Package: logcheck-database Version: 1.2.44 Severity: normal Tags: patch The new openssh 4.3 changed the message for failed reverse-lookups to contain BREAK-IN instead of BREAKIN. The attached patch fixes the corresponding rule in violations.ignore.d/logcheck-ssh to match both.
elmar -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-bdclaim Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.1 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: -- .'"`. /"\ | :' : Elmar Hoffmann <[EMAIL PROTECTED]> ASCII Ribbon Campaign \ / `. `' GPG key available via pgp.net against HTML email X `- & vCards / \
--- /etc/logcheck/violations.ignore.d/logcheck-ssh.dpkg-dist 2005-10-14
16:33:27.000000000 +0200
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh 2006-05-30
10:24:44.450358753 +0200
@@ -1,4 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny,
line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\)
failed$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny,
line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking
getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAKIN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking
getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+
maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE
BREAKIN ATTEMPT!$
signature.asc
Description: Digital signature
