Your message dated Tue, 03 Jun 2008 22:47:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#445072: fixed in logcheck 1.2.64 has caused the Debian Bug report #445072, regarding /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ... to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 445072: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445072 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part. Here's an updated version of the "Failed X for Y" rule with the "illegal/invalid user" part made optional: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (i(llegal|nvalid) user )?[^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$ -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.2.64 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.64_all.deb to pool/main/l/logcheck/logcheck-database_1.2.64_all.deb logcheck_1.2.64.dsc to pool/main/l/logcheck/logcheck_1.2.64.dsc logcheck_1.2.64.tar.gz to pool/main/l/logcheck/logcheck_1.2.64.tar.gz logcheck_1.2.64_all.deb to pool/main/l/logcheck/logcheck_1.2.64_all.deb logtail_1.2.64_all.deb to pool/main/l/logcheck/logtail_1.2.64_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. maximilian attems <[EMAIL PROTECTED]> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 04 Jun 2008 00:34:38 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.2.64 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <[EMAIL PROTECTED]> Changed-By: maximilian attems <[EMAIL PROTECTED]> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read (deprecated) Closes: 443881 444096 444097 444100 445046 445069 445072 445073 445074 445537 448510 459875 464896 470102 471936 472368 473619 474606 477932 478334 479278 Changes: logcheck (1.2.64) unstable; urgency=low . [ martin f. krafft ] * Fix spelling error in configuration file; thanks to Frans "I am bored" Pop (closes: #445537). . * Remove version from cron dependency to allow e.g. bcron-run to satisfy the requirement. * Clean up accidental duplication in Makefile; hardcoded /usr/sbin is now $(BINDIR) (Ed Santiago) . * ignore.d.server/postfix: - ignore Postfix bad address syntax errors from postfix/error (closes: #464896) (Russ Allbery) - ignore additional "(0 bytes)" on lost connnections (closes: #470102) (Russ Allbery) . * ignore.d.server/spamd - deal with socket connections by e.g. evolution (closes: #448510, #473619). . * ignore.d.workstation/kernel - also ignore loading of R300 microcode (closes: #474606). . * ignore.d.server/spamd - fix spamd processing message pattern when msgid is unknown; thanks to Michal Čihař for the patch (closes: #471936). . * ignore.d.server/bind - Fix up rules to match when views are in use; thanks Shawn Heisey (closes: #477932). . * ignore.d.server/dkim-filter - ignore warnings about bad signature data; thanks to Clint Adams (closes: #478334). . * Set permissions on /var/lib/logcheck to 0770 to prevent disclosure of information (see #481347). . * If nail is not installed and MAILASATTACH is set, fall back to regular method (closes: #479278). . [ maximilian attems ] * Clean up linux/violations.d/logcheck, all the "Attack" rules look pretty much dubious. Nobody should serisouly run rshd or rlogind. * control: s/XS-Vcs/Vcs/ git lines are official. * Add myself to Uploaders. * debian/rules, debian/logcheck-database.linda-overrides: Nuke old dup overrides, lintian rules. . [ Frédéric Brière ] * ignore.d.server/bind: - moved "[bind] query $FOO denied" rule to violations.ignore.d (closes: #443881). - added bind's "AXFR ended" rule alongside "AXFR started" (closes: #445046). - added "adding an RR"/"deleting rrset" bind rules for dynamic DNS. - added "connection reset" rule for bind. - added "journal file does not exist" rule for bind. . * ignore.d.server/sasl2-bin: - added DB_NOTFOUND and "user not found" rules for sasl2-bin. . * ignore.d.workstation/kernel: - ignore bttv PLL messages - ignore (un)register messages from zaurus module (closes: #444096). . * ignore.d.server/ddclient: - added two basic rules for ddclient (closes: #444097). . * ignore.d.server/telnetd: - added basic rules for telnetd (closes: #444100). . * ignore.d.server/ssh: - ignore "Nasty PTR record" messages from openssh (closes: #445074). . * violations.ignore.d/logcheck-ssh: - adjused ssh "Failed password" rule to allow omitting "illegal/invalid user" (closes: #445072). - updated ssh "reverse mapping" rule to include IP address (closes: #445073). . * ignore.d.server/tftpd: - added tftpd "serving file from ..." rule (closes: #445069). . * ignore.d.server/dspam: - corrected illegal regex in ignore.d.server/dspam. . * violations.ignore.d/logcheck-sudo: - ignore PAM session messages triggered by sudo. . * ignore.d.server/postfix: - Postfix considers that "-" can be part of a numeric hostname. . * violations.ignore.d/logcheck-postfix: - allow any error message following "SASL authentication failure" in postfix. . * ignore.d.server/libpam-mount: - added libpam-mount rule "realpath of volume $FOO is $BAR". . * ignore.d.server/proftpd: - adapted rules for SystemLog syntax. - added "FTP login|session timed out" rule. - added "Incorrect password" proftpd rule. - adjusted proftpd rules to catch unresolved IPv6 hosts. - added "@" to proftpd "no such user" rules, to catch [EMAIL PROTECTED] - adjusted proftpd "Data connection closed" rule to allow arbitrary usernames. . * ignore.d.server/openvpn: - added "Re-using pre-shared static key" openvpn rule. - re-enabled :port portion of "UDPv4 link" openvpn rule. . * ignore.d.workstation/bluetooth-alsa - adding rules for headsetd (bluetooth-alsa). . * ignore.d.server/dhcp - Adding dhcp rules for DNS updates by ddns_remove_a() (closes: #459875, #472368) - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. . [ Gerfried Fuchs ] * Bumped Standards-Version to 3.7.3, no further changes required anymore. * Added Homepage source control field. * debian/logtail.NEWS: Fix date format in trailer lines. * Updated my email address in debian/control and debian/copyright. Checksums-Sha1: 9d4f0e5d27b209864485ec934584066633084cfa 1179 logcheck_1.2.64.dsc 49f7b061598597bfef0d697f467709fdcd522647 142414 logcheck_1.2.64.tar.gz 19555d4dde5b7e0d701ed462956b8c4ac565f020 66194 logcheck_1.2.64_all.deb 18fc042cd34854a03a0e751000c9287df8715beb 105552 logcheck-database_1.2.64_all.deb 951d171000691fbf8517e8ac48596d085f0e5c42 52048 logtail_1.2.64_all.deb Checksums-Sha256: bf25323651688dce618ba426d36dcec14ffb3f2705d2403b2db8d9af6b177c45 1179 logcheck_1.2.64.dsc 2f6092fdd52cddd0305303902589182f18b67c69af5682ba7538e04ad266b78e 142414 logcheck_1.2.64.tar.gz e074fb878c15e8c8fe44325d31fd4598eac5fc2bdea560c31efd6b423ca3ac7d 66194 logcheck_1.2.64_all.deb f4f417426bbf83cf7aa4f594c99521d36fc62d7102829172122aa2621d8ac782 105552 logcheck-database_1.2.64_all.deb 3eb4c9a2ea3550bb8044e81246afbf998ae3d06106a8ed4c46ebcb64421d18c0 52048 logtail_1.2.64_all.deb Files: b9cc4351633bbfcd29577be98b1aadea 1179 admin optional logcheck_1.2.64.dsc 44d281de30c1b8be6ded00a4de6e2f89 142414 admin optional logcheck_1.2.64.tar.gz 7c3975c1e2f1f6d5f79fec914b4e1272 66194 admin optional logcheck_1.2.64_all.deb f0cea79accda181948545ddec52f97a4 105552 admin optional logcheck-database_1.2.64_all.deb c199cd4fe8f6f3c7dc3d6b9832fbf32e 52048 admin optional logtail_1.2.64_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIRcc5eW7Lc5tEHqgRAnBuAKCBCndc/DpO3dnmwObJ8uxCzypNXgCfcu7R QS2IVuWN+U2UxxO9uxS3puQ= =CQ/C -----END PGP SIGNATURE-----
--- End Message ---
