[Logcheck-devel] Bug#825170: marked as done (logcheck: Ignore DNSSEC rekeying)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:37 +
with message-id 
and subject line Bug#825170: fixed in logcheck 1.3.18
has caused the Debian Bug report #825170,
regarding logcheck: Ignore DNSSEC rekeying
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
825170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825170
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Version: 1.3.17
Severity: minor
Tags: patch

After enabling bind inline-signing the logfile sees every hour a 'reconfiguring 
zone keys' and 'next key event' line. These could be ignored.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages logcheck depends on:
ii  adduser3.114
ii  cron   3.0pl1-128
ii  exim4-daemon-heavy [mail-transport-agent]  4.87-3
ii  lockfile-progs 0.1.17
ii  logtail1.3.17
ii  mime-construct 1.11+nmu2
ii  rsyslog [system-log-daemon]8.16.0-1+b3

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.17

Versions of packages logcheck suggests:
pn  syslog-summary  

-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: 
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: 
u'/etc/logcheck/logcheck.logfiles'

-- debconf information:
* logcheck/install-note:
  logcheck/changes:
>From d3450966f68a2221a4155868a9beed524478feca Mon Sep 17 00:00:00 2001
From: Philipp Kolmann 
Date: Tue, 24 May 2016 11:27:19 +0200
Subject: [PATCH] commit d180391d2a0f71f4f91a39a8b2b55fb676fdb3bc Author:
 Philipp Kolmann  Date:   Tue May 24 11:25:10 2016 +0200

After enabling bind inline-signing the logfile sees every hour a 'reconfiguring
zone keys' and 'next key event' line. These could be ignored.

Signed-off-by: Philipp Kolmann 
---
 rulefiles/linux/ignore.d.server/bind | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rulefiles/linux/ignore.d.server/bind b/rulefiles/linux/ignore.d.server/bind
index 88e1989..6e7e2ae 100644
--- a/rulefiles/linux/ignore.d.server/bind
+++ b/rulefiles/linux/ignore.d.server/bind
@@ -11,3 +11,5 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-._[:alnum:]]+/IN: notify from [.:[:xdigit:]]+#[[:digit:]]+: zone is up to date$
 ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving '[^[:space:]]+' \(in '[.[:alnum:]-]+'\?\) after (disabling EDNS|reducing the advertised EDNS UDP packet size to 512 octets)$
 ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: error \((FORMERR|connection refused|unexpected RCODE (REFUSED|SERVFAIL)|(network|host) unreachable)\) resolving '[^[:space:]]+': [.:[:xdigit:]]+#[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): reconfiguring zone keys$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): next key event: [:digit:]]{3}-\w{3}-[:digit:]{4} [.:[:digit:]]{12}$
-- 
2.8.1

--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source

[Logcheck-devel] Bug#786815: marked as done (please add alternate dependency on cron-daemon)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#786815: fixed in logcheck 1.3.18
has caused the Debian Bug report #786815,
regarding please add alternate dependency on cron-daemon
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
786815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Severity: minor
Tags: patch

Currently logcheck only depends on cron but systemd-cron only Provides: 
cron-daemon but not cron.
So these 2 can't be used together.

diff --git a/debian/control b/debian/control
index 808dec5..33a76bb 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Homepage: http://www.logcheck.org/
 
 Package: logcheck
 Architecture: all
-Depends: adduser, default-mta | mail-transport-agent, cron, rsyslog | 
system-log-daemon, mime-construct, logtail (>= 1.2.59), lockfile-progs, 
${misc:Depends}
+Depends: adduser, default-mta | mail-transport-agent, cron | cron-daemon, 
rsyslog | system-log-daemon, mime-construct, logtail (>= 1.2.59), 
lockfile-progs, ${misc:Depends}
 Recommends: logcheck-database (>= ${source:Version})
 Suggests: syslog-summary
 Description: mails anomalies in the system logfiles to the administrator
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 786...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
 - allow comma as thousands separator (LP: #1476199)
   * ignore.d.workstation/wpasupplicant:
 - adjust CTRL-EVENT-CONNECTED rule
 - add another CTRL-EVENT-DISCONNECTED rule
 - adjust multiple rules to match added interface name
 - allow '.' in SSID
 - match 'SME: ' prefix in 'Trying to associate' message
 - match 'freq=', 'address=' and 'uuid=' wpa_action messages
 - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
 - match predictable network interface names
   * violations.ignore.d/logcheck-sudo:
 - match 'GROUP=' field (closes: #815114)
   * ignore.d.server/bind:
 - match domain name in query message, thanks to Wojciech Nizinski
   for the patch
 - ignore DNSSEC rekeying (closes: #825170)
   *

[Logcheck-devel] Bug#815114: marked as done (Please whitelist sudo -g nogroup (not just sudo -u nobody))

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:37 +
with message-id 
and subject line Bug#815114: fixed in logcheck 1.3.18
has caused the Debian Bug report #815114,
regarding Please whitelist sudo -g nogroup (not just sudo -u nobody)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
815114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815114
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Version: 1.3.17
Severity: wishlist
Tags: patch

Currently logcheck thinks

  "sudo -u nobodypwd" is OK,
  "sudo   -g nogroup pwd" is scary; and
  "sudo -u nobody -g nogroup pwd" is scary.

IMO either these are all OK, or all scary --- probably the former.

Here is an (untested) patch against current logcheck;
I've been using a variation on oldoldstable systems for a while.



diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo 
b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index 92c3dd4..274ed83 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,5 +1,5 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user 
[[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : 
TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; 
USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : 
TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ (; 
(USER|GROUP)=[._[:alnum:]-]+ )+; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit 
).*|list)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : 
\(command continued\).*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): 
session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): 
session closed for user [[:alnum:]-]+$
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 815...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
 - allow comma as

[Logcheck-devel] Bug#481353: marked as done (Please add support for logcheck.logfiles.d)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#481353: fixed in logcheck 1.3.18
has caused the Debian Bug report #481353,
regarding Please add support for logcheck.logfiles.d
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Version: 1.2.63
Severity: wishlist


Please add support for logcheck.logfiles.d so packages can put files
there and add new logfiles for reviewing.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 481...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
 - allow comma as thousands separator (LP: #1476199)
   * ignore.d.workstation/wpasupplicant:
 - adjust CTRL-EVENT-CONNECTED rule
 - add another CTRL-EVENT-DISCONNECTED rule
 - adjust multiple rules to match added interface name
 - allow '.' in SSID
 - match 'SME: ' prefix in 'Trying to associate' message
 - match 'freq=', 'address=' and 'uuid=' wpa_action messages
 - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
 - match predictable network interface names
   * violations.ignore.d/logcheck-sudo:
 - match 'GROUP=' field (closes: #815114)
   * ignore.d.server/bind:
 - match domain name in query message, thanks to Wojciech Nizinski
   for the patch
 - ignore DNSSEC rekeying (closes: #825170)
   * ignore.d.server/openvpn:
 - match arbitrary mtu sizes (closes: #815755)
   * ignore.d.server/snmpd:
 - match optional port (closes: #644886)
   * ignore.d.server/postfix:
 - remove obsolete rule (closes: #822165)
   * ignore.d.server/systemd-timesyncd: new
 - match 'interval/delta/delay/jitter/drift' message
   * ignore.d.server/kernel:
 - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger
for the patch

[Logcheck-devel] Bug#799304: marked as done (logcheck-database: rule for sshd accepted key rule is obsolete)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:37 +
with message-id 
and subject line Bug#799304: fixed in logcheck 1.3.18
has caused the Debian Bug report #799304,
regarding logcheck-database: rule for sshd accepted key rule is obsolete
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: logcheck-database
Version: 1.3.17
Severity: normal

The following rule in ignore.d.server/ssh:

   ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted 
(gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased)
 for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: 
(RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$

is not working with version 6.9 of openssh.  Log entries in my system 
are like this now:


   Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xx from 
000.000.000.000 port 000 ssh2: RSA 
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY

The problem is that the key hash at the end:

   SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY

does not match the end of the rule:

   ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})

Please, fix it.

Thanks,

Rafael Laboissiere
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 799...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
 - allow comma as thousands separator (LP: #1476199)
   * ignore.d.workstation/wpasupplicant:
 - adjust CTRL-EVENT-CONNECTED rule
 - add another CTRL-EVENT-DISCONNECTED rule
 - adjust multiple rules to match added interface name
 - allow '.' in SSID
 - match 'SME: ' prefix in 'Trying to associate' message
 - match 'freq=', 'address=' and 'uuid=' wpa_action messages
 - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
 - match predictable network interface names
   * violations.ignore.d/logcheck-sudo:
 - match 'GROUP=' field (closes: #815114)
   * ignore.d.server/bind:
 - match domain name in query message, thanks to Wojciech Nizinski
   for the patch
 - ignore DNSSEC rekeying (closes: #825170)

[Logcheck-devel] Bug#418147: marked as done (logcheck: Does not complain if rules are unreadable)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#418147: fixed in logcheck 1.3.18
has caused the Debian Bug report #418147,
regarding logcheck: Does not complain if rules are unreadable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
418147: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418147
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Version: 1.2.39
Severity: normal

Hello,

Due to the incorrect group ownership bug (which has already been fixed)
I ended up with logcheck not being able to read any files in
/etc/logcheck/ignore.d.paranoid. However, instead of complaining that
some files were unreadable, logcheck just sent the *complete* logfiles
by mail, without any filtering.

If logcheck cannot read some of its rule files, it should mention that
in its mail. Additionally, it may be worth considering to not include
any logfile contents in this case, since for me this generated a 10 MB
mail.

Best,
Nikolaus


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.9-023stab039.1-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck depends on:
ii  adduser  3.63Add and remove users and groups
ii  cron 3.0pl1-86   management of regular background p
ii  debconf [debconf 1.4.30.13   Debian configuration management sy
ii  debianutils  2.8.4   Miscellaneous utilities specific t
ii  exim44.50-8sarge2metapackage to ease exim MTA (v4) 
ii  exim4-daemon-hea 4.50-8sarge2exim MTA (v4) daemon with extended
ii  lockfile-progs   0.1.10  Programs for locking and unlocking
ii  logcheck-databas 1.2.39  A database of system log rules for
ii  logtail  1.2.39  Print log file lines that have not
ii  mailx1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii  sysklogd [system 1.4.1-17System Logging Daemon

-- debconf information excluded

--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 418...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username

[Logcheck-devel] Bug#775090: marked as done (logcheck-database: Should filter shh preauth disconnect ok messages)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#775090: fixed in logcheck 1.3.18
has caused the Debian Bug report #775090,
regarding logcheck-database: Should filter shh preauth disconnect ok messages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
775090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: normal
Tags: patch

I get tons of messages for sshd like these:

  Received disconnect from [IP]: 11: ok [preauth]

`Bye Bye [preauth]` is already filtered out.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From fc9a190720510e14039505229c9e6c0803ebde3f Mon Sep 17 00:00:00 2001
From: Adrian Heine 
Date: Sun, 11 Jan 2015 08:34:07 +0100
Subject: [PATCH] server/ssh: Better match for preauth disconnect

---
 rulefiles/linux/ignore.d.server/ssh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 890d20a..9c6ec96 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -14,7 +14,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (Bye Bye|ok) \[preauth\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$
-- 
2.1.4

--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 775...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 -

[Logcheck-devel] Bug#799041: marked as done (Updated rules for isc-dhcp-server)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#799041: fixed in logcheck 1.3.18
has caused the Debian Bug report #799041,
regarding Updated rules for isc-dhcp-server
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: normal
Tags: patch

isc-dhcp-server has added the PID to the log output since version 4.3.3-2:
  * Enable pid file logging (closes: #792928).

This spams logcheck output.

Attached is a new version of /etc/logcheck/ignore.d.server/dhcp
which matches the new log output.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet 
(Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet 
(Software|Systems) Consortium\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit 
http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+ 
(leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER) 
from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on) 
[.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} 
to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for 
[.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) 
)?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to 
[:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) 
(on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$
#Added for dhcp 3
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from 
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer 
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on 
[.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for 
[.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via 
[._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by 
peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} 
to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} 
to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from 
[.0-9]{7,15} via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of 
[.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ 
\((not |)found\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to 
[.0-9]{7,15}( \(([:[:xdigit:]]+|)\) via 
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) 
)?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+  free 
[:[:alnum:]]+  backup [:[:alnum:]]+  lts [:[:alnum:]-]+.*(  max-(own 
\(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while 
lease [.[:digit:]]{7,15} valid\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: uid lease [.0-9]{7,15} 
for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$
# Dyndns support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: [Aa]dded (new 
)?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: removed reverse map on 
[._[:alnum:]-]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Can't update forward 
map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$
# udhcpd support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending

[Logcheck-devel] Bug#644886: marked as done (logcheck-database: snmpd ruleset needs update)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#644886: fixed in logcheck 1.3.18
has caused the Debian Bug report #644886,
regarding logcheck-database: snmpd ruleset needs update
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
644886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644886
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.13
Severity: normal

Rule
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP: 
\[[.0-9]{7,15}\]:[0-9]{4,5}$
does not cover log entries like
Oct 10 07:05:04 foobar snmpd[19089]: Connection from UDP: 
[192.0.2.61]:34180->[198.51.100.163]

Gabor

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Related package versions:
snmpd  5.4.3~dfsg-2

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
 - allow comma as thousands separator (LP: #1476199)
   * ignore.d.workstation/wpasupplicant:
 - adjust CTRL-EVENT-CONNECTED rule
 - add another CTRL-EVENT-DISCONNECTED rule
 - adjust multiple rules to match added interface name
 - allow '.' in SSID
 - match 'SME: ' prefix in 'Trying to associate' message
 - match 'freq=', 'address=' and 'uuid=' wpa_action messages
 - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
 - match predictable network interface names
   * violations.ignore.d/logcheck-sudo:
 - match 'GROUP=' field (closes: #815114)
   * ignore.d.server/bind:
 - match domain name in query message, thanks to Wojciech Nizinski
   for the patch
 - ignore DNSSEC rekeying (closes: #825170)
   * ignore.d.server/openvpn:
 - match arbitrary mtu sizes (closes: #815755)
   * ignore.d.server/snmpd:
 - match optional port (closes: #644886)
   * ignore.d.server/postfix:
 - remove obsolete rule (closes: #822165)

[Logcheck-devel] Bug#780441: marked as done (logcheck/PAM interaction ignore domain names as user)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#780441: fixed in logcheck 1.3.18
has caused the Debian Bug report #780441,
regarding logcheck/PAM interaction ignore domain names as user
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Severity: normal

Dear Maintainer,



the default "/etc/logcheck/ignore.d.server/su"
has the following

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:]-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\?
root:[_[:alnum:]-]+$


but sometimes the session closed for user  is the hostname and has "."
inside
like these

Mar 13 07:16:01 api su[57408]: Successful su for mydomain.com by root
Mar 13 01:52:01 api su[47132]: + ??? root:mydomain.com
Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session opened for
user mydomain.com by (uid=0)
Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session closed for
user mydomain.com


so think it must be changed like the following

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:].-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:].-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:].-]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\?
root:[_[:alnum:].-]+$



-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for

[Logcheck-devel] Bug#783633: marked as done (logcheck-database: Please add rules for systemd)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#783633: fixed in logcheck 1.3.18
has caused the Debian Bug report #783633,
regarding logcheck-database: Please add rules for systemd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
783633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783633
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: wishlist
Tags: patch

I was quite surprised that after a dist-upgrade I was flooded with systemd
messages from logcheck.

The appropriate rules are already available at
https://wiki.debian.org/systemd/logcheck 
See also https://lists.debian.org/debian-devel/2014/08/msg00923.html

-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/rlogind'
/etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/rsh'
/etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/smartd'
/etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/tftpd'
/etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/uucico'
/etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/bind'
/etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/cron'
/etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/incron'
/etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/logcheck'
/etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/postfix'
/etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/ppp'
/etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/pureftp'
/etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/qpopper'
/etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/squid'
/etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/ssh'
/etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/stunnel'
/etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/sysklogd'
/etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/telnetd'
/etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/tripwire'
/etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/usb'
/etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/acpid'
/etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/amandad'
/etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/amavisd-new'
/etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/anacron'
/etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/anon-proxy'
/etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/apache'
/etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/apcupsd'
/etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/arpwatch'
/etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/asterisk'
/etc/logcheck/ignore.d.server/automount [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/automount'
/etc/logcheck/ignore.d.server/bind [Errno 13] Permission denied:

[Logcheck-devel] Bug#797512: marked as done (logcheck-database: Updated regex for kernel "unexpectedly shrunk window")

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#797512: fixed in logcheck 1.3.18
has caused the Debian Bug report #797512,
regarding logcheck-database: Updated regex for kernel "unexpectedly shrunk 
window"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
797512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: wishlist

Dear Maintainer,

You will find a patch for logcheck server kernel rules to reflect
message changes in net/ipv4/tcp_timer.c.

-- System Information:
Architecture: amd64 (x86_64)

Kernel: 3.16.0-4-amd64

Best regards
--
Xavier Mehrenberger
PGP: 0xFD3D563AEBC0307E
Fingerprint: 8847 CDED F0AF 19DA 61D6  892F FD3D 563A EBC0 307E

diff --git a/logcheck/ignore.d.server/kernel b/logcheck/ignore.d.server/kernel
index 682943d..12ed3fc 100644
--- a/logcheck/ignore.d.server/kernel
+++ b/logcheck/ignore.d.server/kernel
@@ -28,7 +28,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? PCI: Setting latency timer of device [[:alnum:]:.]+ to [[:digit:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI device [[:alnum:]]+: drive cache: write (through|back)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI subsystem initialized$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? TCP: (Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? (TCP: )?(Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? XFS mounting filesystem [[:alnum:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:][:space:]]+: probe of [:.[:xdigit:]]+ failed with error [-[:digit:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: link up\.$
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 797...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz  (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul

[Logcheck-devel] Bug#703936: marked as done (logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete)

2017-01-25 Thread Debian Bug Tracking System 
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id 
and subject line Bug#703936: fixed in logcheck 1.3.18
has caused the Debian Bug report #703936,
regarding logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is 
incomplete
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.13
Severity: normal

The rule for SSH ignoring "Bad protocol version identification" assumes there 
are no single quotes
inside the version string ('[^']'). I am however getting mails including those 
lines:

Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version 
identification 
'\004\241\031\a\232k\273#\203J\223\030\246\354t\260n\346q\004*\231\264q&\035\321.l5\260)r\224!\030C\f#ytS8\344\343\363\334'{_D\033\317[e\006\362\327\344\006-pH\356\0205\271\306\360\002\217\325y\023~\026\3412dc\021u\354\004\353m\225\210\272\030\311w\030I)\031\016\206\345\342'
 from 119.78.236.189

Mar 25 16:21:14 Debian-60-squeeze-64-minimal sshd[4015]: Bad protocol version 
identification 
'\354\035\371^\277\376\323\332{0\016Dd\351\237\356\302\252\275\331\315w\306\343\246m\377@waj\231\374C\236\234\207\210p\363C9}\366\2532xiM\255f\232!\376\335[\363'\b\217!Zp(\314\266\253?'
 from 210.73.57.141

Mar 25 13:18:36 Debian-60-squeeze-64-minimal sshd[317]: Bad protocol version 
identification 
'\301h\355\243\375\2106\005/H\256\001\362\250\365d\333Hd\235\353\322\232\335\003\274\353JB\374\353\263\272>#\337\020\250\376\247\344\\\v\301\336\036\236\t\235\026\273\003/\021C\307\264\2338>E7\341\303'B\246\357\321^\366\200Q\364\234G\374\302\207\3113\016\306\222\244\217\216\216\177\351\212j\325\255;'
 from 122.206.34.166



-- System Information:
Debian Release: 6.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/rlogind'
/etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/rsh'
/etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/smartd'
/etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/tftpd'
/etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: 
u'/etc/logcheck/cracking.d/uucico'
/etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/bind'
/etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/cron'
/etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/incron'
/etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/logcheck'
/etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/postfix'
/etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/ppp'
/etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/pureftp'
/etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/qpopper'
/etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/squid'
/etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/ssh'
/etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/stunnel'
/etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/sysklogd'
/etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/telnetd'
/etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/tripwire'
/etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.paranoid/usb'
/etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: 
u'/etc/logcheck/ignore.d.server/acpid'
/etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied:

[Logcheck-devel] logcheck_1.3.18_amd64.changes ACCEPTED into unstable

2017-01-25 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team 
Changed-By: Hannes von Haugwitz 
Description:
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 
799304 809605 815114 815755 822165 825170
Changes:
 logcheck (1.3.18) unstable; urgency=medium
 .
   * src/logcheck:
 - fix check if rule files are unreadable, thanks to Simon Ruderich
   for the patch (closes: #418147)
   * src/logcheck-test:
 - make mktemp usage more portable
   * Makefile:
 - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhcp:
 - match dhcpd PID (closes: #799041)
   * ignore.d.server/dhclient:
 - rewrite rules (LP: #1357880, closes: #809605)
   * ignore.d.server/ssh:
 - add generic preauth disconnect rule (closes: #775090)
 - adjust 'Bad protocol version identification' rule, thanks to
   Paul Brossier for the patch (closes: #703936)
 - allow new FingerprintHash format (closes: #799304)
 - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
 - match more disconnect messages
   * ignore.d.server/su:
 - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
 - allow comma as thousands separator (LP: #1476199)
   * ignore.d.workstation/wpasupplicant:
 - adjust CTRL-EVENT-CONNECTED rule
 - add another CTRL-EVENT-DISCONNECTED rule
 - adjust multiple rules to match added interface name
 - allow '.' in SSID
 - match 'SME: ' prefix in 'Trying to associate' message
 - match 'freq=', 'address=' and 'uuid=' wpa_action messages
 - match CTRL-EVENT-SUBNET-STATUS-UPDATE message
 - match predictable network interface names
   * violations.ignore.d/logcheck-sudo:
 - match 'GROUP=' field (closes: #815114)
   * ignore.d.server/bind:
 - match domain name in query message, thanks to Wojciech Nizinski
   for the patch
 - ignore DNSSEC rekeying (closes: #825170)
   * ignore.d.server/openvpn:
 - match arbitrary mtu sizes (closes: #815755)
   * ignore.d.server/snmpd:
 - match optional port (closes: #644886)
   * ignore.d.server/postfix:
 - remove obsolete rule (closes: #822165)
   * ignore.d.server/systemd-timesyncd: new
 - match 'interval/delta/delay/jitter/drift' message
   * ignore.d.server/kernel:
 - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger
for the patch (closes: #797512)
   * ignore.d.server/systemd: new
 - add some generic rules (closes: #783633)
   * debian/control:
 - add alternate dependency on cron-daemon, thanks to Felix Zielcke for the
   patch (closes: #786815)
 - use secure Vcs-* fields
 - bump to Standards-Version 3.9.8 (no changes necessary)
   * debian/copyright: update copyright year to 2017
   * Remove obsolete debian/logcheck-database.postinst
   * Add support for logcheck.logfiles.d, thanks to Vincas Dargis for
 the initial patch (closes: #481353)
   * Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle
 for the patch
   * Remove references to 'logcheck.org'
Checksums-Sha1:
 d51fa82ab094c7273879512d3261ceab3f156640 1857 logcheck_1.3.18.dsc
 361aff6d593c4056ec9e8c9aa8195e6a2476b268 131252 logcheck_1.3.18.tar.xz
Checksums-Sha256:
 0c19c134f86dfea6c04dd71e33fb2cf056d41019f4029c42c4f60c5633605fcb 1857 
logcheck_1.3.18.dsc
 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 131252 
logcheck_1.3.18.tar.xz
Files:
 4e18e2b9a6f211403f5a4b86107a00ee 1857 admin optional logcheck_1.3.18.dsc
 0089dd02940b3789027ec37d4d19c8c0 131252 admin optional logcheck_1.3.18.tar.xz

-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAliJF9oACgkQGO6GOGAi
71fmmQv/f6JkTqLtyqvNDYGUJ7Ovhtk3HnsDMCmeY/zWy7TvBOModS3AtWOU91Aj
i25mTB/ReW2W5U5Lis2v/n2iVOWBSNB6Z3uv0M50GpVE2hDHfY6YA57KAlEaeKv7
zyMMJf+nLa9a5Pz0IEtTgK5A08rTrmgyYo/q6We60XE2w5pWA3lA65to+aC2/Qr1
cHmBS/bc2nAc37DfZDqDROLS0/+VC7ziPyDqqQqxNOmkvRf8EAsivla90+pcdhmY
WmUi1ib6FX7su5rXKnJxhl9GMD5l4OSPRBE+JeO8rSeIo42Jxi85xxFyJ0Gwf79p
oJPEBq7EIES5JhuMFLfd+BdTa6B7SHfA6+xylv+lXhAUfldcNehM89cJHFL6VzNC
9QMJDoIz1l3pCikVo2Hx2xJXCX94MuaOvE2oLx9yU1Bztwx9aNhcQQiuSCUdeBsq
+8ok1DzpaqhNCckBLb1LiZF5zkqeOo36eHQkFOaVYsSlBUO/nirxcVmnPi0L1o/h
ZZ/i434i
=kISm
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel

[Logcheck-devel] Processing of logcheck_1.3.18_amd64.changes

2017-01-25 Thread Debian FTP Masters 
logcheck_1.3.18_amd64.changes uploaded successfully to localhost
along with the files:
  logcheck_1.3.18.dsc
  logcheck_1.3.18.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel