now.  I was busy with issues on work and
personal life.  I am happy to adopt logcheck.  I am not a user of irc,
there was any discussion on IRC that I should know?

I invite every one that want to discuss about logcheck to send an
email.


Kind regards
Jose M Calhariz

#981446#60
Date:
2021-12-07 07:57:47 UTC
From:
To:
Hi,

No, there were no discussions on #logcheck yet.

Please let me know if you have any questions. Just contact me via mail
or preferably via IRC on #logcheck.

Best regards

Hannes

#981446#65
Date:
2021-12-08 14:48:30 UTC
From:
To:
This RFA is progressing slowly.  Do I rightly understand that it is
Hannes' who is to choose the new maintainers?  It must be difficult to
choose, knowing little about us volunteers.  Can we progress by having
each of the volunteers work on one of the current bugs?  That would
usefully fix some bugs, give us volunteers experience of the work and
inform Hannes about our capabilities.

#981446#70
Date:
2021-12-08 19:50:40 UTC
From:
To:
great idea - is there anyone who will merge (good, sensible) contributions?

it seems there are many people interested in this RFA over the years but
no-one who has the ability (ie a DD) to do the final merge/upload.


regatdless, let's not have a competition but get many people involved (im
sure your intent too, but thought i'd say it explicitly).

(it also occurs to me to ask whether whoever takes over might want to add
logcheck to the pkg-security team - who i cant speak for but who are highly
welcoming of new people in my recent experience. )

#981446#75
Date:
2021-12-29 22:40:03 UTC
From:
To:
In case it helps, i have pushed some commits here

https://salsa.debian.org/rpil2/logcheck

eg people might want to reuse the autopkgtest or changes to postinst/postrm
which make it "piuparts clean". Or not.

this is not a request to maintain logcheck or to merge anything into debian
- merely an exercise in understanding the existing code (which needs
further simplifications in my view).

if debian goes in another direction i will probably rebase and amend
commits to follow



On Wed, 8 Dec 2021, 19:50 Richard Lewis, < richard.lewis.debian@googlemail.com> wrote:

#981446#80
Date:
2022-01-31 21:50:58 UTC
From:
To:
Hi,

I have found some time to work on logcheck, sorry for my delay.  My
plan is to do a quick upload to update Uploaders field before doing
more work on the package.  I do not pretend to exclude anyone or their
work.  So who want to help me and want to be in Uploaders field?

Does the email address logcheck@packages.debian.org still work?

Kind regards
Jose M Calhariz

#981446#85
Date:
2022-02-01 01:47:31 UTC
From:
To:
Dear Jose

 > So who want to help me ... ?

I want to help you.

 > Does the email address logcheck@packages.debian.org still work?

 From https://www.debian.org/contact "If you simply want to communicate
with the maintainer of a Debian package, then you can use the special
mail aliases set up for each package. Any mail sent to <package
name>@packages.debian.org will be forwarded to the maintainer
responsible for that package".

Best

Charles

#981446#92
Date:
2022-07-14 21:05:13 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 981446@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jose M Calhariz <calhariz@debian.org> (supplier of updated logcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Thu, 14 Jul 2022 21:09:03 +0100
Source: logcheck
Architecture: source
Version: 1.3.24
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck@packages.debian.org>
Changed-By: Jose M Calhariz <calhariz@debian.org>
Closes: 981446
Changes:
 logcheck (1.3.24) unstable; urgency=medium
 .
   * Bump Standards-Version to 4.6.0 no changes needed.
   * Thank you everyone and particular to Hannes von Haugwitz for
     maintaining this software (Closes: #981446).
Checksums-Sha1:
 88c95453bb38639b6c6e54bf5144c8aeee37705b 1753 logcheck_1.3.24.dsc
 9afc6db9f20c792c2188841655c439c6785450c8 133200 logcheck_1.3.24.tar.xz
 97221d793bdbc272a2dfe95be369381a69667aab 5603 logcheck_1.3.24_source.buildinfo
Checksums-Sha256:
 11fba53262b4547c5aa1f22955b5d69a1d099602488eb6cc8063eb0ebba9b008 1753 logcheck_1.3.24.dsc
 5e304adf2880967c3b155bcf98e4f0809417a16bf91adb372fa065f38ab2c0cf 133200 logcheck_1.3.24.tar.xz
 66ae9d3c52be56cfd9af14342799d79c76e84d6b555bc6c6f72d4d4fcc58c9e6 5603 logcheck_1.3.24_source.buildinfo
Files:
 68415895c048fc47e68d2fedeaddef54 1753 admin optional logcheck_1.3.24.dsc
 af8c8a38e686d3aadf15a421e1da291f 133200 admin optional logcheck_1.3.24.tar.xz
 60bdf465bf0f550e26d6a40341f0b8ba 5603 admin optional logcheck_1.3.24_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERkvHzUOf7l6LQJigNIp3jWiF748FAmLQeyYACgkQNIp3jWiF
74/XQBAAiTH8bot9htnsihpNd6yGqohGRGGPKiwpGAuzAerGMrnM5XjmadtJY5L+
TvQvlW6Q+h+FNwL+6XXu2oGAY2xvQDrEwDy75TRXMmOI7K41w5H/31d8FcaCPAFe
DHcqBWa0Tyk6KYWgvFhJ+jQxIsGvgvbQ0IjvaxD6wnzu6YZFSc60+7yQtHWTIjyY
VAMfwPXxulQ/uBKThz/lTaOw3ArO5BOYN/0rvJELdm9zKirfoHoeE7pXMZipDsA6
l4+7X5uLhMuAR6syPwlgn6X/gmoJURoVUS20rT1MWgoKKJymYyomaTL+feYF3aha
jDUJKDiIXZLht+uQT91ByHOvNVyNHvRHCfDaxFlDaDcnHl2qyi16Go6luPb56IYx
3bV/UF3eDpAKHkkaHqEAYxUbvziiixDkvBFtYyot6ViNIshMzAX6/uD1387WDSct
aYCmmqRQL9Btr5OC5gDR4kAgUce/lxU4OO2xYmbu3udBVjlQi70pIN31b5qRMWGl
/him08RlTqKzlLP5c5ciVKaZDV/CkpkvryZSTghuMEGLjcBHMvSLDAIL8kR6qLB0
1pTBaOR4CYTI/6mwZ+mFVL7c5+YfLmQRAdkltuVTQrZipB1Ms6qnYhtIJDZBt/FN
ueEK9jjle1LAtMIun1eaLkHG9LZsWy8MhVMKnf0fPuMXvIi7Mqs=
=ZSIF
-----END PGP SIGNATURE-----