[Logcheck-devel] Bug#825170: marked as done (logcheck: Ignore DNSSEC rekeying)
Your message dated Wed, 25 Jan 2017 22:05:37 + with message-idand subject line Bug#825170: fixed in logcheck 1.3.18 has caused the Debian Bug report #825170, regarding logcheck: Ignore DNSSEC rekeying to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 825170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.3.17 Severity: minor Tags: patch After enabling bind inline-signing the logfile sees every hour a 'reconfiguring zone keys' and 'next key event' line. These could be ignored. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages logcheck depends on: ii adduser3.114 ii cron 3.0pl1-128 ii exim4-daemon-heavy [mail-transport-agent] 4.87-3 ii lockfile-progs 0.1.17 ii logtail1.3.17 ii mime-construct 1.11+nmu2 ii rsyslog [system-log-daemon]8.16.0-1+b3 Versions of packages logcheck recommends: ii logcheck-database 1.3.17 Versions of packages logcheck suggests: pn syslog-summary -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- debconf information: * logcheck/install-note: logcheck/changes: >From d3450966f68a2221a4155868a9beed524478feca Mon Sep 17 00:00:00 2001 From: Philipp Kolmann Date: Tue, 24 May 2016 11:27:19 +0200 Subject: [PATCH] commit d180391d2a0f71f4f91a39a8b2b55fb676fdb3bc Author: Philipp Kolmann Date: Tue May 24 11:25:10 2016 +0200 After enabling bind inline-signing the logfile sees every hour a 'reconfiguring zone keys' and 'next key event' line. These could be ignored. Signed-off-by: Philipp Kolmann --- rulefiles/linux/ignore.d.server/bind | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rulefiles/linux/ignore.d.server/bind b/rulefiles/linux/ignore.d.server/bind index 88e1989..6e7e2ae 100644 --- a/rulefiles/linux/ignore.d.server/bind +++ b/rulefiles/linux/ignore.d.server/bind @@ -11,3 +11,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-._[:alnum:]]+/IN: notify from [.:[:xdigit:]]+#[[:digit:]]+: zone is up to date$ ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving '[^[:space:]]+' \(in '[.[:alnum:]-]+'\?\) after (disabling EDNS|reducing the advertised EDNS UDP packet size to 512 octets)$ ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: error \((FORMERR|connection refused|unexpected RCODE (REFUSED|SERVFAIL)|(network|host) unreachable)\) resolving '[^[:space:]]+': [.:[:xdigit:]]+#[[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): reconfiguring zone keys$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): next key event: [:digit:]]{3}-\w{3}-[:digit:]{4} [.:[:digit:]]{12}$ -- 2.8.1 --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 825...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source
[Logcheck-devel] Bug#786815: marked as done (please add alternate dependency on cron-daemon)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#786815: fixed in logcheck 1.3.18 has caused the Debian Bug report #786815, regarding please add alternate dependency on cron-daemon to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 786815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Severity: minor Tags: patch Currently logcheck only depends on cron but systemd-cron only Provides: cron-daemon but not cron. So these 2 can't be used together. diff --git a/debian/control b/debian/control index 808dec5..33a76bb 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Homepage: http://www.logcheck.org/ Package: logcheck Architecture: all -Depends: adduser, default-mta | mail-transport-agent, cron, rsyslog | system-log-daemon, mime-construct, logtail (>= 1.2.59), lockfile-progs, ${misc:Depends} +Depends: adduser, default-mta | mail-transport-agent, cron | cron-daemon, rsyslog | system-log-daemon, mime-construct, logtail (>= 1.2.59), lockfile-progs, ${misc:Depends} Recommends: logcheck-database (>= ${source:Version}) Suggests: syslog-summary Description: mails anomalies in the system logfiles to the administrator --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 786...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) *
[Logcheck-devel] Bug#815114: marked as done (Please whitelist sudo -g nogroup (not just sudo -u nobody))
Your message dated Wed, 25 Jan 2017 22:05:37 + with message-idand subject line Bug#815114: fixed in logcheck 1.3.18 has caused the Debian Bug report #815114, regarding Please whitelist sudo -g nogroup (not just sudo -u nobody) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 815114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.3.17 Severity: wishlist Tags: patch Currently logcheck thinks "sudo -u nobodypwd" is OK, "sudo -g nogroup pwd" is scary; and "sudo -u nobody -g nogroup pwd" is scary. IMO either these are all OK, or all scary --- probably the former. Here is an (untested) patch against current logcheck; I've been using a variation on oldoldstable systems for a while. diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo index 92c3dd4..274ed83 100644 --- a/rulefiles/linux/violations.ignore.d/logcheck-sudo +++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo @@ -1,5 +1,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ (; (USER|GROUP)=[._[:alnum:]-]+ )+; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 815...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as
[Logcheck-devel] Bug#481353: marked as done (Please add support for logcheck.logfiles.d)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#481353: fixed in logcheck 1.3.18 has caused the Debian Bug report #481353, regarding Please add support for logcheck.logfiles.d to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.2.63 Severity: wishlist Please add support for logcheck.logfiles.d so packages can put files there and add new logfiles for reviewing. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 481...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger for the patch
[Logcheck-devel] Bug#799304: marked as done (logcheck-database: rule for sshd accepted key rule is obsolete)
Your message dated Wed, 25 Jan 2017 22:05:37 + with message-idand subject line Bug#799304: fixed in logcheck 1.3.18 has caused the Debian Bug report #799304, regarding logcheck-database: rule for sshd accepted key rule is obsolete to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: normal The following rule in ignore.d.server/ssh: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$ is not working with version 6.9 of openssh. Log entries in my system are like this now: Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xx from 000.000.000.000 port 000 ssh2: RSA SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY The problem is that the key hash at the end: SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY does not match the end of the rule: ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}) Please, fix it. Thanks, Rafael Laboissiere --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 799...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170)
[Logcheck-devel] Bug#418147: marked as done (logcheck: Does not complain if rules are unreadable)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#418147: fixed in logcheck 1.3.18 has caused the Debian Bug report #418147, regarding logcheck: Does not complain if rules are unreadable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 418147: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418147 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.2.39 Severity: normal Hello, Due to the incorrect group ownership bug (which has already been fixed) I ended up with logcheck not being able to read any files in /etc/logcheck/ignore.d.paranoid. However, instead of complaining that some files were unreadable, logcheck just sent the *complete* logfiles by mail, without any filtering. If logcheck cannot read some of its rule files, it should mention that in its mail. Additionally, it may be worth considering to not include any logfile contents in this case, since for me this generated a 10 MB mail. Best, Nikolaus -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.9-023stab039.1-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.63Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.13 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim44.50-8sarge2metapackage to ease exim MTA (v4) ii exim4-daemon-hea 4.50-8sarge2exim MTA (v4) daemon with extended ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.39 A database of system log rules for ii logtail 1.2.39 Print log file lines that have not ii mailx1:8.1.2-0.20040524cvs-4 A simple mail user agent ii sysklogd [system 1.4.1-17System Logging Daemon -- debconf information excluded --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 418...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username
[Logcheck-devel] Bug#775090: marked as done (logcheck-database: Should filter shh preauth disconnect ok messages)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#775090: fixed in logcheck 1.3.18 has caused the Debian Bug report #775090, regarding logcheck-database: Should filter shh preauth disconnect ok messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: normal Tags: patch I get tons of messages for sshd like these: Received disconnect from [IP]: 11: ok [preauth] `Bye Bye [preauth]` is already filtered out. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) >From fc9a190720510e14039505229c9e6c0803ebde3f Mon Sep 17 00:00:00 2001 From: Adrian Heine Date: Sun, 11 Jan 2015 08:34:07 +0100 Subject: [PATCH] server/ssh: Better match for preauth disconnect --- rulefiles/linux/ignore.d.server/ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh index 890d20a..9c6ec96 100644 --- a/rulefiles/linux/ignore.d.server/ssh +++ b/rulefiles/linux/ignore.d.server/ssh @@ -14,7 +14,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (Bye Bye|ok) \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$ -- 2.1.4 --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: -
[Logcheck-devel] Bug#799041: marked as done (Updated rules for isc-dhcp-server)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#799041: fixed in logcheck 1.3.18 has caused the Debian Bug report #799041, regarding Updated rules for isc-dhcp-server to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: normal Tags: patch isc-dhcp-server has added the PID to the log output since version 4.3.3-2: * Enable pid file logging (closes: #792928). This spams logcheck output. Attached is a new version of /etc/logcheck/ignore.d.server/dhcp which matches the new log output. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet (Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet (Software|Systems) Consortium\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+ (leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on) [.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ #Added for dhcp 3 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|)\) via [._[:alnum:]-]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: uid lease [.0-9]{7,15} for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$ # Dyndns support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: removed reverse map on [._[:alnum:]-]+\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Can't update forward map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$ # udhcpd support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending
[Logcheck-devel] Bug#644886: marked as done (logcheck-database: snmpd ruleset needs update)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#644886: fixed in logcheck 1.3.18 has caused the Debian Bug report #644886, regarding logcheck-database: snmpd ruleset needs update to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 644886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.13 Severity: normal Rule ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}$ does not cover log entries like Oct 10 07:05:04 foobar snmpd[19089]: Connection from UDP: [192.0.2.61]:34180->[198.51.100.163] Gabor -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Related package versions: snmpd 5.4.3~dfsg-2 -- no debconf information --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 644...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165)
[Logcheck-devel] Bug#780441: marked as done (logcheck/PAM interaction ignore domain names as user)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#780441: fixed in logcheck 1.3.18 has caused the Debian Bug report #780441, regarding logcheck/PAM interaction ignore domain names as user to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Severity: normal Dear Maintainer, the default "/etc/logcheck/ignore.d.server/su" has the following ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for [[:alnum:]-]+ by [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[_[:alnum:]-]+$ but sometimes the session closed for user is the hostname and has "." inside like these Mar 13 07:16:01 api su[57408]: Successful su for mydomain.com by root Mar 13 01:52:01 api su[47132]: + ??? root:mydomain.com Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session opened for user mydomain.com by (uid=0) Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session closed for user mydomain.com so think it must be changed like the following ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for [[:alnum:].-]+ by [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:].-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:].-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[_[:alnum:].-]+$ -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for
[Logcheck-devel] Bug#783633: marked as done (logcheck-database: Please add rules for systemd)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#783633: fixed in logcheck 1.3.18 has caused the Debian Bug report #783633, regarding logcheck-database: Please add rules for systemd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: wishlist Tags: patch I was quite surprised that after a dist-upgrade I was flooded with systemd messages from logcheck. The appropriate rules are already available at https://wiki.debian.org/systemd/logcheck See also https://lists.debian.org/debian-devel/2014/08/msg00923.html -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amandad' /etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amavisd-new' /etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anacron' /etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anon-proxy' /etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apache' /etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apcupsd' /etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/arpwatch' /etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/asterisk' /etc/logcheck/ignore.d.server/automount [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/automount' /etc/logcheck/ignore.d.server/bind [Errno 13] Permission denied:
[Logcheck-devel] Bug#797512: marked as done (logcheck-database: Updated regex for kernel "unexpectedly shrunk window")
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#797512: fixed in logcheck 1.3.18 has caused the Debian Bug report #797512, regarding logcheck-database: Updated regex for kernel "unexpectedly shrunk window" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 797512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797512 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: wishlist Dear Maintainer, You will find a patch for logcheck server kernel rules to reflect message changes in net/ipv4/tcp_timer.c. -- System Information: Architecture: amd64 (x86_64) Kernel: 3.16.0-4-amd64 Best regards -- Xavier Mehrenberger PGP: 0xFD3D563AEBC0307E Fingerprint: 8847 CDED F0AF 19DA 61D6 892F FD3D 563A EBC0 307E diff --git a/logcheck/ignore.d.server/kernel b/logcheck/ignore.d.server/kernel index 682943d..12ed3fc 100644 --- a/logcheck/ignore.d.server/kernel +++ b/logcheck/ignore.d.server/kernel @@ -28,7 +28,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? PCI: Setting latency timer of device [[:alnum:]:.]+ to [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI device [[:alnum:]]+: drive cache: write (through|back)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI subsystem initialized$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? TCP: (Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? (TCP: )?(Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? XFS mounting filesystem [[:alnum:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:][:space:]]+: probe of [:.[:xdigit:]]+ failed with error [-[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: link up\.$ --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 797...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team Changed-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul
[Logcheck-devel] Bug#703936: marked as done (logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-idand subject line Bug#703936: fixed in logcheck 1.3.18 has caused the Debian Bug report #703936, regarding logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification '\004\241\031\a\232k\273#\203J\223\030\246\354t\260n\346q\004*\231\264q&\035\321.l5\260)r\224!\030C\f#ytS8\344\343\363\334'{_D\033\317[e\006\362\327\344\006-pH\356\0205\271\306\360\002\217\325y\023~\026\3412dc\021u\354\004\353m\225\210\272\030\311w\030I)\031\016\206\345\342' from 119.78.236.189 Mar 25 16:21:14 Debian-60-squeeze-64-minimal sshd[4015]: Bad protocol version identification '\354\035\371^\277\376\323\332{0\016Dd\351\237\356\302\252\275\331\315w\306\343\246m\377@waj\231\374C\236\234\207\210p\363C9}\366\2532xiM\255f\232!\376\335[\363'\b\217!Zp(\314\266\253?' from 210.73.57.141 Mar 25 13:18:36 Debian-60-squeeze-64-minimal sshd[317]: Bad protocol version identification '\301h\355\243\375\2106\005/H\256\001\362\250\365d\333Hd\235\353\322\232\335\003\274\353JB\374\353\263\272>#\337\020\250\376\247\344\\\v\301\336\036\236\t\235\026\273\003/\021C\307\264\2338>E7\341\303'B\246\357\321^\366\200Q\364\234G\374\302\207\3113\016\306\222\244\217\216\216\177\351\212j\325\255;' from 122.206.34.166 -- System Information: Debian Release: 6.0.7 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied:
[Logcheck-devel] logcheck_1.3.18_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck TeamChanged-By: Hannes von Haugwitz Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger for the patch (closes: #797512) * ignore.d.server/systemd: new - add some generic rules (closes: #783633) * debian/control: - add alternate dependency on cron-daemon, thanks to Felix Zielcke for the patch (closes: #786815) - use secure Vcs-* fields - bump to Standards-Version 3.9.8 (no changes necessary) * debian/copyright: update copyright year to 2017 * Remove obsolete debian/logcheck-database.postinst * Add support for logcheck.logfiles.d, thanks to Vincas Dargis for the initial patch (closes: #481353) * Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle for the patch * Remove references to 'logcheck.org' Checksums-Sha1: d51fa82ab094c7273879512d3261ceab3f156640 1857 logcheck_1.3.18.dsc 361aff6d593c4056ec9e8c9aa8195e6a2476b268 131252 logcheck_1.3.18.tar.xz Checksums-Sha256: 0c19c134f86dfea6c04dd71e33fb2cf056d41019f4029c42c4f60c5633605fcb 1857 logcheck_1.3.18.dsc 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 131252 logcheck_1.3.18.tar.xz Files: 4e18e2b9a6f211403f5a4b86107a00ee 1857 admin optional logcheck_1.3.18.dsc 0089dd02940b3789027ec37d4d19c8c0 131252 admin optional logcheck_1.3.18.tar.xz -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAliJF9oACgkQGO6GOGAi 71fmmQv/f6JkTqLtyqvNDYGUJ7Ovhtk3HnsDMCmeY/zWy7TvBOModS3AtWOU91Aj i25mTB/ReW2W5U5Lis2v/n2iVOWBSNB6Z3uv0M50GpVE2hDHfY6YA57KAlEaeKv7 zyMMJf+nLa9a5Pz0IEtTgK5A08rTrmgyYo/q6We60XE2w5pWA3lA65to+aC2/Qr1 cHmBS/bc2nAc37DfZDqDROLS0/+VC7ziPyDqqQqxNOmkvRf8EAsivla90+pcdhmY WmUi1ib6FX7su5rXKnJxhl9GMD5l4OSPRBE+JeO8rSeIo42Jxi85xxFyJ0Gwf79p oJPEBq7EIES5JhuMFLfd+BdTa6B7SHfA6+xylv+lXhAUfldcNehM89cJHFL6VzNC 9QMJDoIz1l3pCikVo2Hx2xJXCX94MuaOvE2oLx9yU1Bztwx9aNhcQQiuSCUdeBsq +8ok1DzpaqhNCckBLb1LiZF5zkqeOo36eHQkFOaVYsSlBUO/nirxcVmnPi0L1o/h ZZ/i434i =kISm -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processing of logcheck_1.3.18_amd64.changes
logcheck_1.3.18_amd64.changes uploaded successfully to localhost along with the files: logcheck_1.3.18.dsc logcheck_1.3.18.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel