From 4f5c602d5f8b1154e6f5d75c0f4c5afbc492830c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 3 Nov 2009 10:12:38 -0800 Subject: [PATCH] Fix .spec error and document logrotate files --- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 36 ++++++---------------------- Shorewall6-lite/shorewall6-lite.spec | 2 +- 3 files changed, 10 insertions(+), 30 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 110ebe363..b036c5883 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in Shorewall 4.4.4 2) Fix access to uninitialized variable. +3) Add logrotate scripts. + Changes in Shorewall 4.4.3 1) Move Debian INITLOG initialization to /etc/default/shorewall diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index d528bc546..5f2680239 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -187,6 +187,9 @@ Shorewall 4.4.4 /usr/share/shorewall/Shorewall/Chains.pm line 649. Creating iptables-restore input... +2) The Shorewall operations log (specified by STARTUP_LOG) is now + secured 0600. + ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ---------------------------------------------------------------------------- @@ -194,37 +197,12 @@ Shorewall 4.4.4 None. ---------------------------------------------------------------------------- - N E W F E A T U R E S I N 4 . 4 . 3 + N E W F E A T U R E S I N 4 . 4 . 4 ---------------------------------------------------------------------------- -1) On Debian systems, a default installation will now set - INITLOG=/dev/null in /etc/default/shorewall. In all configurations, - the default values for the log variables are changed to: - - STARTUP_LOG=/var/log/shorewall-init.log - LOG_VERBOSITY=2 - - The effect is much the same as the old defaults, with the exception - that: - - a) Start, stop, etc. commands issued through /sbin/shorewall - will be logged. - b) Logging will occur at maximum verbosity. - c) Log entries will be date/time stamped. - - On non-Debian systems, new installs will now log all Shorewall - commands to /var/log/shorewall-init.log. - -2) A new TRACK_PROVIDERS option has been added in shorewall.conf. - The value of this option becomes the default for the 'track' - provider option in /etc/shorewall/providers. - -3) A new 'limit' option has been added to - /etc/shorewall/tcclasses. This option specifies the number of - packets that are allowed to be queued within the class. Packets - exceeding this limit are dropped. The default value is 127 which is - the value that earlier versions of Shorewall used. The option is - ignored with a warning if the 'pfifo' option has been specified. +1) The Shorewall packages now include a logrotate script. Note that + while the RPMs do not depend on the logrotate package, RPM installation + will produce an error message if that package is not installed. ---------------------------------------------------------------------------- N E W F E A T U R E S I N 4 . 4 . 0 diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec index f12ca26cf..4d64ab1cf 100644 --- a/Shorewall6-lite/shorewall6-lite.spec +++ b/Shorewall6-lite/shorewall6-lite.spec @@ -70,7 +70,7 @@ fi %attr(0755,root,root) %dir /usr/share/shorewall6-lite %attr(0700,root,root) %dir /var/lib/shorewall6-lite -%attr(0755,root,root) /sbin/shorewall6-lite +%attr(0644,root,root) /etc/logrotate.d/shorewall6-lite %attr(0755,root,root) /sbin/shorewall6-lite