[Logcheck-devel] Bug#588285: marked as done (logcheck: Additional rules to ignore successful kerberos authentication)

Thu, 29 Jul 2010 00:52:04 -0700 

Your message dated Thu, 29 Jul 2010 07:47:08 +0000
with message-id <e1oenpc-0005al...@franck.debian.org>
and subject line Bug#588285: fixed in logcheck 1.3.11
has caused the Debian Bug report #588285,
regarding logcheck: Additional rules to ignore successful kerberos 
authentication
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
588285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588285
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: logcheck
Version: 1.3.10
Severity: normal
Tags: patch

Many of my logcheck reports are triggered by regular user authentication
against kerberos enabled services.
Here are rules to ignore authentication success messages for some common
daemons.

violations.ignore.d/logcheck-sudo:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5+\(sudo:auth\): user 
[[:alnum:]-]+ authenticated as [[:alnum:]...@-]+$

ignore.d.server/cups-lpd:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cupsd: pam_krb5\(cups:auth\): user 
[[:alnum:]-]+ authenticated as [[:alnum:]...@-]+$

ignore.d.server/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: 
pam_krb5\(sshd:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]...@-]+$

ignore.d.workstation/gdm:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: pam_krb5\(gdm:auth\): 
user [[:alnum:]-]+ authenticated as [[:alnum:]...@-]+$


Regards,
Michel

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')onan!
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-vserver-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser                       3.112      add and remove users and groups
ii  cron                          3.0pl1-113 process scheduling daemono ignore 
successful kerberos authentication                                              
                                         
ii  exim4                         4.72-1     metapackage to ease Exim MTA (v4)
ii  exim4-daemon-light [mail-tran 4.72-1     lightweight Exim MTA (v4) daemon
ii  lockfile-progs                0.1.15     Programs for locking and unlocking
ii  logtail                       1.3.10     Print log file lines that have not
ii  mime-construct                1.10       construct/send MIME messages from
ii  rsyslog [system-log-daemon]   4.6.2-1    enhanced multi-threaded syslogd

Versions of packages logcheck recommends:
ii  logcheck-database             1.3.10     database of system log rules for t

Versions of packages logcheck suggests:
pn  syslog-summary                <none>     (no description available)

-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: 
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: 
u'/etc/logcheck/logcheck.logfiles'

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: logcheck
Source-Version: 1.3.11

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.3.11_all.deb
  to main/l/logcheck/logcheck-database_1.3.11_all.deb
logcheck_1.3.11.dsc
  to main/l/logcheck/logcheck_1.3.11.dsc
logcheck_1.3.11.tar.gz
  to main/l/logcheck/logcheck_1.3.11.tar.gz
logcheck_1.3.11_all.deb
  to main/l/logcheck/logcheck_1.3.11_all.deb
logtail_1.3.11_all.deb
  to main/l/logcheck/logtail_1.3.11_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 588...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 29 Jul 2010 08:37:19 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.11
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description: 
 logcheck   - mails anomalies in the system logfiles to the administrator
 logcheck-database - database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read (deprecated)
Closes: 585802 588285 589981
Changes: 
 logcheck (1.3.11) unstable; urgency=low
 .
   [ Hannes von Haugwitz ]
   * ignore.d.server/smartd:
     - ignore "scheduled Offline Immediate Test" (closes: #585802)
   * ignore.d.workstation/slim: new
     - ignore session opened/closed messages
   * debian/control:
     - bumped to Standards-Version 3.9.1 (no changes necessary)
     - depend on default-mta instead of exim4
   * ignore.d.workstation/wpasupplicant:
     - match 5660 MHz in 'Trying to associate' message
   * ignore.d.server/libpam-krb5: new
     - ignore successful kerberos authentication, thanks to
       Russ Allbery (closes: #588285)
   * violations.ignore.d/logcheck-sudo:
     - ignore successful kerberos authentication, thanks to
       Michel Messerschmidt (see: #588285)
   * logcheck-database.preinst:
     - deleting ignore.d.workstation/xscreensaver, rule is covered
       by i.d.s/libpam-krb5
     - deleting ignore.d.server/cracklib, rules maintained in cracklib-runtime
   * ignore.d.workstation/login:
     - removed successful krb auth rule, rule is covered by i.d.s/libpam-krb5
   * violations.ignore.d/logcheck-su:
     - ignore successful kerberos authentication
   * ignore.d.server/smartd
     - ignore 'state read' and 'state written' messages
   * debian/copyright:
     - updated copyright year to 2010
     - added Marc, Hanspeter and myself as team members
   * ignore.d.server/dhclient:
     - allow '-' in version string
 .
   [ martin f. krafft ]
   * ignore.d.server/postfix:
     - patch from Mathias Krause to address changes in policy-weightd log
       message format.
   * ignore.d.server/ssh:
     - messages about invalid users can contain zero-length usernames.
   * ignore.d.server/postfix:
     - ignore delay notification log entries (closes: #589981).
 .
   [ Hanspeter Kunz ]
   * ignore.d.server/dhcp:
     - ignore messages about LDAP lookups of host entries
     - ignore messages on sending options to hosts (as a result of LDAP lookups)
     - ignore more balancing/balanced pool messages
     - Found dhcpHWAddress: LDAP entries may contain underscores and dashes
     - removed rule to "ignore messages about leased addresses which respond to
       to ping requests" because this is probably caused by a misconfiguration
     - ignore messages on xid-mismatches
     - ignore messages on establishing a (TLS) connection to the LDAP server
     - ignore successful logins to the LDAP server
     - ignore successful parsing of the DHCP configuration from an LDAP 
directory
   * ignore.d.server/postfix:
     - ignore another TLS library problem
       (SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379)
   * ignore.d.server/dovecot:
     - sieve: allow empty recipient address
     - sieve: make "added by" optional
Checksums-Sha1: 
 051a71316717ccf802f905f4b80afc8646bef683 1296 logcheck_1.3.11.dsc
 8290c47583d6f7f39691d4d3ae3da8c187fd6047 156571 logcheck_1.3.11.tar.gz
 69f15e43a9f52e75e72502c8015077ac0f93af86 76758 logcheck_1.3.11_all.deb
 3dcde8b6d3dc533cd92ef5f1df7cfeb0a4e483ce 118000 
logcheck-database_1.3.11_all.deb
 b3b069d9995694a902ef8a8adadadc51ea01fc7f 58960 logtail_1.3.11_all.deb
Checksums-Sha256: 
 a92d82402ea72dc1e893eac025d5d4836ba465fe002458bc94a4ca98f119f31e 1296 
logcheck_1.3.11.dsc
 c9b93988394c3029ed236e220ac53b4fceddf23bd38c9ded1bcaa8dbc35d0668 156571 
logcheck_1.3.11.tar.gz
 5f3b57b26fe769bfa6c60617ad904a025cbafcb88988016397ce9ad7bfb62904 76758 
logcheck_1.3.11_all.deb
 a3aa99f5ff8f188d6ad012d1d390e9e7d0813583c398204f6930c4cafb58914a 118000 
logcheck-database_1.3.11_all.deb
 b1e628e10c18c91af4bdbcf620c8fd7c125f48e0f3bc443625a247ab0d1d2dd0 58960 
logtail_1.3.11_all.deb
Files: 
 cc3719755fad1f3eda2c2fcb9ed9ebd0 1296 admin optional logcheck_1.3.11.dsc
 2373f0f63f3fec9521bf250dfe5c510e 156571 admin optional logcheck_1.3.11.tar.gz
 2ab20b01be72018ac46b00ba896d0547 76758 admin optional logcheck_1.3.11_all.deb
 21e433245ee20dee20e49c12ca2cc36f 118000 admin optional 
logcheck-database_1.3.11_all.deb
 b02de7ab2ace6a890dad56918ee3cc58 58960 admin optional logtail_1.3.11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxRKTgACgkQiz0NKp2eEfVY1ACgqsjukp8+RRYFZoiR2cixzEjh
lj4AnR0S+6omr+OtlESM/kJtPx4qApPa
=48eK
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to