control:
	AddInstallable = ( install_logcheck )

	logcheck = ( /etc/logcheck )

	# $type indicates machine type (workstation or server). Used for logcheck paths
	Standalone|LtspServer:: type = ( workstation )
	!(Standalone|LtspServer):: type = ( server )

groups:
	install_logcheck = ( '/usr/bin/test ! -e /usr/sbin/logcheck' )

	#Define classes according to the installed MTA
	runs_postfix = ( '/usr/bin/test -e /usr/sbin/postfix' )

editfiles:
	# AIDE section
	{ /etc/aide/aide.conf
		#
		# Devices = p+i+n+u+g+s+b+md5+sha1
		#
		# Ignore ctime - some devices change ctime when used (ttySx with hylafax)
		#
		BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*"
			Append "Devices = p+i+n+u+g+s+b+md5+sha1 # Added by cfengine"
		EndGroup
		LocateLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*"
		BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=[[:blank:]][\+pinugsbmd5sha1]*([[:blank:]]+(#.*)?)?"
			ReplaceLineWith "Devices = p+i+n+u+g+s+b+md5+sha1 # Edited by cfengine"
		EndGroup
		#
		# #/var/log...
		#
		# Ignore logfiles - Aide can't handle rotation
		#
		HashCommentLinesMatching "^/var/log.*"
		#
		# !/dev/xconsole
		# !/dev/core
		# !/dev/ttyS*
		#
		LocateLineMatching "^[[:blank:]]*\!/dev/.*"
		CatchAbort
		BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/.*"
			GotoLastLine
		EndGroup
		DeleteLinesMatching "^\!/dev/xconlsole # Added by cfengine"
		BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/xconsole([[:blank:]]+(#.*)?)?"
			InsertLine "!/dev/xconsole # Added by cfengine"
		EndGroup
		BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/core([[:blank:]]+(#.*)?)?"
			InsertLine "!/dev/core # Added by cfengine"
		EndGroup
		BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/ttyS\*([[:blank:]]+(#.*)?)?"
			InsertLine "!/dev/ttyS* # Added by cfengine"
		EndGroup
	}
	## logcheck section
	{ /etc/integrit/integrit.conf
		#
		# Uncomment suggested defaults
		#
		SetCommentStart "# "
		SetCommentEnd ""
		UnCommentLinesMatching "^# root=/"
		UnCommentLinesMatching "^# known=/var/lib/integrit/.*"
		UnCommentLinesMatching "^# current=/var/lib/integrit/.*"
		UnCommentLinesMatching "^# !/cdrom"
		UnCommentLinesMatching "^# !/dev"
		UnCommentLinesMatching "^# !/etc"
		UnCommentLinesMatching "^# !/floppy"
		UnCommentLinesMatching "^# !/home"
		UnCommentLinesMatching "^# !/lost\+found"
		UnCommentLinesMatching "^# !/mnt"
		UnCommentLinesMatching "^# !/proc"
		UnCommentLinesMatching "^# !/root"
		UnCommentLinesMatching "^# !/tmp"
		UnCommentLinesMatching "^# !/var"
		UnCommentLinesMatching "^# =/usr/include"
		UnCommentLinesMatching "^# =/usr/X11R6/include"
		UnCommentLinesMatching "^# =/usr/doc"
		UnCommentLinesMatching "^# =/usr/info"
		UnCommentLinesMatching "^# =/usr/share"
		UnCommentLinesMatching "^# =/usr/X11R6/man"
		UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts"
		UnCommentLinesMatching "^# !/usr/local"
		UnCommentLinesMatching "^# !/usr/src"
		AppendIfNoSuchLine "!/initrd"
		AppendIfNoSuchLine "!/.journal"
		AppendIfNoSuchLine "!/usr/local"
		AppendIfNoSuchLine "!/usr/src"
		AppendIfNoSuchLine "!/dev/cpu/mtrr"
	}
	{ /etc/cron.daily/integrit
		#
		# Uncomment defaults
		#
		SetCommentStart "    # ! "
		SetCommentEnd ""
		UnCommentLinesMatching "    # ! if .*"
		UnCommentLinesMatching "    # ! fi"
	}

	## logcheck section
# FIXME: Put all files into $(LocalCommon)/logcheck/ignore.d.$(type)/local to support post-woody logcheck
copy:
	#The linktype is necessary for links to be replaced with files.
	any::
		$(LocalCommon)/logcheck/ignore.d.$(type)/local dest=$(logcheck)/ignore.d.$(type)/local linktype=copy
		$(LocalCommon)/logcheck/violations.ignore.d/local dest=$(logcheck)/violations.ignore.d/local linktype=copy
#	NameServer::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/bind dest=$(logcheck)/ignore.d/local-bind linktype=copy
#		$(LocalCommon)/logcheck/violations.ignore.d/bind dest=$(logcheck)/violations.ignore.d/local-bind linktype=copy
#
#	FileServer::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/samba dest=$(logcheck)/ignore.d/local-samba linktype=copy
#		$(LocalCommon)/logcheck/ignore.d.$(type)/netatalk dest=$(logcheck)/ignore.d/local-netatalk linktype=copy
#		$(LocalCommon)/logcheck/violations.ignore.d/samba dest=$(logcheck)/violations.ignore.d/local-samba linktype=copy
#
#	DHCPServer::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/dhcp dest=$(logcheck)/ignore.d/local-dhcp linktype=copy
#		$(LocalCommon)/logcheck/ignore.d.$(type)/dhcp3-common dest=$(logcheck)/ignore.d/local-dhcp3-common linktype=copy
#
#	WWWServer::
#
#	FTPServer::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/proftpd dest=$(logcheck)/ignore.d/local-proftpd linktype=copy
#		$(LocalCommon)/logcheck/violations.ignore.d/proftpd dest=$(logcheck)/violations.ignore.d/local-proftpd linktype=copy
#
#	IMAPServer::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/uw-imap dest=$(logcheck)/ignore.d/local-uw-imap linktype=copy
#
#	SpamAssServer::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/spamassassin dest=$(logcheck)/ignore.d/local-spamassassin linktype=copy
#
#	runs_postfix::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/postfix dest=$(logcheck)/ignore.d/local-postfix linktype=copy
#		$(LocalCommon)/logcheck/violations.ignore.d/postfix dest=$(logcheck)/violations.ignore.d/local-postfix linktype=copy
#
#	any::
#		$(LocalCommon)/logcheck/ignore.d.$(type)/ssh dest=$(logcheck)/ignore.d/local-ssh linktype=copy
#		$(LocalCommon)/logcheck/violations.ignore.d/ssh dest=$(logcheck)/violations.ignore.d/local-ssh linktype=copy
#
##links:
##	any::
##		# Set logcheck machine type (workstation or server)
##		$(logcheck)/ignore.d ->! $(logcheck)/ignore.d.$(type)
##		$(logcheck)/logcheck.ignore ->! $(logcheck)/logcheck.ignore.$(type)
		
shellcommands:
	install_logcheck::
		# Install logcheck if not installed already
		"/usr/bin/yes no | /usr/bin/apt-get -q=2 install logcheck"