[Logcheck-devel] Bug#652148: marked as done (Please add rules for dropbear)

Sat, 30 Jun 2012 09:39:48 -0700 

Your message dated Sat, 30 Jun 2012 16:38:37 +0000
with message-id <e1sl0gv-0000su...@franck.debian.org>
and subject line Bug#652148: fixed in logcheck 1.3.15
has caused the Debian Bug report #652148,
regarding Please add rules for dropbear
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: logcheck
Version: 1.2.69

"dropbear" is a lightweight ssh server which can be installed in place
of openssh-server.  Log entries for dropbear are not currently
filtered by logcheck resulting in a "System Events" email for each and
every ssh login as below:


This email is sent by logcheck. If you no longer wish to receive
such mails, you can either deinstall the logcheck package or modify
its configuration file (/etc/logcheck/logcheck.conf).

System Events
=-=-=-=-=-=-=
Dec 15 07:48:24 captain dropbear[20011]: Child connection from 
::ffff:82.125.214.201:55874
Dec 15 07:48:27 captain dropbear[20011]: pubkey auth succeeded for 'user' with 
key md5 68:07:18:0a:d8:4a:8b:61:2d:a6:15:94:1e:cb:b9:85 from
+::ffff:82.125.214.201:55874
Dec 15 07:49:32 captain dropbear[20011]: exit after auth (user): Exited normally


The above is from an install of logcheck 1.2.69 and dropbear 0.51-1 on
an installation of lenny.  I have looked at the package files in
wheezy for logcheck (1.3.14) and it appears dropbear remains
unaccounted for (although note that dropbear is now at 0.52).

I have not yet attempted to create a ruleset to filter the above
however if a fix is proposed then I will happily test it.

Thanks.

--- End Message ---
--- Begin Message --- 
Source: logcheck
Source-Version: 1.3.15

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.3.15_all.deb
  to main/l/logcheck/logcheck-database_1.3.15_all.deb
logcheck_1.3.15.dsc
  to main/l/logcheck/logcheck_1.3.15.dsc
logcheck_1.3.15.tar.gz
  to main/l/logcheck/logcheck_1.3.15.tar.gz
logcheck_1.3.15_all.deb
  to main/l/logcheck/logcheck_1.3.15_all.deb
logtail_1.3.15_all.deb
  to main/l/logcheck/logtail_1.3.15_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 30 Jun 2012 16:24:49 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.15
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description: 
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read (deprecated)
Closes: 647622 647943 652148
Changes: 
 logcheck (1.3.15) unstable; urgency=low
 .
   [ Hannes von Haugwitz ]
   * ignore.d.server/dropbear: new
     - ignore successful logins (closes: #652148)
   * src/logcheck:
     - fixed broken '-t' option, thanks to Jon Daley (closes: #647622,
       LP: #1010431)
   * debian/control:
     - bumped to Standards-Version 3.9.3 (no changes necessary)
     - adjusted URLs of Vcs-* fields
   * debian/copyright:
     - updated copyright year to 2012
 .
   [ Frédéric Brière ]
   * ignore.d.server/postfix:
     - ignore "offered null AUTH mechanism list"
     - ignore "lost connection while receiving the initial server greeting"
     - fixed "lost connection while sending end of data" rule
   * ignore.d.server/proftpd:
     - ignore "authentication failure" even if ruser is provided
   * ignore.d.server/ssh:
     - ignore "PAM $n more authentication failures"
     - ignore "Too many authentication failures"
     - ignore "Closed due to user request." (closes: #647943)
     - ignore "Bye Bye"
     - ignore "Connection closed"
     - ignore yet one more variation of "invalid user"
     - updated "Postponed ..." rule with "[preauth]" suffix
     - updated "Postponed ..." rule with "invalid user"
   * ignore.d.workstation/libmtp-runtime:
     - ignore mtp-probe messages when plugging a non-MTP device
   * ignore.d.workstation/kernel:
     - ignore "No Caching mode page present"
     - ignore "usb-storage: Quirks match"
     - ignore "sensor detected" for various GSPCA webcams
     - updated FAT messages to new fat_msg() format
     - updated "new USB device" message to new usb_speed_string() format
     - updated bttv messages to new prefix
Checksums-Sha1: 
 df8e621f5c5190d8237ef56591393556db8160c2 1851 logcheck_1.3.15.dsc
 c1fef9d602f208e5cae64d39900834c216568fb0 162397 logcheck_1.3.15.tar.gz
 d6d9cf45c515886ad134b2474d68d7c43832ed2a 78664 logcheck_1.3.15_all.deb
 6c9ea758e52f62b13a5171a487163ebe22347798 121414 
logcheck-database_1.3.15_all.deb
 215d19a434319dfcf1561e88a59893e8c93eb170 61270 logtail_1.3.15_all.deb
Checksums-Sha256: 
 4928dbc5921f663425aef8661e7ffeb09f6fc86ee385da9f9d21e7a075e3e28f 1851 
logcheck_1.3.15.dsc
 b29b4753940a9130b5f19f60d2d89af23be220674625f4bd2fb1d40945d0b9e5 162397 
logcheck_1.3.15.tar.gz
 3314e5d1d3d65417c16beb55a3f8e7ad3f9b047f298b670385e04b6fc17937b7 78664 
logcheck_1.3.15_all.deb
 c76bccbb0fc7b07d3839c5a972f93b01dc0afe1253227360af6c7376e5a841ff 121414 
logcheck-database_1.3.15_all.deb
 c9a59d0844b12b5ef79607798006a07cb8d5aa3647d4a119a91ec0e5ea4980b0 61270 
logtail_1.3.15_all.deb
Files: 
 b6f9422e2bd0079c5e534f777d8f5aac 1851 admin optional logcheck_1.3.15.dsc
 e3f002fddcdc01856c811872f4082a11 162397 admin optional logcheck_1.3.15.tar.gz
 a0eb536acd94c2e4a45b6a3c9c30765e 78664 admin optional logcheck_1.3.15_all.deb
 d1b05745baed4e80d6d984778724457d 121414 admin optional 
logcheck-database_1.3.15_all.deb
 f65e15cfa881576ab027da7852901ce5 61270 admin optional logtail_1.3.15_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQGcBAEBCAAGBQJP7xTNAAoJEBjuhjhgIu9XjCYL/0Xv4094bDzoVcYxXGfaYAKA
6ZGSXuE5I0TQgI9D5CxqWvPOAPq9qBWbXKhnAfvAfQVZapD4fR/OHHPNQtMen/lD
WRQF0pW8ELsqi+NWCbDF4BAqHwQxyhvvHDgP8/BdbWG9TC9oF50/nWYUiIFA16Vd
01TdVNLr1MO5zZQprNqaDyRS+BskBrDsXVsGgnhTTcWg+73wY6BTu/7o8jc0c81F
EaFRtqxHEFcEIP0CgeK21g+6NrrzfdWfhlTwKBAChq7ElkIIMqqSunSJlHowcBv9
X0sv5/J3sky2vRWr9SPlgwnpXupvf9PfQvWuDpxqK5sA7Utjjp4i2cqFLu3LWHtu
fVHWvxhmAUsDYqoT15h3GkRzEh/QwlBq26mmvT/+Dd24Ea22z/ns49kGLrY49LHl
T5qTg44KVTURtrEJhGBFTlyX+wgGF3Vd1gV/er0FSIBbXI6eIIlXOnJN0AF4/MQz
aE9iVYLKNbP+CrKBuyoyKqNULnyH6QKoo8XhXpBmhg==
=B31d
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel

Reply via email to