On Mon, 07 Mar 2011 11:19:04 +0000 "Benjamin M. A'Lee"
<bma-deb...@bma.cx> wrote:
> Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4
> address, e.g., a connection to rsyncd. However, this does not match
> IPv6 addresses, causing spurious reports.
>
> A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39})
This but has been open since 2011, it's a bit too vague to really action.
- making rules cover IPv6 is definitely what we want
- I can see that [0-9.]{7,15} appears in several files, but it's not
clear that these also support IPv6, or even that they are for $IPs.
- (none are in things im familiar with - maintaining such rules is
difficult as you dont know what can/can't be safely changed -
obviously
this is a bit of a cop-out as widening a match like this should be
safe, but it;s too easy to make a typo and break things.
im working on 'macros', so we can define write $IP in rules and
define this to be [0-9.]+ (or [0-9a-f:.]+ etc), this definitely helps
make writing and updating rules nicer. it doesnt really address
this issue , but might make it easier to review patches
- I'll be proposing various rules-related things, but not sure it covers this
- Updating rules for software you dont use is a bit of a pain.
but, (and reluctantly), i propose to close this particular bug due to
lack of specific enough examples - but will review any patches if
anyone is watching! (ideally, we
would track which bits of code produce each message -- someone did
this for the sudo rules and it really helps keep it up-to-date)
