Summary:	Logcheck system log analyzer
Name:		logcheck
Version:	1.1.2
Release:	2
Vendor:		Craig Rowland <crowland@psionic.com>
Packager:	Justin Davies <justin@palmcoder.net>
License:	GPL
Group:		Applications/System
Source0:	http://www.psionic.com/tools/%{name}-%{version}.tar.gz
URL:		http://www.psionic.com/abacus/
Requires:	cron
Requires:	/usr/sbin/sendmail
BuildRoot:	/tmp/%{name}-buildroot

%description
Logcheck is software package that is designed to automatically run and
check system log files for security violations and unusual activity.
Logcheck utilizes a program called logtail that remembers the last
position it read from in a log file and uses this position on
subsequent runs to process new information.


%prep
%setup -q

%build
make

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/etc/logcheck
mkdir -p $RPM_BUILD_ROOT/etc/cron.hourly
mkdir -p $RPM_BUILD_ROOT/var/spool/logcheck

install ./systems/linux/logcheck.hacking $RPM_BUILD_ROOT/etc/logcheck
install ./systems/linux/logcheck.violations $RPM_BUILD_ROOT/etc/logcheck
install ./systems/linux/logcheck.violations.ignore $RPM_BUILD_ROOT/etc/logcheck
install ./systems/linux/logcheck.ignore $RPM_BUILD_ROOT/etc/logcheck 
install ./systems/linux/logcheck.sh  $RPM_BUILD_ROOT/usr/sbin 
install ./src/logtail  $RPM_BUILD_ROOT/usr/sbin 

cat <<EOF > $RPM_BUILD_ROOT/etc/cron.hourly/logcheck
#!/bin/sh
exec /usr/sbin/logcheck.sh
EOF

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(644,root,root,755)
%doc CHANGES CREDITS README* systems/linux/README*
%attr(700,root,root) %dir /etc/logcheck 
%attr(700,root,root) %dir /var/spool/logcheck
%attr(600,root,root) %config /etc/logcheck/*
%attr(700,root,root) %config /etc/cron.hourly/logcheck
%attr(755,root,root) /usr/sbin/logcheck.sh
%attr(755,root,root) /usr/sbin/logtail