[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
This bug was fixed in the package logwatch - 7.5.2-1ubuntu1.1 --- logwatch (7.5.2-1ubuntu1.1) focal; urgency=medium [ Bryce Harrington ] * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch: dhcpd: Ignore lease age under threshold messages (LP: #1578001) * d/p/0019-exim-Handle-self-signed-certs-warnings.patch: exim: Handle self-signed certs warnings. (LP: #1892269) * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch: audit: Treat Denial-Errors same as Denied. (LP: #1577948) * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch: audit: Apparmor DENIED entries don't always include parent=N. (LP: #1577948) * d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch: pam_unix: Ignore issues about /etc/securetty being missing. (LP: #1890751) * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch: zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing. These are not installed by default in Ubuntu's logwatch packaging. (LP: #1890749) * d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch: secure: Ignore warnings about gnome-keyring-daemon items already registered. (LP: #1890752) * d/p/0012-postfix-Handle-backwards-compatible-mode.patch: postfix: Handle backwards-compatible mode. (LP: #1583705) * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch: postfix: Ignore Resolved loghost to 127.0.0.1. (LP: #1583705) * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch: Use $PATH to determine location of zpool and zfs. (LP: #1880211) [ Lucas Kanashiro ] * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch: audit: use the term ALLOWED instead of Grants. (LP: #1577948) -- Bryce Harrington Thu, 03 Sep 2020 04:22:00 + ** Changed in: logwatch (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
Verified on focal in LXC -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Description changed:
[Impact]
Exim issues a warning when self-signed certificates are used, but these
messages aren't handled by logwatch, and thus end up in the "Unmatched Entries"
section, one per event. It is not uncommon to run Exim with self-signed
certificates, since it will behave that way by default on a simple
installation, however they are worth mentioning in the log output since it
could indicate a mis-configuration if signed certs were intended, so should be
matched and summarized.
[Test Case]
$ export CODENAME="focal"
$ lxc launch ubuntu:${CODENAME} test-logwatch
$ lxc exec test-logwatch -- bash
# apt-get update
# apt-get dist-upgrade -y
+ # apt-get install -y exim4
# apt-get install -y logwatch
# wget
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+attachment/5407060/+files/unmatched-entries-exim%3Aexim4.mainlog.1
# cat unmatched-entries-exim:exim4.mainlog.1 >> /var/log/exim4/mainlog.1
# logwatch --detail High --service all --range all --output stdout
Without the fix, there will be unmatched entries with "BAD FORMAT"
alerts; with the fix there will be a calmer mention that self-signed
certs are in use.
(Note: For testing it's not really necessary to trigger the original
condition that produces the log entry, since for Logwatch the purpose is
more about making sure the entry is detected and processed
appropriately.)
[Regression Potential]
Since logwatch filters logs for errors pertinent to administrators,
standard things to watch out for are undesired changes in this filtering
behavior, such as flagging or failing to flag issues differently than
before, other than the specific messages being filtered with this
change.
-
[Original Report]
On focal with exim installed, I'm seeing unmatched entries about self-signed
certs:
* BAD FORMAT (Possible data corruption or Exim bug) *
Suggested action: either install a certificate or change
tls_advertise_hosts option
...
**Unmatched Entries**
2020-04-24 20:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 2 Time(s)
2020-04-24 21:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 21:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 22:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
The logs show:
2020-04-25 10:00:42 Warning: No server certificate defined; will use a
selfsigned one.
Suggested action: either install a certificate or change tls_advertise_hosts
option
2020-04-25 10:00:42 Start queue run: pid=3512600
2020-04-25 10:00:42 End queue run: pid=3512600
So the 'BAD FORMAT' is simply a continuation of the warning line
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892269
Title:
Unmatched entry for exim with selfsigned certificate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
Hello Bryce, or anyone else affected, Accepted logwatch into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/logwatch/7.5.2-1ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: logwatch (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Changed in: logwatch (Ubuntu) Assignee: (unassigned) => Bryce Harrington (bryce) ** Changed in: logwatch (Ubuntu Focal) Assignee: (unassigned) => Bryce Harrington (bryce) ** Changed in: logwatch (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: logwatch (Ubuntu) Importance: Undecided => Medium ** Changed in: logwatch (Ubuntu Focal) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Merge proposal linked: https://code.launchpad.net/~bryce/ubuntu/+source/logwatch/+git/logwatch/+merge/390212 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Description changed:
[Impact]
Exim issues a warning when self-signed certificates are used, but these
messages aren't handled by logwatch, and thus end up in the "Unmatched Entries"
section, one per event. It is not uncommon to run Exim with self-signed
certificates, since it will behave that way by default on a simple
installation, however they are worth mentioning in the log output since it
could indicate a mis-configuration if signed certs were intended, so should be
matched and summarized.
[Test Case]
$ export CODENAME="focal"
$ lxc launch ubuntu:${CODENAME} test-logwatch
$ lxc exec test-logwatch -- bash
# apt-get update
# apt-get dist-upgrade -y
# apt-get install -y logwatch
# wget
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+attachment/5407060/+files/unmatched-entries-exim%3Aexim4.mainlog.1
# cat unmatched-entries-exim:exim4.mainlog.1 >> /var/log/exim4/mainlog.1
# logwatch --detail High --service all --range all --output stdout
Without the fix, there will be unmatched entries with "BAD FORMAT"
alerts; with the fix there will be a calmer mention that self-signed
certs are in use.
(Note: For testing it's not really necessary to trigger the original
condition that produces the log entry, since for Logwatch the purpose is
more about making sure the entry is detected and processed
appropriately.)
[Regression Potential]
Since logwatch filters logs for errors pertinent to administrators,
standard things to watch out for are undesired changes in this filtering
behavior, such as flagging or failing to flag issues differently than
before, other than the specific messages being filtered with this
change.
- [Fix]
-
- [Discussion]
[Original Report]
On focal with exim installed, I'm seeing unmatched entries about self-signed
certs:
* BAD FORMAT (Possible data corruption or Exim bug) *
Suggested action: either install a certificate or change
tls_advertise_hosts option
...
**Unmatched Entries**
2020-04-24 20:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 2 Time(s)
2020-04-24 21:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 21:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 22:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
The logs show:
2020-04-25 10:00:42 Warning: No server certificate defined; will use a
selfsigned one.
Suggested action: either install a certificate or change tls_advertise_hosts
option
2020-04-25 10:00:42 Start queue run: pid=3512600
2020-04-25 10:00:42 End queue run: pid=3512600
So the 'BAD FORMAT' is simply a continuation of the warning line
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892269
Title:
Unmatched entry for exim with selfsigned certificate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Description changed:
- On focal with exim installed, I'm seeing unmatched entries about self-
- signed certs:
+ [Impact]
+ Exim issues a warning when self-signed certificates are used, but these
messages aren't handled by logwatch, and thus end up in the "Unmatched Entries"
section, one per event. It is not uncommon to run Exim with self-signed
certificates, since it will behave that way by default on a simple
installation, however they are worth mentioning in the log output since it
could indicate a mis-configuration if signed certs were intended, so should be
matched and summarized.
- * BAD FORMAT (Possible data corruption or Exim bug) *
- Suggested action: either install a certificate or change
tls_advertise_hosts option
- ...
+ [Test Case]
+ $ export CODENAME="focal"
+ $ lxc launch ubuntu:${CODENAME} test-logwatch
+ $ lxc exec test-logwatch -- bash
+
+ # apt-get update
+ # apt-get dist-upgrade -y
+ # apt-get install -y logwatch
+
+ # wget
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+attachment/5407060/+files/unmatched-entries-exim%3Aexim4.mainlog.1
+ # cat unmatched-entries-exim:exim4.mainlog.1 >> /var/log/exim4/mainlog.1
+
+ # logwatch --detail High --service all --range all --output stdout
+
+ Without the fix, there will be unmatched entries with "BAD FORMAT"
+ alerts; with the fix there will be a calmer mention that self-signed
+ certs are in use.
+
+ (Note: For testing it's not really necessary to trigger the original
+ condition that produces the log entry, since for Logwatch the purpose is
+ more about making sure the entry is detected and processed
+ appropriately.)
+
+ [Regression Potential]
+ Since logwatch filters logs for errors pertinent to administrators,
+ standard things to watch out for are undesired changes in this filtering
+ behavior, such as flagging or failing to flag issues differently than
+ before, other than the specific messages being filtered with this
+ change.
+
+ [Fix]
+
+ [Discussion]
+
+ [Original Report]
+ On focal with exim installed, I'm seeing unmatched entries about self-signed
certs:
+
+ * BAD FORMAT (Possible data corruption or Exim bug) *
+ Suggested action: either install a certificate or change
tls_advertise_hosts option
+ ...
**Unmatched Entries**
2020-04-24 20:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 2 Time(s)
2020-04-24 21:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 21:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 22:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
The logs show:
2020-04-25 10:00:42 Warning: No server certificate defined; will use a
selfsigned one.
- Suggested action: either install a certificate or change tls_advertise_hosts
option
+ Suggested action: either install a certificate or change tls_advertise_hosts
option
2020-04-25 10:00:42 Start queue run: pid=3512600
2020-04-25 10:00:42 End queue run: pid=3512600
So the 'BAD FORMAT' is simply a continuation of the warning line
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892269
Title:
Unmatched entry for exim with selfsigned certificate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Also affects: logwatch (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: logwatch (Ubuntu Focal) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Attachment added: "Sample log entries for testing the cert BAD FORMAT issue" https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+attachment/5407060/+files/unmatched-entries-exim%3Aexim4.mainlog.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
This bug was fixed in the package logwatch - 7.5.4-0ubuntu2 --- logwatch (7.5.4-0ubuntu2) groovy; urgency=medium [ Bryce Harrington ] * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch: dhcpd: Ignore lease age under threshold messages (LP: #1578001) * d/p/0019-exim-Handle-self-signed-certs-warnings.patch: exim: Handle self-signed certs warnings. (LP: #1892269) * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch: audit: Treat Denial-Errors same as Denied. (LP: #1577948) * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch: audit: Apparmor DENIED entries don't always include parent=N. (LP: #1577948) * d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch: pam_unix: Ignore issues about /etc/securetty being missing. (LP: #1890751) * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch: zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing. These are not installed by default in Ubuntu's logwatch packaging. (LP: #1890749) * d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch: secure: Ignore warnings about gnome-keyring-daemon items already registered. (LP: #1890752) * d/p/0012-postfix-Handle-backwards-compatible-mode.patch: postfix: Handle backwards-compatible mode. (LP: #1583705) * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch: postfix: Ignore Resolved loghost to 127.0.0.1. (LP: #1583705) * d/control: Update upstream's homepage (LP: #1891604) [ Lucas Kanashiro ] * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch: audit: use the term ALLOWED instead of Grants. -- Bryce Harrington Fri, 21 Aug 2020 01:30:10 + ** Changed in: logwatch (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Merge proposal linked: https://code.launchpad.net/~bryce/ubuntu/+source/logwatch/+git/logwatch/+merge/389633 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892269] Re: Unmatched entry for exim with selfsigned certificate
** Description changed: On focal with exim installed, I'm seeing unmatched entries about self- signed certs: - **Unmatched Entries** - 2020-04-24 20:30:42 Warning: No server certificate defined; will use a selfsigned one.: 2 Time(s) - 2020-04-24 21:00:42 Warning: No server certificate defined; will use a selfsigned one.: 1 Time(s) - 2020-04-24 21:30:42 Warning: No server certificate defined; will use a selfsigned one.: 1 Time(s) - 2020-04-24 22:00:42 Warning: No server certificate defined; will use a selfsigned one.: 1 Time(s) + * BAD FORMAT (Possible data corruption or Exim bug) * + Suggested action: either install a certificate or change tls_advertise_hosts option + ... + + **Unmatched Entries** + 2020-04-24 20:30:42 Warning: No server certificate defined; will use a selfsigned one.: 2 Time(s) + 2020-04-24 21:00:42 Warning: No server certificate defined; will use a selfsigned one.: 1 Time(s) + 2020-04-24 21:30:42 Warning: No server certificate defined; will use a selfsigned one.: 1 Time(s) + 2020-04-24 22:00:42 Warning: No server certificate defined; will use a selfsigned one.: 1 Time(s) + + The logs show: + + 2020-04-25 10:00:42 Warning: No server certificate defined; will use a selfsigned one. + Suggested action: either install a certificate or change tls_advertise_hosts option + 2020-04-25 10:00:42 Start queue run: pid=3512600 + 2020-04-25 10:00:42 End queue run: pid=3512600 + + So the 'BAD FORMAT' is simply a continuation of the warning line -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892269 Title: Unmatched entry for exim with selfsigned certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
