Your message dated Wed, 27 Jan 2010 10:07:21 +0000
with message-id <[email protected]>
and subject line Bug#545318: fixed in logcheck 1.3.6
has caused the Debian Bug report #545318,
regarding logcheck-database: please add rule for newgrp messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
545318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545318
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Hello,
when newgrp (part of the package login) is used, I see messages
like this in my syslog:
Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1)
switched to group `backup'
Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1)
switched to group `backup'
Aug 27 19:28:19 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1)
returned to group `root'
Aug 27 19:32:37 srv1 newgrp[10132]: user `root' (login `mazur' on pts/0)
switched to group `backup'
Aug 27 19:34:01 srv1 newgrp[10155]: user `root' (login `mazur' on pts/0)
switched to group `backup'
Aug 27 19:34:18 srv1 newgrp[10155]: user `root' (login `mazur' on pts/0)
returned to group `backup'
Aug 27 19:34:22 srv1 newgrp[10132]: user `root' (login `mazur' on pts/0)
returned to group `root'
Aug 27 19:34:32 srv1 newgrp[10178]: user `root' (login `mazur' on pts/0)
switched to group `backup'
Aug 27 19:34:55 srv1 newgrp[10178]: user `root' (login `mazur' on pts/0)
returned to group `root'
The attached file contain a rule to ignore them. I've tested the rule and
it is working.
With best regards,
Martin
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
-- no debconf information
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ newgrp\[[0-9]+\]: user `[._[:alnum:]-]+'
\(login `[._[:alnum:]-]+' on (pts/[0-9]+|tty[0-9]+)\) (returned|switched) to
group `[._[:alnum:]-]+'$
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.6
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.6_all.deb
to main/l/logcheck/logcheck-database_1.3.6_all.deb
logcheck_1.3.6.dsc
to main/l/logcheck/logcheck_1.3.6.dsc
logcheck_1.3.6.tar.gz
to main/l/logcheck/logcheck_1.3.6.tar.gz
logcheck_1.3.6_all.deb
to main/l/logcheck/logcheck_1.3.6_all.deb
logtail_1.3.6_all.deb
to main/l/logcheck/logtail_1.3.6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <[email protected]> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Tue, 26 Jan 2010 22:01:39 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.6
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <[email protected]>
Changed-By: Hannes von Haugwitz <[email protected]>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail - Print log file lines that have not been read (deprecated)
Closes: 542781 545318 552222 564693 564702 565774 566107 566197 566198 566200
Changes:
logcheck (1.3.6) unstable; urgency=low
.
[ Hannes von Haugwitz ]
* ignore.d.paranoid/sysklogd:
- more specific matching of upstream version and optional distribution
revision,
thanks to Caspar Clemens Mierau (closes: #566200)
* ignore.d.paranoid/cron:
- make /usr/sbin/ optional in pathnames of cron,
thanks to Matthias Andree (closes: #566198)
* ignore.d.server/dhclient:
- adjusted rules to match optional ip address,
thanks to David Pashley (closes: #552222)
* debian/header.txt:
- fixed incorrect spelling, thanks to Michael Lustfield (closes: #566197)
* Use mime-construct to send mail (closes: #542781, #564693)
* etc/logcheck.conf:
- added hint for suggested package
* Removed obsolete files in violations.ignore.d/ (closes: #566107)
* ignore.d.workstation/wpasupplicant:
- adjusted rule to also match LEAP method
- allow empty id_str in CTRL-EVENT-CONNECTED message
* Added rules for dhcpcd, thanks to Paweł Hajdan, Jr. (closes: #564702)
* ignore.d.server/nagios:
- removed rule for nrpe
* Added rule for libpam-gnome-keyring, thanks to Jerome Wittmann (closes:
#565774)
* ignore.d.workstation/kernel:
- extended the rules for WLAN authentication and association
* Added rules for successful non-root login to text console.
* ignore.d.server/kernel:
- ignore ext4 mount message
* ignore.d.server/login
- adjusted login rule to also match /dev/ prefix
- added rule to match newgrp messages, thanks to Martin Mazur (closes:
#545318)
* ignore.d.workstation/ifplugd
- added rules for ifplugd.action script execution
* ignore.d.workstation/ppp
- adjusted rule for successful CHAP authentication
* Added myself to the Uploaders field.
Checksums-Sha1:
2b25232901cdde9652e10faeb8570e0fffe92b29 1265 logcheck_1.3.6.dsc
89f78f94fed30c973fd96ef4ec0716de6b057f1c 150995 logcheck_1.3.6.tar.gz
2599d95b2153edf203131dac03e14b4c5de174bc 71336 logcheck_1.3.6_all.deb
cf2bb2045384a487b50d7b137b4797bdc47d879e 113480 logcheck-database_1.3.6_all.deb
fe7b2790342232794051139113572c9db37e2317 56874 logtail_1.3.6_all.deb
Checksums-Sha256:
031dfd825fecb26fc840fc6d933b485e05ecf87a1ec2217b91b5da90c9951723 1265
logcheck_1.3.6.dsc
e71a5cae823906982f425a7b022b349d08d4db48b28022e3712c561dbdc63cfc 150995
logcheck_1.3.6.tar.gz
58a206ec73b5efa2cd28c2a4083a31e423e9bda8c3998bf7a87c0d18d438db6e 71336
logcheck_1.3.6_all.deb
1c5a9e6e286e214f3573058dc8d1811a4c438d0a6701f9c58098df4b5c3f42ac 113480
logcheck-database_1.3.6_all.deb
7df3c2adcfe79295e6c33759aafe0bddc72373d16aa06dac10c20d14501f0090 56874
logtail_1.3.6_all.deb
Files:
8041feb399a92a1d51f292d7d4be46d7 1265 admin optional logcheck_1.3.6.dsc
b5e0c9aca599f1e936ad69bf1ad6718f 150995 admin optional logcheck_1.3.6.tar.gz
fb26e9b23b2f373aac4218ad10d2ba67 71336 admin optional logcheck_1.3.6_all.deb
48c71c9ca4dbfb8260802c311e01a6da 113480 admin optional
logcheck-database_1.3.6_all.deb
b0e0fd400f86ec8fcf12b3de626c417f 56874 admin optional logtail_1.3.6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAktfaGQACgkQIgvIgzMMSnUMhACgoiGjI8gICS/2M+By+XQZW+uf
RFwAn2pElCdfrXD4eJiwkO5d17fPCKDM
=Y7yY
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
