Your message dated Thu, 08 Sep 2011 14:48:50 +0000 with message-id <e1r1fum-0008sa...@franck.debian.org> and subject line Bug#637923: fixed in logcheck 1.3.14 has caused the Debian Bug report #637923, regarding Tweak to ssh rules to ignore AllowGroups denial to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637923: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637923 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** Similar to how AllowUsers denials are ignored, also ignore AllowGroups: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: -- no debconf information -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5--- ssh.orig 2010-08-10 12:48:59.000000000 -0700 +++ ssh 2011-08-15 12:18:25.531415667 -0700 @@ -16,6 +16,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
pgprsLoZsdlfx.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 637...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve logouts (closes: #637918) * ignore.d.server/postfix: - ignore (temporary) rejects messages when the sender domain is not found - ignore verify cache db cleanups . [ Hannes von Haugwitz ] * src/logcheck: - added numeric timezone information to subject line - re-enabled globbing of logfile names (closes: #616103) * docs/README.logcheck-database: - mention logcheck-test in 'TESTING RULES' section * ignore.d.workstation/wpasupplicant: - match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message - allow WPA protocol in 'wpa_action: key_mgmt' message - ignore "mode=station" message - ignore "Trying to authenticate" message - allow '/run/sendsigs.omit.d' as location for pidfile (closes: #633030) * ignore.d.server/login: - adjusted rule to match serial terminals * ignore.d.workstation/kernel: - ignore "Spinning up disk" message - ignore 'cfg80211: Calling CRDA for country' message - ignore 'Monitor-Mwait' messages - ignore WLAN 'waiting for beacon' and 'beacon received' messages - allow 'device number' in '(new|reset) (low|full|high) speed USB' and 'USB disconnect' messages * ignore.d.server/cron-apt: - allow optional whitespace between value and unit, thanks to Gabor Kiss (closes: #609649) - allow optional architecture in "Get" message * ignore.d.server/dnsmasq: - allow '-' in interface name, thanks to Jan Evert van Grootheest (closes: #608256) * src/logcheck, etc/logcheck.conf: - added option to compress attachment with gzip * ignore.d.server/snmpd: - adjusted UDP rule to match new SNMP output format, thanks to Robert Naylor (closes: #613124) * docs/logcheck-test.1: - use 'logcheck-test' instead of 'logcheck' in the EXAMPLES * ignore.d.workstation/libpam-gnome-keyring: - adjusted rule to match messages without quotes (closes: #618411) * ignore.d.server/dhclient: - allow '-' in interface name (closes: #622942) * ignore.d.server/spamd: - adjusted 'child cleanup' rule to match new format, thanks to Enno Gröper (closes: #632471) * src/logcheck-test: - allow symbolic link as rule file * ignore.d.workstation/xlockmore: - applied patch by Libor Polčák: ignore local display * logcheck-database.preinst: - deleting ignore.d.server/webmin, package has been removed from debian * ignore.d.server/kernel: - ignore "kvm: emulating exchange as write" message - allow optional ". Opts: (null)" at the end of "mounted filesystem with (writeback|ordered) data mode" message * ignore.d.server/amavisd-new: - allow quarantine in "Passed SPAM" log line - allow subdirectories for quarantine messages and made Message-ID in "Passed BAD-HEADER" log lines optional, thanks to John Clements - allow compressed quarantine messages (closes: #639839) * debian/rules: - added build-indep and build-arch targets * debian/control: - bumped to Standards-Version 3.9.2 (no changes necessary) . [ Gerfried Fuchs ] * Remove myself from uploaders. . [ Jeremy L. Gaddis ] * ignore.d.server/postfix: - adjust postfix certificate fingerprint rule to match new output format, thanks to Loïc Minier (closes: #616616) * ignore.d.server/amavisd-new: - adjusted rule to match new output format, thanks to Adrian Lang (closes: #624197) * ignore.d.server/ssh: - add rule to ignore AllowGroups denial, thanks to Gerald Turner (closes: #637923) * ignore.d.server/dovecot: - adjusted rule to match IPv6 addresses, thanks to Gerald Turner (closes: #637916) * debian/copyright: - updated copyright year to 2011 - added myself as team member . [ Frédéric Brière ] * violations.d/kernel: - ignore whitespace before timestamp * ignore.d.workstation/kernel: - allow '.' in input device name Checksums-Sha1: 8211a74ba50672127d1e4bb2ead4526327a6421f 1730 logcheck_1.3.14.dsc 444a71746a812b9b4debfed0b42a4495e2e64015 161518 logcheck_1.3.14.tar.gz 5b78cb253d8686fec754a46cc21d217b0d98f08e 78314 logcheck_1.3.14_all.deb 82681d10c97d1f1f254c5bac78f7b97d88c64aa8 120492 logcheck-database_1.3.14_all.deb 6826b13068f8bfbd5785f0f20c072a06fb20602d 60812 logtail_1.3.14_all.deb Checksums-Sha256: 47f6389fb894a7d80adc6023c08d66aefc833f156ed70e4e9a5ccb7c735f713e 1730 logcheck_1.3.14.dsc aba50525b075e6b3446e18ff70b85d0704c82bcf80a5e21e4a5d2c27c555f6b0 161518 logcheck_1.3.14.tar.gz 1cfd460200699b83d41ed98cb9a170e6f20b3117600f99cee9b1821084b15bae 78314 logcheck_1.3.14_all.deb 6b0bd9d8b760ed4c2a8d8605a9301d56cb54b179a6e8bab20d5d8cf894e35c61 120492 logcheck-database_1.3.14_all.deb 195b98f352d2fe3e6e1623bd76759ded25b223d00b20deb8a024fe90ea857b8c 60812 logtail_1.3.14_all.deb Files: d78f5aac898949b0b47972bbdd0acfc2 1730 admin optional logcheck_1.3.14.dsc cbd32dbdcb877f267636205f33ede790 161518 admin optional logcheck_1.3.14.tar.gz cd5f2621ece3f672f677d72007ff04ce 78314 admin optional logcheck_1.3.14_all.deb 02529a0b39829d0665fd3cce5ead3bc7 120492 admin optional logcheck-database_1.3.14_all.deb ae2c4872e2519cc742506c72c7520e22 60812 admin optional logtail_1.3.14_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQGcBAEBCAAGBQJOaMVFAAoJEBjuhjhgIu9X9h0L/0Uldd1Bkn5paJbwjUMeYaX/ 5crohnBTBS/bHaQG7sYDL2iHvsdq/YFZ4p52qRYVVjTANco5UZCqycpB1ZLzghlm xfnfHT534tW5VNDR2lM17dnoOqM4si7g/V29RISRUuKNMwCZ7J2vqRs8+O1f29Yx Y4NcyUtqklCRxcw+fwyUEh46NLKqrgB+9Bt0stbbibbCray7oJO1VPMDhPokWL1G bdGCp2q3rhL+isFNmwYZhm09o6ymUEs5LMer189zhfYiXHmUVZU7TgDLZrl8olo4 Cj5slKkBc0hG4/uL7uiVQ++fCdsnLmVtlfkaNRsz74IN+Jjgsu4QWlixy637FC3i wmUMaqAkmDNhabbgnbJpzHE5b5zEbA26C6b5xxiD4yYDfjqg+FFm5kL0Ux5q3V74 5TyyDDDyj6kUWcPoxYCkhxv0Qfc7JHCchQh2mFFJYG/GjfwDXWfdpcHsTikIk3Pq lYr90XCfFg0Suy3+Cnkp63Yexx4rUhBUF5Hffh8nDw== =fs/N -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
