Your message dated Wed, 25 Jan 2017 22:05:37 +0000 with message-id <[email protected]> and subject line Bug#799304: fixed in logcheck 1.3.18 has caused the Debian Bug report #799304, regarding logcheck-database: rule for sshd accepted key rule is obsolete to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: logcheck-database Version: 1.3.17 Severity: normal The following rule in ignore.d.server/ssh: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$is not working with version 6.9 of openssh. Log entries in my system are like this now:Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xxxxxx from 000.000.000.000 port 000 ssh2: RSA SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY The problem is that the key hash at the end: SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY does not match the end of the rule: ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}) Please, fix it. Thanks, Rafael Laboissiere
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <[email protected]> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <[email protected]> Changed-By: Hannes von Haugwitz <[email protected]> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger for the patch (closes: #797512) * ignore.d.server/systemd: new - add some generic rules (closes: #783633) * debian/control: - add alternate dependency on cron-daemon, thanks to Felix Zielcke for the patch (closes: #786815) - use secure Vcs-* fields - bump to Standards-Version 3.9.8 (no changes necessary) * debian/copyright: update copyright year to 2017 * Remove obsolete debian/logcheck-database.postinst * Add support for logcheck.logfiles.d, thanks to Vincas Dargis for the initial patch (closes: #481353) * Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle for the patch * Remove references to 'logcheck.org' Checksums-Sha1: d51fa82ab094c7273879512d3261ceab3f156640 1857 logcheck_1.3.18.dsc 361aff6d593c4056ec9e8c9aa8195e6a2476b268 131252 logcheck_1.3.18.tar.xz Checksums-Sha256: 0c19c134f86dfea6c04dd71e33fb2cf056d41019f4029c42c4f60c5633605fcb 1857 logcheck_1.3.18.dsc 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 131252 logcheck_1.3.18.tar.xz Files: 4e18e2b9a6f211403f5a4b86107a00ee 1857 admin optional logcheck_1.3.18.dsc 0089dd02940b3789027ec37d4d19c8c0 131252 admin optional logcheck_1.3.18.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAliJF9oACgkQGO6GOGAi 71fmmQv/f6JkTqLtyqvNDYGUJ7Ovhtk3HnsDMCmeY/zWy7TvBOModS3AtWOU91Aj i25mTB/ReW2W5U5Lis2v/n2iVOWBSNB6Z3uv0M50GpVE2hDHfY6YA57KAlEaeKv7 zyMMJf+nLa9a5Pz0IEtTgK5A08rTrmgyYo/q6We60XE2w5pWA3lA65to+aC2/Qr1 cHmBS/bc2nAc37DfZDqDROLS0/+VC7ziPyDqqQqxNOmkvRf8EAsivla90+pcdhmY WmUi1ib6FX7su5rXKnJxhl9GMD5l4OSPRBE+JeO8rSeIo42Jxi85xxFyJ0Gwf79p oJPEBq7EIES5JhuMFLfd+BdTa6B7SHfA6+xylv+lXhAUfldcNehM89cJHFL6VzNC 9QMJDoIz1l3pCikVo2Hx2xJXCX94MuaOvE2oLx9yU1Bztwx9aNhcQQiuSCUdeBsq +8ok1DzpaqhNCckBLb1LiZF5zkqeOo36eHQkFOaVYsSlBUO/nirxcVmnPi0L1o/h ZZ/i434i =kISm -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
