From 993636e72405254f55d4ba4e04dc6adde2864e46 Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Wed, 28 Dec 2022 19:01:22 +0100
Subject: [PATCH] Default logcheck settings are good

---
 system/base/logs/files/logcheck.conf  | 96 ---------------------------
 system/base/logs/tasks/main.yml       |  6 --
 system/base/mail/templates/aliases.j2 |  1 +
 3 files changed, 1 insertion(+), 102 deletions(-)
 delete mode 100644 system/base/logs/files/logcheck.conf

diff --git a/system/base/logs/files/logcheck.conf b/system/base/logs/files/logcheck.conf
deleted file mode 100644
index c9dddeb..0000000
--- a/system/base/logs/files/logcheck.conf
+++ /dev/null
@@ -1,96 +0,0 @@
-# The following variable settings are the initial default values,
-# which can be uncommented and modified to alter logcheck's behaviour
-
-# Controls the format of date-/time-stamps in subject lines:
-# Alternatively, set the format to suit your locale
-
-#DATE="$(date +'%Y-%m-%d %H:%M')"
-
-# Controls the presence of boilerplate at the top of each message:
-# Alternatively, set to "0" to disable the introduction.
-#
-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
-# are present their contents will be read and used as the header and
-# footer of any generated mails.
-
-#INTRO=1
-
-# Controls the level of filtering:
-# Can be Set to "workstation", "server" or "paranoid" for different
-# levels of filtering. Defaults to server if not set.
-
-REPORTLEVEL="server"
-
-# Controls the address mail goes to:
-# *NOTE* the script does not set a default value for this variable!
-# Should be set to an offsite "emailaddress@some.domain.tld"
-
-SENDMAILTO="root"
-
-# Send the results as attachment or not.
-# 0=not as attachment; 1=as attachment; 2=as gzip attachment
-# Default is 0
-
-MAILASATTACH=0
-
-# Should the hostname in the subject of generated mails be fully qualified?
-
-FQDN=1
-
-# Controls whether "sort -u" is used on log entries (which will
-# eliminate duplicates but destroy the original ordering); the
-# default is to use "sort -k 1,3 -s":
-# Alternatively, set to "1" to enable unique sorting
-
-#SORTUNIQ=0
-
-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
-# exceptions to the rules in /etc/logcheck/cracking.d:
-# Alternatively, set to "1" to enable cracking.ignore support
-
-#SUPPORT_CRACKING_IGNORE=0
-
-# Controls the base directory for rules file location
-# This must be an absolute path
-
-#RULEDIR="/etc/logcheck"
-
-# Controls if syslog-summary is run over each section.
-# Alternatively, set to "1" to enable extra summary.
-# HINT: syslog-summary needs to be installed.
-
-#SYSLOGSUMMARY=0
-
-# Controls Subject: lines on logcheck reports:
-
-#ATTACKSUBJECT="Security Alerts"
-#SECURITYSUBJECT="Security Events"
-#EVENTSSUBJECT="System Events"
-
-# Controls [logcheck] prefix on Subject: lines
-
-#ADDTAG="no"
-
-# Previous versions of logcheck always sent messages in 7bit encoding,
-# even if that resulted in RFC-violating messages. For example, really
-# long syslog lines would generate too-long SMTP lines, which are
-# rejected at least by Debian's default exim configuration. The new
-# default is to let mime-construct pick an appropriate encoding, but you
-# can override it by setting the below (to any of the encodings
-# supported by mime-construct). You may need to do this if you have
-# tools handling logcheck emails that don't understand MIME encoding.
-
-#MIMEENCODING=
-
-# Set a different location for temporary files than /tmp
-# this is useful if your /tmp is small and you are getting
-# errors such as:
-# cp: writing `/tmp/logcheck.y12449/checked': No space left on device
-# /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device
-# mail: /tmp/mail.RsXXXXpc2eAx: No space left on device
-# Null message body; hope that's ok
-#
-# If this is happening, likely you will want to change the following to be some other
-# location, such as /var/tmp
-
-TMP="/tmp"
diff --git a/system/base/logs/tasks/main.yml b/system/base/logs/tasks/main.yml
index 35dc3c1..3a1e425 100644
--- a/system/base/logs/tasks/main.yml
+++ b/system/base/logs/tasks/main.yml
@@ -5,12 +5,6 @@
       - "logcheck"
       - "logrotate"
 
-- name: "configure logcheck"
-  ansible.builtin.copy:
-    src: "./logcheck.conf"
-    dest: "/etc/logcheck/logcheck.conf"
-    mode: 0640
-
 - block:
 
     - name: "identify logcheck ignore files"
diff --git a/system/base/mail/templates/aliases.j2 b/system/base/mail/templates/aliases.j2
index 7871817..3db1b3a 100644
--- a/system/base/mail/templates/aliases.j2
+++ b/system/base/mail/templates/aliases.j2
@@ -11,4 +11,5 @@ ftp: root
 abuse: root
 noc: root
 security: root
+logcheck: root
 root: root@{{ system_mail_domain }}