Bug#690145: bad rule in ignore for saslauthd (patch included)

Wed, 10 Oct 2012 06:57:16 -0700 

Package: logcheck-database
Version: 1.3.13
Severity: normal
File: /etc/logcheck/ignore.d.server/saslauthd


The following patch fixes a bug in the regex for ignoring
useless lines from saslauthd authentication failures
(/etc/logcheck/ignore.d.server/saslauthd) on this Squeeze system:

--- saslauthd.orig      2012-10-10 08:37:50.000000000 -0400
+++ saslauthd   2012-10-10 08:38:10.000000000 -0400
@@ -4,7 +4,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: 
auth_pam: pam_authenticate failed: Authentication failure$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: 
auth_pam: pam_authenticate failed: User not known to the underlying 
authentication module$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
\(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= 
[[:space:]]*user=[-._[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
\(pam_unix\) check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
pam_unix\(:auth\): check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
do_auth[[:space:]]*: auth failure: \[user=[._[:alnum:]-]+\] \[service=smtp\] 
\[realm=[._[:alnum:]-]+\] \[mech=pam\] \[reason=PAM auth error\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
do_request[[:space:]]*: NULL password received$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
pam_unix\([[:alnum:]]+:[[:alnum:]]+\): check pass; user unknown$

-- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- Configuration Files:
/etc/logcheck/violations.d/logcheck changed [not included]
/etc/logcheck/violations.ignore.d/logcheck-sudo [Errno 2] No such file or 
directory: u'/etc/logcheck/violations.ignore.d/logcheck-sudo'

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to