[Logcheck-devel] Bug#400714: logcheck-database: ignore ssh hosts.allow warnings

Tue, 28 Nov 2006 00:09:45 -0800 

Package: logcheck-database
Version: 1.2.51
Severity: minor
Tags: patch

If one uses a TCP wrappers configuration that denies all connections
and then only permits them from certain hosts, the warnings about
inability to resolve an incoming IP address may be reported against
lines in /etc/hosts.allow as well as /etc/hosts.deny.  Here's the simple
patch to violations.ignore.d/logcheck-ssh.

--- 
/home/eagle/tmp/logcheck-1.2.51/rulefiles/linux/violations.ignore.d/logcheck-ssh
    2006-11-15 13:07:13.000000000 -0800
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh      2006-11-26 
12:42:50.000000000 -0800
@@ -1,5 +1,5 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, 
line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) 
failed$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, 
line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: 
/etc/hosts\.(allow|deny), line [0-9]+: can't verify hostname: 
getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: 
/etc/hosts\.(allow|deny), line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ 
!= [._[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking 
getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ 
maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE 
BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write 
failed: Broken pipe$

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.8      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:


_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to