Package: logcheck-database Version: 1.3.5 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch
Hi With the most recent openssh-client in Ubuntu lucid (10.04), I get new warnings with an Ubuntu karmic (9.10) openssh-server. I think openssh in Ubuntu and Debian are really close, so I believe this will hit Debian pretty soon too. Please find a patch to address these. According to the OpenSSH maintainer these are expected: 10:53 < lool> cjwatson: Hi, since a recent upgrade of the ssh client on lucid, I get warnings in logcheck from auth.log; the following lines now appear everytime I close a ssh connection: 10:53 < lool> Jan 28 10:52:51 fox sshd[26563]: Received disconnect from 192.168.0.119: 11: disconnected by user 10:53 < lool> (before pam session is closed) 10:54 < lool> cjwatson: I don't know whether this is expected or not, in which case I'll update the logcheck rules 12:52 < cjwatson> lool: it appears to be intentional 12:52 < cjwatson> lool: from what I can tell it was part of the preparation for roaming support Thanks, -- Loïc Minier
diff -Nru logcheck-1.3.5ubuntu1/debian/changelog logcheck-1.3.5ubuntu2/debian/changelog --- logcheck-1.3.5ubuntu1/debian/changelog 2010-01-21 23:36:34.000000000 +0100 +++ logcheck-1.3.5ubuntu2/debian/changelog 2010-01-28 18:10:35.000000000 +0100 @@ -1,3 +1,11 @@ +logcheck (1.3.5ubuntu2) lucid; urgency=low + + * rulefiles/linux/ignore.d.server/ssh: Add "disconnected by user" re in the + "Received disconnect from" series; this now occurs frequently with lucid + ssh clients. + + -- Loïc Minier <loic.min...@ubuntu.com> Thu, 28 Jan 2010 18:09:22 +0100 + logcheck (1.3.5ubuntu1) lucid; urgency=low * rulefiles/linux/ignore.d.paranoid/cron: make /usr/sbin/ optional in diff -Nru logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.server/ssh logcheck-1.3.5ubuntu2/rulefiles/linux/ignore.d.server/ssh --- logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.server/ssh 2009-09-05 12:45:08.000000000 +0200 +++ logcheck-1.3.5ubuntu2/rulefiles/linux/ignore.d.server/ssh 2010-01-28 18:09:15.000000000 +0100 @@ -13,6 +13,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: disconnected by user$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel