[Logcheck-devel] Bug#567842: marked as done ([PATCH] rules suggestions for mountd)

Debian Bug Tracking System Mon, 22 Feb 2010 13:51:33 -0800

Your message dated Mon, 22 Feb 2010 21:42:58 +0000
with message-id <e1njg3o-00014i...@ries.debian.org>
and subject line Bug#567842: fixed in logcheck 1.3.7
has caused the Debian Bug report #567842,
regarding [PATCH] rules suggestions for mountd
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
567842: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567842
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: logcheck
Severity: wishlist

I'm attaching a git patch with rule suggestion for mountd, and a sample
from my logs.

From 8bad954c60492445f4cda646e85287f75238a40c Mon Sep 17 00:00:00 2001
From: Pawel Hajdan jr <phajdan...@gmail.com>
Date: Sun, 31 Jan 2010 19:49:25 +0100
Subject: [PATCH] Added rules for mountd.

---
 rulefiles/linux/ignore.d.server/mountd |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
 create mode 100644 rulefiles/linux/ignore.d.server/mountd

diff --git a/rulefiles/linux/ignore.d.server/mountd 
b/rulefiles/linux/ignore.d.server/mountd
new file mode 100644
index 0000000..9df92f7
--- /dev/null
+++ b/rulefiles/linux/ignore.d.server/mountd
@@ -0,0 +1 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated 
(mount|unmount) request from [0-9.]+:[0-9]+ for [._/[:alnum:]-]+ 
\([._/[:alnum:]-]+\)$
-- 
1.6.5.2

Jan 30 15:53:06 hq mountd[4771]: authenticated mount request from 
192.168.1.14:799 for /diskless (/diskless)
Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 
192.168.1.14:1017 for /home (/home)
Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 
192.168.1.14:989 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 16:59:10 hq mountd[4771]: authenticated mount request from 
192.168.1.11:869 for /diskless (/diskless)
Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 
192.168.1.11:883 for /home (/home)
Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 
192.168.1.11:807 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:821 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:822 for /home (/home)
Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:823 for /diskless (/diskless)
Jan 30 17:00:06 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:832 for /home (/home)
Jan 30 17:00:49 hq mountd[4771]: authenticated mount request from 
192.168.1.14:813 for /diskless (/diskless)
Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 
192.168.1.14:986 for /home (/home)
Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 
192.168.1.14:955 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:950 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:951 for /home (/home)
Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:952 for /diskless (/diskless)
Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:961 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:962 for /home (/home)
Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:930 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:931 for /home (/home)
Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:932 for /diskless (/diskless)
Jan 30 18:44:56 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:941 for /home (/home)
Jan 30 18:45:38 hq mountd[4771]: authenticated mount request from 
192.168.1.14:929 for /diskless (/diskless)
Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 
192.168.1.14:1018 for /home (/home)
Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 
192.168.1.14:926 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:910 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:911 for /home (/home)
Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:912 for /diskless (/diskless)
Jan 30 19:18:31 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:921 for /home (/home)
Jan 31 11:42:50 hq mountd[4771]: authenticated mount request from 
192.168.1.14:717 for /diskless (/diskless)
Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 
192.168.1.14:787 for /home (/home)
Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 
192.168.1.14:719 for /diskless-var-tmp (/diskless-var-tmp)

signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

Source: logcheck
Source-Version: 1.3.7

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.3.7_all.deb
  to main/l/logcheck/logcheck-database_1.3.7_all.deb
logcheck_1.3.7.dsc
  to main/l/logcheck/logcheck_1.3.7.dsc
logcheck_1.3.7.tar.gz
  to main/l/logcheck/logcheck_1.3.7.tar.gz
logcheck_1.3.7_all.deb
  to main/l/logcheck/logcheck_1.3.7_all.deb
logtail_1.3.7_all.deb
  to main/l/logcheck/logtail_1.3.7_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 19 Feb 2010 07:16:32 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.7
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description: 
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read (deprecated)
Closes: 546004 567150 567317 567842 570207
Changes: 
 logcheck (1.3.7) unstable; urgency=low
 .
   [ Hannes von Haugwitz ]
   * Added src/logcheck-test and docs/logcheck-test.1
   * ignore.d.server/wu-ftpd:
     - adjusted rule to match optional pid (closes: #570207)
   * src/logcheck:
     - use 7bit encoding for sending mail
   * ignore.d.workstation/kernel:
     - added rules for inserted and removed SD cards
   * ignore.d.server/mountd: new
     - added rule for authenticated mount/unmount requests,
       thanks to Paweł Hajdan, Jr. (closes: #567842)
   * docs/logcheck.sgml: clarify that "server" rules are
     included in "workstation" level
   * ignore.d.server/klogind: new
     - added rule for "connect from" message
   * ignore.d.server/login:
     - added rule for root logins on pseudo terminals
   * ignore.d.server/bind:
     - added rules for "received notify for zone" and
       "zone is up to date" message
   * Makefile:
     - added an empty "all" make target, thanks to
       Paweł Hajdan, Jr. (closes: #567150)
     - renamed BINDIR to SBINDIR
     - added logtail2 script to "clean" make target
   * ignore.d.server/ssh:
     - added rule for "disconnected by user" message (closes: #567317)
   * ignore.d.workstation/ifplugd:
     - added rule for "client: OK" message
   * debian/control:
     - bumped to Standards-Version 3.8.4 (no changes necessary)
     - added ${misc:Depends} to logtail Depends
 .
   [ Hanspeter Kunz ]
   * ignore.d.server/dovecot:
     - added an optional prefix "dovecot: " to the deliver rule
     - added rule to ignore various sieve messages (stored mail, forwards,
       vacation replies and discards)
 .
   [ Frédéric Brière ]
   * ignore.d.server/kernel:
     - added IPv6 support to "Treason uncloaked!" rule (closes: #546004)
     - added "Peer unexpectedly shrunk window" alternate rule
     - allow '-' in usbcore interface driver names (e.g. snd-usb-audio)
   * ignore.d.workstation/kernel:
     - added UDF-fs "readonly partition" and "Mounting volume" rules
     - usbhid no longer prints the source filename in its messages
     - allow ':' and arbitrary paths for input devices
     - adjusted "USB HID" rule to match generic devices
     - adjusted "USB HID" rule for newer kernels
     - adjusted agpgart rules for newer kernels
Checksums-Sha1: 
 831eb68c007c231839da1ef3b3509d28dfab6d0f 1260 logcheck_1.3.7.dsc
 1a0e7a5cb763e40857e9abed487e0596275faed9 152953 logcheck_1.3.7.tar.gz
 f01cdc840ce2cbafc766149d9c03cf11d432f568 74774 logcheck_1.3.7_all.deb
 622067c8ddfab2937d806e82e7a5a7fd02691c91 114776 logcheck-database_1.3.7_all.deb
 96aab023b10a1a712cc8a99bd8941e683d2d99c6 57494 logtail_1.3.7_all.deb
Checksums-Sha256: 
 a73324dd411f597e4f67fb8f2430f5cbdda0555c8a896fea44a61945554fe783 1260 
logcheck_1.3.7.dsc
 dcfb68a128b3deab4a411e323c92e887eb9cd4ae4b330211f5c0ae7ed261a909 152953 
logcheck_1.3.7.tar.gz
 d45135f16fef7a906e70b02e8974b28d1a982b83d507d134749471dc0eb195b4 74774 
logcheck_1.3.7_all.deb
 2d96da464708f362b2080d925fe314441e4ca82c3b35b4e0217b37992260e452 114776 
logcheck-database_1.3.7_all.deb
 6aadc7e4b40a330637c905d30da4087aa6c8fb2eeace7a4a9c8feabf45bad08e 57494 
logtail_1.3.7_all.deb
Files: 
 f13e6ab476ecbf719549135180337fc9 1260 admin optional logcheck_1.3.7.dsc
 3bfa692ff9e2e507250a6be9f8fd3494 152953 admin optional logcheck_1.3.7.tar.gz
 ad2232486c067e95c20c1ee7543b73e6 74774 admin optional logcheck_1.3.7_all.deb
 cdd30530e5240f4521a2b73cb4de8ddf 114776 admin optional 
logcheck-database_1.3.7_all.deb
 7927e4041ebdd3db14392c3a37f3ba02 57494 admin optional logtail_1.3.7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuC7ZwACgkQELuA/Ba9d8ZhGACdGHZD3isVZ9cVUI0PXmVBj/Fn
yXEAoJVL+nXWo3uwPTGWhpAUNUwdw90b
=Ot/6
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

[Logcheck-devel] Bug#567842: marked as done ([PATCH] rules suggestions for mountd)

Reply via email to