Bug#561287: postinst script looks for incorrect kernel image filename
Package: kernel-package Version: 12.033 Severity: normal I have also encountered this problem when building using kernel-package: Setting up linux-image-2.6.33-pl-grsec (2.6.33-pl-grsec-2010042802) ... Internal Error: Could not find image (/boot/bzImage-2.6.33-pl-grsec) dpkg: error processing linux-image-2.6.33-pl-grsec (--configure): subprocess installed post-installation script returned error exit status 2 Built using: make-kpkg --jobs 2 --append-to-version -pl binary I can confirm that the suggested solution (editing postinst) resolves the issue. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.23-grsec (SMP w/2 CPU cores) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages kernel-package depends on: ii binutils 2.20.1-7The GNU assembler, linker and bina ii build-essential 11.5Informational list of build-essent ii debianutils 3.2.2 Miscellaneous utilities specific t ii file 5.04-2 Determines file type using magic ii gettext 0.17-11 GNU Internationalization utilities ii make 3.81-8 An utility for Directing compilati ii module-init-tools3.12~pre2-3 tools for managing Linux kernel mo ii po-debconf 1.0.16 tool for managing templates file t ii util-linux 2.16.2-0Miscellaneous system utilities Versions of packages kernel-package recommends: ii cpio 2.11-3 GNU cpio -- a program to manage ar Versions of packages kernel-package suggests: pn btrfs-tools none (no description available) ii bzip21.0.5-4 high-quality block-sorting file co pn docbook-utilsnone (no description available) ii e2fsprogs1.41.11-1 ext2/ext3/ext4 file system utiliti ii grub 0.97-61 GRand Unified Bootloader (dummy pa ii initramfs-tools 0.94.4 tools for generating an initramfs pn jfsutils none (no description available) ii libncurses5-dev 5.7+20100313-2 developer's libraries and docs for ii linux-source-2.6 2.6.23-2Linux kernel source for version 2. ii linux-source-2.6 2.6.24-5Linux kernel source for version 2. ii linux-source-2.6 2.6.33-1~experimental.4 Linux kernel source for version 2. pn mcelog none (no description available) pn oprofile none (no description available) pn pcmciautils none (no description available) pn ppp none (no description available) ii procps 1:3.2.8-8 /proc file system utilities pn quotanone (no description available) ii reiserfsprogs1:3.6.21-1 User-level tools for ReiserFS file pn squashfs-tools none (no description available) ii udev 0.125-7 /dev/ and hotplug management daemo ii xfsprogs 3.1.1 Utilities for managing the XFS fil pn xmltonone (no description available) -- Configuration Files: /etc/kernel-pkg.conf changed: maintainer := Jamie Penman-Smithson email := j...@pinklemon.net priority := Low debian = $(version)-2010042802 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#406835: Upgrade fails
severity 406835 grave
tags 406835 + patch
thanks
This should probably be merged with #418162 and reassigned to python-
central.
I'm experiencing the same issue with two systems, downgrading to
2.4.4-2 doesn't work either.
Errors were encountered while processing:
python2.4-minimal
python2.4
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install. Trying to recover:
Setting up python2.4-minimal (2.4.4-3) ...
Linking and byte-compiling packages for runtime python2.4...
Traceback (most recent call last):
File /usr/bin/pycentral, line 1373, in ?
main()
File /usr/bin/pycentral, line 1363, in main
if action.check_args(global_options):
File /usr/bin/pycentral, line 971, in check_args
for rt in get_installed_runtimes():
File /usr/bin/pycentral, line 196, in get_installed_runtimes
supported = pyversions.supported_versions()
File /usr/share/pycentral-data/pyversions.py, line 98, in
supported_versions
value = read_default('supported-versions')
File /usr/share/pycentral-data/pyversions.py, line 22, in
read_default
value = config.get('DEFAULT', name)
UnboundLocalError: local variable 'config' referenced before assignment
dpkg: error processing python2.4-minimal (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of python2.4:
python2.4 depends on python2.4-minimal (= 2.4.4-3); however:
Package python2.4-minimal is not configured yet.
dpkg: error processing python2.4 (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
python2.4-minimal
python2.4
The problem is in /usr/share/pycentral-data/pyversions.py in python-
central, config needs to be declared earlier:
--- /usr/share/pycentral-data/pyversions.py 2007-04-06
17:09:36.0 +0100
+++ /home/jamie/pyversions.py 2007-04-07 18:44:11.0 +0100
@@ -12,9 +12,9 @@
def read_default(name=None):
global _defaults
from ConfigParser import SafeConfigParser, NoOptionError
+config = SafeConfigParser()
if not _defaults:
if os.path.exists('/usr/share/python/debian_defaults'):
-config = SafeConfigParser()
config.readfp(file('/usr/share/python/debian_defaults'))
_defaults = config
if _defaults and name:
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#416826: cyrus-common-2.2: addition to logcheck rules
package: cyrus-common-2.2
version: 2.2.13-10
severity: minor
Hi there,
Currently logcheck is reporting messages from lmtpunix which occur
when the user doesn't have a sieve script:
[System Events]
Mar 30 12:12:29 electra cyrus/lmtpunix[12806]: WARNING: sieve script /
var/spool/sieve/a/admin^example^net/defaultbc doesn't exist: No such
file or directory
Mar 30 12:19:00 electra cyrus/lmtpunix[12824]: WARNING: sieve script /
var/spool/sieve/j/jamie^silverdream^org/defaultbc doesn't exist: No
such file or directory
Mar 30 12:31:01 electra cyrus/lmtpunix[12819]: WARNING: sieve script /
var/spool/sieve/j/jamie^silverdream^org/defaultbc doesn't exist: No
such file or directory
The following rule ignores these messages:
[ignore.d.server/cyrus2_2]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpunix\[[0-9]+\]: WARNING:
sieve script /var/spool/sieve/[/[:alnum:]^]+defaultbc doesn't exist:
No such file or directory$
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#408503: required OpenSSL options not present
I'm also experiencing this bug, if tls_cert_file/tls_key_file are not defined pop3s and imaps refuse to start: Mar 24 00:06:04 electra cyrus/pop3s[5266]: Fatal error: pop3s: required OpenSSL options not present Mar 24 00:06:04 electra cyrus/pop3s[5267]: pop3s: required OpenSSL options not present Mar 24 00:06:04 electra cyrus/pop3s[5267]: Fatal error: pop3s: required OpenSSL options not present Mar 24 00:06:04 electra cyrus/pop3s[5270]: pop3s: required OpenSSL options not present Mar 24 00:06:04 electra cyrus/pop3s[5270]: Fatal error: pop3s: required OpenSSL options not present Mar 24 00:06:04 electra cyrus/pop3s[5269]: pop3s: required OpenSSL options not present Mar 24 00:06:04 electra cyrus/pop3s[5269]: Fatal error: pop3s: required OpenSSL options not present Mar 24 00:06:05 electra cyrus/pop3s[5271]: pop3s: required OpenSSL options not present Mar 24 00:06:05 electra cyrus/pop3s[5268]: pop3s: required OpenSSL options not present -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#406774: Candidates for whitelist
package: postgrey version: 1.27-4 severity: wishlist Please add diggstage01.digg.com[64.191.203.34] to the whitelist, as it never retries: Nov 17 01:08:30 lorien postfix/smtpd[26959]: connect from diggstage01.digg.com[64.191.203.34] Nov 17 01:08:30 lorien postfix/smtpd[26959]: setting up TLS connection from diggstage01.digg.com[64.191.203.34] Nov 17 01:08:31 lorien postfix/smtpd[26959]: TLS connection established from diggstage01.digg.com[64.191.203.34]: TLSv1 with cipher AES256-SHA (256/256 bits) Nov 17 01:08:46 lorien postfix/smtpd[26959]: NOQUEUE: reject: RCPT from diggstage01.digg.com[64.191.203.34]: 451 4.7.1 [EMAIL PROTECTED]: Recipient address rejected: Greylisted for 5 minutes, try later.; from=[EMAIL PROTECTED] to=[EMAIL PROTECTED] proto=ESMTP helo=www.digg.com Nov 17 01:08:47 lorien postfix/smtpd[26959]: disconnect from diggstage01.digg.com[64.191.203.34] ..and smtp.liberal.ca[66.46.213.207]: Liberal Party of Canada - http://www.liberal.ca Retries every ~5 seconds, appears to completely give up after 270 seconds. MTA MDaemon 8.0.3 May 4 00:53:14 lorien postfix/smtpd[25954]: connect from smtp.liberal.ca[66.46.213.207] May 4 00:53:20 lorien postfix/smtpd[25954]: NOQUEUE: reject: RCPT from smtp.liberal.ca[66.46.213.207]: 450 4.7.1 [redacted]: Recipient address rejected: Greylisted for 5 minutes, try later.; from=[EMAIL PROTECTED] to=[redacted] proto=ESMTP helo=bordermail.liberal.ca May 4 00:53:20 lorien postfix/smtpd[25954]: disconnect from smtp.liberal.ca[66.46.213.207] May 4 00:53:30 lorien postfix/smtpd[26060]: connect from smtp.liberal.ca[66.46.213.207] May 4 00:53:33 lorien postfix/smtpd[26060]: NOQUEUE: reject: RCPT from smtp.liberal.ca[66.46.213.207]: 450 4.7.1 [redacted]: Recipient address rejected: Greylisted for 5 minutes, try later.; from=[EMAIL PROTECTED] to=[redacted] proto=ESMTP helo=bordermail.liberal.ca May 4 00:53:33 lorien postfix/smtpd[26060]: disconnect from smtp.liberal.ca[66.46.213.207] May 4 00:53:41 lorien postfix/smtpd[26060]: connect from smtp.liberal.ca[66.46.213.207] May 4 00:53:44 lorien postfix/smtpd[26060]: NOQUEUE: reject: RCPT from smtp.liberal.ca[66.46.213.207]: 450 4.7.1 [redacted]: Recipient address rejected: Greylisted for 5 minutes, try later.; from=[EMAIL PROTECTED] to=[redacted] proto=ESMTP helo=bordermail.liberal.ca May 4 00:53:44 lorien postfix/smtpd[26060]: disconnect from smtp.liberal.ca[66.46.213.207] May 4 00:53:50 lorien postfix/smtpd[26060]: connect from smtp.liberal.ca[66.46.213.207] Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#369263: [Logcheck-devel] Bug#369263: logcheck-database: Add rule for pdns_recursor refreshing its root records
package logcheck-database tags 369263 pending thanks On 28 May 2006, at 19:05, Robbert Kouprie wrote: The PowerDNS recursor refreshes its root records every 2 hours. This action is logged. Below patch adds one line to the pdns ignore file, so this message is ignored. This will be fixed in the next release. Thanks for your bug report, -j PGP.sig Description: This is a digitally signed message part
Bug#369497: [Logcheck-devel] Bug#369497: fixed violations ignore rules for openssh 4.3
package logcheck-database tags 369497 pending thanks On 30 May 2006, at 09:35, Elmar Hoffmann wrote: The new openssh 4.3 changed the message for failed reverse-lookups to contain BREAK-IN instead of BREAKIN. The attached patch fixes the corresponding rule in violations.ignore.d/logcheck-ssh to match both. This will be fixed in the next release. Thanks for your bug report! -j PGP.sig Description: This is a digitally signed message part
Bug#369603: [Logcheck-devel] Bug#369603: logcheck-database: new rule for dhcpd
package logcheck-database tags 369603 pending thanks On 30 May 2006, at 22:30, Robbert Kouprie wrote: This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 This will be included in the next release. Thanks for your bug report, -j PGP.sig Description: This is a digitally signed message part
Bug#369294: [Logcheck-devel] Bug#369294: oidentd rules do not support IPv6 addresses
package logcheck-database tags 369294 pending thanks On 28 May 2006, at 23:12, Elmar Hoffmann wrote: The rules for oidentd do not support IPv6 addresses, the attached patch fixes this. This will be fixed in the next release. Thanks for the patch! -j PGP.sig Description: This is a digitally signed message part
Bug#368878: [Logcheck-devel] Bug#368878: smartd rules do not ignore scheduled self-tests on SCSI/SATA disks
package logcheck-database tags 368878 pending thanks On 25 May 2006, at 17:31, Elmar Hoffmann wrote: /etc/logcheck/ignore.d.server/smartd only ignores the scheduled self-test messages for IDE disks and disks attached to 3ware controllers, but not those for SCSI and SATA disks. The attached patch fixes this, unifying the IDE and 3ware rules into one handling all cases. This will be included in the next release. Thanks for your patch -j PGP.sig Description: This is a digitally signed message part
Bug#368652: [Logcheck-devel] Bug#368652: logcheck-database: new rules for saslauthd
package logcheck-database
tags 368652 pending
thanks
On 23 May 2006, at 21:13, Warren Turkal wrote:
I have a saslauthd setup for authenticating my cyrus backend
systems. I
have generated a new rule for logcheck that blocks the normal output
from a user login.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ saslauthd+\[[0-9]+\]: DIGEST-MD5
client step .$
This will be included in ignore.d.server/saslauthd in the next release.
Thanks for your bug report,
-j
PGP.sig
Description: This is a digitally signed message part
Bug#368900: [Logcheck-devel] Bug#368900: ignore.d.workstation/anacron should be moved to ignore.d.server
On 25 May 2006, at 21:13, Elmar Hoffmann wrote: ignore.d.workstation/anacron should be moved to ignore.d.server as none of the messages is critical in any way that would warrant not filtering them out in server level. A server is in almost all cases meant to be up and available 24/7, anacron is designed for systems (such as workstations) which are not. Most servers will be running cron, not anacron. -j PGP.sig Description: This is a digitally signed message part
Bug#368483: [Logcheck-devel] Bug#368483: logcheck-database: new rule for ignore.d.server/postfix
On 22 May 2006, at 16:58, Martin Lohmeier wrote:
I'd like to add a new rule to ignore.d.server/postfix:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]:
warning: .*: RBL lookup error: Host or domain name not found. Name
service error for name=.* type=A: Host not found, try again$
The attached file contain a few lines that should be ignored.
These messages indicate a DNS problem, either the RBL in question has
broken nameservers (in which case commenting it out for the time
being is a good course of action), or the local system has broken
nameservers and they need to be fixed.
I think that any administrator would want to know about either of
these issues, not have them ignored.
-j
PGP.sig
Description: This is a digitally signed message part
Bug#368318: [Logcheck-devel] Bug#368318: logcheck-database: update for postfix violations ignore rule
package logcheck-database tags 368318 pending thanks On 21 May 2006, at 13:09, Martin Lohmeier wrote: Package: logcheck-database Severity: normal Next time please could you include the version. there is little problem with one rule in violations.ignore.d/ logcheck-postfix. The rule is only for the host sythos.net and the delay need to be variable (it's possible that the retry happen before 300 seconds are over). I don't have an example because on my site only recipients are greylisted. This will be fixed in the next release. Thanks for your bug report! -j PGP.sig Description: This is a digitally signed message part
Bug#368313: [Logcheck-devel] Bug#368313: logcheck-database: new postfix violations ignore rule
package logcheck-database
tags 368313 pending
thanks
On 21 May 2006, at 12:45, Martin Lohmeier wrote:
I'd like to add the following rule to /etc/logcheck/
violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]:
NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.
[0-9]{1,3}\.[0-9]{1,3}\]: 554 [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]
{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: Client host rejected: Access
denied; from=.* to=.* proto=(SMTP|ESMTP) helo=.*$
The attached file contain a few line that should be ignored.
I've added the following rule to violations.ignore.d/logcheck-
postfix, which matches the log messages you provided:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE:
reject: RCPT from [^[:space:]]+: 554 [^[:space:]]+: Client host
rejected: Access denied; from=[^[:space:]]+ to=[^[:space:]]+
proto=E?SMTP helo=[^[:space:]]+$
It'll be included in the next release.
Thanks for your bug report,
-j
PGP.sig
Description: This is a digitally signed message part
Bug#367781: [Logcheck-devel] Bug#367781: logcheck-database: postfix/smtp read timeout (port 25) regexp wrong
package logcheck-database
tags 367781 pending
thanks
On 18 May 2006, at 00:59, Tim Potter wrote:
The rule for postfix/smtp read timeout (port 25) doesn't match the
actual log message:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect
to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
This will be fixed in the next release.
Thanks for your bug report!
-j
PGP.sig
Description: This is a digitally signed message part
Bug#366364: [Logcheck-devel] Bug#366364: Logcheck files for spamd
package logcheck-database
tags 366364 pending
thanks
On 8 May 2006, at 00:24, Duncan Findlay wrote:
In order to consolidate the spamassassin logcheck files into one
package, as discussed with Jamie Penman-Smithson in February, I'm
going to remove the logcheck files from the next release of the
spamassassin package. I don't use logcheck, so I usually forget to
update the file until people file bug reports.
Here are the logcheck entries I think you're missing. These are part
of the normal functioning of spamd, so probably should be ignored in
all configurations:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? got
connection over
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)?
handled cleanup of child pid [0-9]+ due to SIGCHHLD$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)?
server successfully spawned child process, pid [0-9]+$
Thanks, I've added these to CVS.
The logcheck entry:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: child
states: I+$
is a bit restrictive. Child states other than I can and will occur
in the normal functioning of spamassassin.
I've changed that rule to ignore all child states, since if something
does go wrong there will be other messages that warn of the problem
anyway.
Thanks!
-j
PGP.sig
Description: This is a digitally signed message part
Bug#365565: [Logcheck-devel] Bug#365565: logcheck: improve description of FQDN option
package logcheck tags 365565 pending thanks On 1 May 2006, at 05:48, Ross Boylan wrote: The conf file currently says # Should the hostname of the generated mails be fully qualified? FQDN=1 I suggest rewording that to # Should the hostname in the subject of the generated mails be fully qualified? FQDN=1 The current wording led me to believe that the sender, and perhaps recipient (if otherwise unqualified) of the emails generated by logcheck would be fully qualified. This is not the case, and from inspecting the code this setting seems to affect only the text of subject lines and some debug lines. Probably the usage note -H HOST = use this hostname for the mail should be -H HOST = use this hostname in the mail's subject line with similar change to the man page. The usage summary now reads: -H HOST = use this hostname in the subject of any generated mail The explanation of the FQDN option now reads: # Should the hostname in the subject of generated mails be fully qualified? The manpage for logcheck now reads: -H Use this hostname string in the subject of logcheck mail. Thanks for your bug report, -j PGP.sig Description: This is a digitally signed message part
Bug#368900: [Logcheck-devel] Bug#368900: ignore.d.workstation/anacron should be moved to ignore.d.server
package logcheck-database tags 368900 pending thanks Hey Elmar, On 5 Jun 2006, at 01:10, Elmar Hoffmann wrote: on Sun, Jun 04, 2006 at 22:17:41 +0100, you wrote: A server is in almost all cases meant to be up and available 24/7, anacron is designed for systems (such as workstations) which are not. Most servers will be running cron, not anacron. So? Actually none of my servers runs anacron. My desktop box however does and logcheck does not filter its messages. Though I could easily come up with examples of servers where using anacron would perfectly make sense, like servers used at events. snip well-articulated argument I agree, I just needed a little convincing. :) The anacron rules will be moved to ignore.d.server for the next release. BTW, that description apparently could use an update I guess, anything matching kernel: sounds a lot like originating from the times of unanchored rules. :) Definitely.. I'll do a spring clean and see if I can come up with some better language. Thanks! -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#360120: [Logcheck-devel] Bug#360120: logcheck-database: logcheck-sudo should treat sudoedit no worse than sudo vi
package logcheck-database tags 360120 pending thanks On 30 Mar 2006, at 18:48, Jan Braun wrote: logcheck does not report invocations of sudo $EDITOR /some/file, while it does report sudoedit /some/file. That's obviously inconsistent. The patch below fixes it (by ignoring sudoedit, too). snip Thanks for the patch. This will be included in the next release. Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#355574: [Logcheck-devel] Bug#355574: logcheck-database: Logcheck password expiration
package logcheck-database tags 355574 moreinfo thanks On 6 Mar 2006, at 14:40, Francisco Javier F. Serrador wrote: Please avoid displaying this unuseful message: System accounts do not expire. (pam_unix) password for user logcheck will expire in 6 days Did this message appear when upgrading, on a new install? Any steps to reproduce? -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#355701: [Logcheck-devel] Bug#355701: logcheck-database: upgrade from sarge to sid, then purging leaves /etc/logcheck/ignore.d.paranoid/imap
package logcheck-database tags 355701 moreinfo thanks On 7 Mar 2006, at 12:34, Lars Wirzenius wrote: When testing logcheck-database with piuparts I get the following error: 2m15.7s ERROR: Package purging left files on system: /etc/logcheck owned by: logcheck-database /etc/logcheck/ignore.d.paranoid owned by: logcheck-database /etc/logcheck/ignore.d.paranoid/imap owned by: logcheck-database snip The piuparts log file is about 170 kilobytes, so I don't attach it, even compressed, but if you want it, I'd be happy to send it, just ask. It doesn't seem to contain anything relevant, on a quick reading, but I may have missed something, since I'm not an expert on logcheck-database. I'd appreciate it if you could send me the log (without Cc'ing b.d.o). Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#355383: [Logcheck-devel] Bug#355383: logcheck: Should ignore backup files in .d dirs
package logcheck severity 355383 important merge 353793 355383 thanks! On 5 Mar 2006, at 12:35, Johan Walles wrote: I just got this e-mail from logcheck: Security Events for su~ snip The su~ file is obviously a backup file created by Emacs or whatever from when I've been editing the su file. I'd like logcheck to ignore backup files (files with names ending in ~) when it does its thing. snip This will be fixed in the next release (due within a week or so). Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#364835: cyrus-common-2.2: minor change to logcheck rules
On 26 Apr 2006, at 12:49, Sven Mueller wrote: Jamie L. Penman-Smithson wrote on 26/04/2006 03:02: package: cyrus-common-2.2 version: 2.2.12-5 severity: minor In ignore.d.server/cyrus2_2 this rule: cyrus/lmtpunix\[[0-9]+\]: +IOERROR: fstating sieve script [/a-zA-Z^]/ defaultbc: No such file or directory Is missing a '+', it should look like this: cyrus/lmtpunix\[[0-9]+\]: +IOERROR: fstating sieve script [/a-zA- Z^]+/ defaultbc: No such file or directory Thanks for noticing. The fix is in our SVN now. It will be included in the next upload. I forgot to mention that this also affects the violations.ignore.d/ cyrus2_2 file. Oops. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#353815: [Logcheck-devel] Bug#353815: logcheck: Ignore Pocket PC/synce/USB messages, please
tags 353815 pending thanks On 21 Feb 2006, at 04:26, Adam Porter wrote: Here are some more messages that can be safely ignored: localhost kernel: drivers/usb/serial/usb-serial.c: USB Serial Driver core localhost kernel: drivers/usb/serial/usb-serial.c: USB Serial support registered for PocketPC PDA snip In future please supply the _full_ log messages, it makes our lives a lot easier :) I've added rules which match the messages you've given. They'll be included in the next release. Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#319547: [Logcheck-devel] Bug#319547: Legitime email addresses causes (false) Security Events
reassign 319547 sendmail-base thanks! Hey Rainer, On 24 Jul 2005, at 12:11, Rainer Zocholl wrote: [EMAIL PROTECTED](maximilian attems) 23.07.05 17:48 On Sat, 23 Jul 2005, Rainer Zocholl wrote: from time to time i get such (false) Security Event. Seems to become common practice :-( Again an security event, i assume promiscuous in msgid triggered. Jul 23 14:46:26 host sm-mta[25759]: j6NCkQTS025759: from=[EMAIL PROTECTED], size=16186, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=... snip snip sorry in that case you have to craft your own rules in local-sm-mta inside of violations.ignore.d. guess we can close that bug unless other evidence appears. No, most other such message are suppressed(see rule above) Only if the addresse, message IDs etc. contians violation trigger words a -false- security event is generated. That would allow a third party to generate any amount of false security events or annoy the postmaster with false positives. I assume that will be a possible problem with exim, postfix MTA too, as long as logcheck scan these logs. Maybe it should be assigned as a sendmail bug? The sendmail rules for logcheck are provided by the sendmail-base package. I'm reassigning. Thanks, -j PGP.sig Description: This is a digitally signed message part
Bug#353793: [Logcheck-devel] Bug#353793: /usr/sbin/logcheck does no longer skip 'rule file~' files?
package logcheck severity 355949 important merge 353793 355949 tags 353793 pending thanks On 20 Feb 2006, at 23:25, Cristian Ionescu-Idbohrn wrote: This patch seems to work around the problem: snip but I may be wrong. Thing is that statement: for rulefile in $(run-parts --list $dir); do changed (1.2.42 - 1.2.43a) to: for rulefile in $(find $dir); do and things broke :( This will be fixed in the next release. -j PGP.sig Description: This is a digitally signed message part
Bug#359878: [Logcheck-devel] Bug#359878: logcheck: extend exim rules to cope with multiple recipients
package logcheck tags 359878 pending thanks! On 29 Mar 2006, at 11:33, Richard van der Hoff wrote: We need to cope with messages of the form 2006-03-28 09:26:34 1FO9X2-0003UQ-Gp - ... destination ... These are logged when a single message ends up having multiple recipients - the first destination is logged with =, and the rest have -. I suggest that, for each rule with a =, we replace this with [=-]. Fixed in CVS, it'll be included in the next release (within the next week or so). Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#330220: [Logcheck-devel] Bug#330220: logcheck: Fails to obtain lockfile
Hey Mark, On 16 Oct 2005, at 11:20, Mark Brown wrote: On Sat, Oct 15, 2005 at 06:51:52PM -0400, Todd Troxell wrote: This is pretty weird. It would be useful to know if/why thelock is [really] failing. I can't seem to reproduce it on my machines. Me either. Do you think you could try changing the lock line(595) to somehting like: lockfile-create --retry 1 $LOCKFILE /tmp/logcheck_error 21 It says: | lockfile creation failed Can you reproduce this with the latest version in unstable? -j PGP.sig Description: This is a digitally signed message part
Bug#364835: cyrus-common-2.2: minor change to logcheck rules
package: cyrus-common-2.2 version: 2.2.12-5 severity: minor In ignore.d.server/cyrus2_2 this rule: cyrus/lmtpunix\[[0-9]+\]: +IOERROR: fstating sieve script [/a-zA-Z^]/ defaultbc: No such file or directory Is missing a '+', it should look like this: cyrus/lmtpunix\[[0-9]+\]: +IOERROR: fstating sieve script [/a-zA-Z^]+/ defaultbc: No such file or directory Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#319547: Processed: Re: Bug#319547: [Logcheck-devel] Bug#319547: Legitime email addresses causes (false) Security Events
On 26 Apr 2006, at 02:24, Richard A Nelson wrote: On Tue, 25 Apr 2006, Debian Bug Tracking System wrote: reassign 319547 sendmail-base Bug#319547: Legitime email addresses causes (false) Security Events Bug reassigned from package `logcheck' to `sendmail-base'. Ok, after a quick perusal of the report, I see what the problem is, but I missed any desired or recommended courses of action. Was the original problem reported with differing ignore file than that shown later: /etc/logcheck/ignore.d.server/sendmail: ... (sendmail|sm-(mta|msp|que))\[[0-9]+\]: .*: from= ... Or is the problem that that line also needs to be in the violations.ignore.d ? If it's going to contain any of the phrases in violations.d it needs to be ignored in violations.ignore.d -j PGP.sig Description: This is a digitally signed message part
Bug#362913: spamassassin: false positive on DATE_IN_FUTURE_06_12 due to Resent-Date: header added by spohr.
On 16 Apr 2006, at 13:26, Andreas Metzler wrote: running the attached message through spamassassin triggers DATE_IN_FUTURE_06_12: snip Afaict this is caused by the Resent-Date: header that the bts software is adding: - [EMAIL PROTECTED]:/tmp$ grep -v '^Resent-Date: Sun, 16 Apr 2006 02:48:08 -0700' /tmp/testspamass.stripped.correcttime | nice spamassassin --siteconfigpath=/tmp/empty -t -x -L [...] pts rule name description -- -- 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines snip I think it is ok for spohr to add this header, and the time/date seems to be correct too, The Date used in the Resent-Date header is not RFC compliant: RFC 2822[1] [section 3.3: Date and Time specification] A date-time specification MUST be semantically valid. That is, the day-of-the-week (if included) MUST be the day implied by the date, the numeric day-of-month MUST be between 1 and the number of days allowed for the specified month (in the specified year), the time-of-day MUST be in the range 00:00:00 through 23:59:60 (the number of seconds allowing for a leap second; see [STD12]), and the zone MUST be within the range -9959 through +9959. Specifically the zone MUST be within the range -9959 through +9959. It should be: Resent-Date: Sun, 16 Apr 2006 12:33:07 + Making it RFC compliant causes DATE_IN_FUTURE to not be triggered: [EMAIL PROTECTED]:~$ grep Resent-Date testspamass.stripped.correcttime Resent-Date: Sun, 16 Apr 2006 09:48:08 + Resent-Date: Sun, 16 Apr 2006 02:48:08 -0700 [EMAIL PROTECTED]:~$ nice spamassassin --siteconfigpath=/tmp/empty -t -x -L testspamass.stripped.correcttime [..] Content preview: This is a test message. cu andreas [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description -- -- 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines This isn't a problem with SA, it's a bug with the BTS software. 1: http://www.ietf.org/rfc/rfc2822.txt -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#362913: spamassassin: false positive on DATE_IN_FUTURE_06_12 due to Resent-Date: header added by spohr.
On 16 Apr 2006, at 15:39, Andreas Metzler wrote: On 2006-04-16 Jamie L. Penman-Smithson [EMAIL PROTECTED] wrote: [...] The Date used in the Resent-Date header is not RFC compliant: snip Specifically the zone MUST be within the range -9959 through +9959. It should be: Resent-Date: Sun, 16 Apr 2006 12:33:07 + Making it RFC compliant causes DATE_IN_FUTURE to not be triggered: I see, thanks for the diagnosis. SA seems to be too strict, it does not accept the old obs-zone syntax. Fixing the header to be correct obs-zone syntax Resent-Date: Sun, 16 Apr 2006 09:48:08 GMT is not enough. This Date should never have been generated in the first place, however, you're right in saying that SA should still parse it as equivalent to + since the RFC states that it MUST parse the obsolete format. Chapter 4 of RFC 2822 lists the obsolete format in detail: http://www.zvon.org/tmRFC/RFC2822/Output/chapter4.html -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#353962: [Logcheck-devel] Bug#353962: integrate courier file in logcheck-database
On 22 Feb 2006, at 09:50, martin f krafft wrote: Please move /etc/logcheck/*/courier to the courier packages and out of logcheck-database. What's your reasoning? -j PGP.sig Description: This is a digitally signed message part
Bug#353962: [Logcheck-devel] Bug#353962: integrate courier file in logcheck-database
Hi Martin, On 22 Feb 2006, at 19:21, martin f krafft wrote: also sprach Jamie L. Penman-Smithson [EMAIL PROTECTED] [2006.02.22.2010 +0100]: On 22 Feb 2006, at 09:50, martin f krafft wrote: Please move /etc/logcheck/*/courier to the courier packages and out of logcheck-database. What's your reasoning? Why should logcheck need to keep track of log entries made by software in courier-* packages? So why should there be a logcheck-database package at all? The reason there is a logcheck-database package is because some maintainers don't know enough about regexp to create good enough rules for logcheck, or in some cases because they don't really want to. The argument about rules in packages has been discussed on logcheck- devel in the past (Integrating rules from other packages, June 2005 - MID [EMAIL PROTECTED]). If the maintainer of courier wants to take over maintenance of logcheck rules, that's good, however I don't see that this warrants a bug against either package. Unless some rules for courier are incorrect? -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#353868: [Logcheck-devel] Bug#353868: logcheck-database: no longer ignores spamd: checking message ...
reassign 353868 spamassassin retitle 353868 spamassassin: logcheck rules don't ignore spamd: checking message thanks On 21 Feb 2006, at 14:57, Aaron M. Ucko wrote: Since last weekend's upgrade of logcheck-database from 1.2.42 to 1.2.43a, logcheck stopped ignoring routine SpamAssassin messages of the form Feb 20 21:36:16 tux64 spamd[4665]: spamd: checking message [EMAIL PROTECTED] for amu:7286 Could you please edit the second pattern in /etc/logcheck/ignore.d.paranoid/spamassassin to allow checking as an alternative to processing? This file is from spamassassin, not logcheck-database. I've contacted the maintainer of spamassassin to try and get all the rules for spamassassin merged into either spamassassin or logcheck-database. In the meantime I'm reassigning this to spamassassin. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#353510: [Logcheck-devel] Bug#353510: logcheck-database: Ignore kernel: Device not ready..., please
tags 353510 pending
thanks
On 19 Feb 2006, at 05:16, Adam Porter wrote:
I'm getting messages like this:
localhost kernel: Device not ready. Make sure there is a disc in
the drive.
localhost kernel: program hwinfo is using a deprecated SCSI ioctl,
please convert it to SG_IO
This is a bug in hwinfo (#325175), you're welcome to add local rules
for this (just make sure you add them to local-foo instead of foo,
then there's no chance of them getting overwritten on upgrade) but I
don't feel that adding rules for messages caused by bugs is a good idea.
localhost kernel: BIOS EDD facility v0.16 2004-Jun-25, 2 devices found
I'm assuming that this isn't a startup message.
I don't know what's causing any of them, but they don't seem to be
problems. I'm not completely sure about the second two, but I know
the first is superfluous. Can these be ignored? Thanks.
I've added the following rules to CVS which match the messages you
provided above, they'll be included in the next release:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Device not ready. Make
sure there is a disc in the drive.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: BIOS EDD facility v[.0-9]+
[0-9]+-\w{3}-[0-9]+, [0-9]+ devices found$
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#307130: Please close this bug
I can no longer reproduce this in the latest version of dcc-client, please close this bug. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#353446: dcc-client: Please allow arguments for dccifd to be configurable
package: dcc-client version: 1.2.74-2 severity: wishlist Hi there, Please allow arguments for dccifd to be specified in /etc/default/dcc- client, the patch below does this. --- dcc-client.old 2006-02-18 14:25:49.666763908 + +++ dcc-client 2006-02-18 14:42:07.890077400 + @@ -9,6 +9,7 @@ DESC=DCC program interface daemon test -f $DAEMON || exit 0 +test -f /etc/default/dcc-client . /etc/default/dcc-client set -e Then all that's needed is OPTIONS= in /etc/default/dcc-client. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#352043: Please provide a backport of logcheck
The dependencies for logcheck are satisfied in stable, so I don't really see a need for a backport? -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#353148: [Logcheck-devel] Bug#353148: add logcheck alias
tags 353148 pending thanks On 16 Feb 2006, at 13:40, martin f krafft wrote: Please consider adding logcheck: root to /etc/aliases and running newaliases from postinst, as per section 11.6 of the policy: http://www.debian.org/doc/debian-policy/ch-customized-programs.html This will be included in the next release. Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#352043: [Logcheck-devel] Bug#352043: Please provide a backport of logcheck
On 16 Feb 2006, at 17:04, Jaldhar H. Vyas wrote: On Thu, 16 Feb 2006, Jamie L. Penman-Smithson wrote: The dependencies for logcheck are satisfied in stable, so I don't really see a need for a backport? It's just a convenience so people don't have to rebuild the package themselves. They don't need to rebuild the package though, just download and install. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#352337: [Logcheck-devel] Bug#352337: please tighten permissions on /etc/logcheck
On 14 Feb 2006, at 08:58, martin f krafft wrote: also sprach Jamie L. Penman-Smithson [EMAIL PROTECTED] [2006.02.13.0042 +0100]: I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. Conversely, I don't see much point in being this restrictive? For a fact, some packages install 644 files: [EMAIL PROTECTED]:/etc/logcheck# ls -la ignore.d.server/ntp-server -rw-r--r-- 1 root root 45 Aug 26 10:30 ignore.d.server/ntp-server By making /etc/logcheck 750, those could be protected, and it would be unnecessary to file bugs against all packages installing 644 logcheck files. However, ignore.d.* is only accessible by root and users in the logcheck group: drwxr-s--- 2 root logcheck 608 2006-02-06 22:53 ignore.d.paranoid drwxr-s--- 2 root logcheck 2808 2006-02-12 23:56 ignore.d.server drwxr-s--- 2 root logcheck 896 2006-02-10 20:15 ignore.d.workstation It looks to me like they're already protected? -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#316794: freepops: crashes while reading messages in foreign charset
On 26 Jul 2005, at 21:19, Enrico Tassi wrote: The strace output doesn't help me. Can you try this: apt-get install valgrind apt-get source freepops cd freepops* ./configure.sh linux make all valgrind --num-callers=50 -- src/freepopsd -w and reproduce the bug. I'll be on vacation and I'll not be able to fix this bug in a short time, but please continue helping me in seeking this ugly bug. This appears to be fixed in the latest version (0.0.97), you can tag as fixed / close this bug now. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#336558: logcheck-database: better spamd rules
tags 336558 pending
thanks
On 11 Nov 2005, at 22:14, Russ Allbery wrote:
Here's some additional information on the spamd rules and a try at
a more
restrictive rule. It's hard to get a good restrictive rule
written, since
on the spam detection rules, spamd puts basically arbitrary
key=value pairs
into the log.
snip
and the patch is attached.
Thanks for the patch, I've gone through all the messages in this bug
and come up with some rules which match all of them.. at least until
they get changed all over again. The rules for spamd are now:
[violations.ignore.d/logcheck-spamd]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: Cannot open bayes
databases /home/[_[:alnum:]-]+/.spamassassin/bayes_\* R/W: lock
failed: File exists$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: failed sanity
check, [0-9]+ bytes claimed, [0-9-]+ bytes seen$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?
(checking|processing) message [^[:space:]]+ for [._[:alnum:]-]+:
[0-9]+(\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?result:
(.|Y|N) [ [:digit:]-]+ - [._[:alnum:],]+ scantime=[0-9.]+,size=[0-9]+,
(user=[a-z]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]
+,raddr=[0-9.]+,rport=[0-9]+,)?mid=[^[:space:]]+,(bayes=(0|1),)?
autolearn=(ham|spam|no)$
[ignore.d.server/spamd]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?
connection from [._[:alnum:]-]+ \[[\.[:digit:]]+\] at port [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?
(info: )?setuid to [[:alnum:]-]+ succeeded$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?clean
message \([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+
seconds, [0-9]+ bytes\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?
identified spam \([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in
[0-9.]+ seconds, [0-9]+ bytes\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: child
states: I+$
The modifications will be included in the next release, which should
be within the next 1-2 weeks.
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#336079: [Logcheck-devel] Bug#336079: PATCH: rules for ntp over IPv6
tags 336079 pending
thanks!
On 27 Oct 2005, at 18:51, Beat Bolli wrote:
My logcheck mail have started to show entries like
Oct 26 22:08:22 gw ntpd[15646]: synchronized to
2001:660:5001:100::6, stratum 2
so here's a patch to the ntp rule file to filter IPv6 addresses as
well:
snip
I've modified the rules to look like so..
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronized to
([0-9.]{7,15}|[0-9a-fA-F:.]{4,39}), stratum [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: peer ([.0-9]{7,15}|
[0-9a-fA-F:.]{4,39}) now (in)?valid$
They now match the entries you gave.
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#338732: logcheck-database: ignore rule for package cvs
tags 338732 pending
thanks
On 12 Nov 2005, at 11:38, Martin Lohmeier wrote:
here is a rule for the cvs package. The line that should be ignored
looks like this:
Nov 12 12:02:22 djinn01 cvs-pserver[15917]: connect from
212.202.200.77 (212.202.200.77)
Nov 12 12:31:00 djinn01 cvs-pserver[18386]: connect from
80.190.250.190 (80.190.250.190)
I'll send the maintainer of cvs a note.
I've added the following rule to cvs, which matches the messages you
provided:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cvs-pserver\[[0-9]+\]: connect
from [._[:alnum:]-]+ \([0-9.]{7,15}\)$
This'll be included in the next release.
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#346350: [Logcheck-devel] Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
tags 346350 pending
thanks
On 7 Jan 2006, at 09:37, Takuya Ono wrote:
I use dhcp3-server and a dhcp client which is Sony HDD video recorder
CoCoon. The client not return client host name.
In this case, dhcpd server assumed the client host name is (none).
Therefor dhcpd output log described below.
Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77
((none)) via eth0
Jan 7 10:49:25 on-o dhcpd: DHCPOFFER on 192.168.1.4 to
08:00:46:33:55:77 ((none)) via eth0
Jan 7 10:49:25 on-o dhcpd: DHCPREQUEST for 192.168.1.4
(192.168.1.1) from 08:00:46:33:55:77 ((none)) via eth0
Jan 7 10:49:25 on-o dhcpd: DHCPACK on 192.168.1.4 to
08:00:46:33:55:77 ((none)) via eth0
I've modified the dhcp rules to match the messages above, they are now:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): (BOOTREQUEST|
DHCPDISCOVER) from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [.
[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPOFFER on [.0-9]
{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPREQUEST for [.
0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._
[:alnum:]-]+\) )?via [.[:alnum:]]+
( unknown lease [.0-9]{7,15}\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPACK on [.0-9]
{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [.[:alnum:]]+$
The changes will be included in the next release.
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#352337: [Logcheck-devel] Bug#352337: please tighten permissions on /etc/logcheck
On 11 Feb 2006, at 11:29, martin f krafft wrote: I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. Conversely, I don't see much point in being this restrictive? -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#341957: [Logcheck-devel] Bug#341957: does not handle splitted amavisd-new loglines
reassign 341957 amavisd-new retitle 341957 amavisd-new: logcheck rules don't match split log lines thanks On 4 Dec 2005, at 12:58, Marco Nenciarini wrote: If you run amavisd-new on a mailing-list, messages with multiple recipients can generate a very long log lines. These lines are splitted like this (email addresses removed) Dec 4 11:21:07 lorien amavis[10426]: (10426-06-6) Passed, [EMAIL PROTECTED] - [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],x [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],xx [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],xxx [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] snip I think is enought to add: amavis\[[0-9]+\]: +(\([-0-9]+\) +)?\.\.\. snip This is far too broad. The amavisd-new rules are supplied by the amavisd-new package, therefore I'm reassigning this bug to amavisd-new. -j -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#338003: [Logcheck-devel] Bug#338003: logcheck-database new ignore rule file for cron-apt
tags 338003 pending thanks Hi there, On 7 Nov 2005, at 19:02, Dave Vehrs wrote: Support for cron-apts output in /var/log/messages. Example Output: Oct 31 04:41:04 hostname cron-apt: CRON-APT RUN [/etc/cron-apt/config]: Mon Oct 31 04:00:01 MST 2005 Thanks for your rules for cron-apt. I've added them to CVS under ignore.d.workstation/cron-apt and they'll be included in the next release. Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#343226: [Logcheck-devel] Bug#343226: logcheck: Wrong 'Connection from' pattern in ignore.d.server
retitle 343226 logcheck: Wrong 'Connection from' pattern in snmpd rules
severity 337916 normal
reassign 343226 logcheck-database
merge 337916 343226
thanks
On 13 Dec 2005, at 19:31, Ingo Theiss wrote:
logcheck reports lots (and I mean lots) of messages from snmpd in the
following format:
Dec 13 16:05:07 example snmpd[571]: Connection from UDP:
[xxx.xxx.xxx.xxx]:33164
inside ignore.d.server I found a rule that should in my opinion match
those lines but the provided above is slightly different.
please update the pattern in ignore.d.server to match the line above.
I believe this is the same issue as #337916, the following rules have
already been changed in CVS and will be included in the next release,
due in the next week or two:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from [.
0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from
UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}$
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#352456: mysql-server-5.0: logcheck rulefile has incorrect permissions
package: mysql-server-5.0 version: 5.0.18-7 severity: minor The permissions of /etc/logcheck/ignore.d.server/mysql-server-5_0 do not allow logcheck to read it: -rw-r--r-- 1 root root 2270 2006-01-20 20:36 /etc/logcheck/ ignore.d.server/mysql-server-5_0 It should be owned by root:logcheck and chmod 0640. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#352339: [Logcheck-devel] Bug#352339: please tighten permissions of /etc/logcheck/*
tags 352339 moreinfo thanks On 11 Feb 2006, at 11:40, martin f krafft wrote: I suggest removing write rights for the group `logcheck` from directories in /etc/logcheck. Rationale: members of the logcheck group need not write these directories (or do they?). I also suggest removing the group write right from /etc/logcheck/logcheck.* As far as I can see, the group logcheck has no write privileges over any file or directory under /etc/logcheck: $ sudo find /etc/logcheck -perm /g+w $ Reinstalling the logcheck package should restore the permissions to their default. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#352468: mysql-server-5.0: crashes after SELECT query
lorien mysqld[25024]: InnoDB: Thread 2991299504 stopped in file ./../include/sync0sync.ic line 111 Feb 12 00:51:42 lorien mysqld_safe[9891]: Number of processes running now: 0 Feb 12 00:51:42 lorien mysqld_safe[9893]: restarted Feb 12 00:51:43 lorien mysqld[9896]: 060212 0:51:43 InnoDB: Database was not shut down normally! Feb 12 00:51:43 lorien mysqld[9896]: InnoDB: Starting crash recovery. Feb 12 00:51:43 lorien mysqld[9896]: InnoDB: Reading tablespace information from the .ibd files... Feb 12 00:51:43 lorien mysqld[9896]: InnoDB: Restoring possible half- written data pages from the doublewrite Feb 12 00:51:43 lorien mysqld[9896]: InnoDB: buffer... Feb 12 00:51:44 lorien mysqld[9896]: 060212 0:51:44 InnoDB: Starting log scan based on checkpoint at Feb 12 00:51:44 lorien mysqld[9896]: InnoDB: log sequence number 0 2010165650. Feb 12 00:51:44 lorien mysqld[9896]: InnoDB: Doing recovery: scanned up to log sequence number 0 2010168586 Feb 12 00:51:44 lorien mysqld[9896]: 060212 0:51:44 InnoDB: Starting an apply batch of log records to the database... Feb 12 00:51:44 lorien mysqld[9896]: InnoDB: Progress in percents: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 Feb 12 00:51:44 lorien mysqld[9896]: InnoDB: Apply batch completed Feb 12 00:51:44 lorien mysqld[9896]: InnoDB: Last MySQL binlog file position 0 98, file name /var/log/mysql/mysql-bin.000900 Feb 12 00:51:44 lorien mysqld[9896]: 060212 0:51:44 InnoDB: Started; log sequence number 0 2010168586 Feb 12 00:51:44 lorien mysqld[9896]: 060212 0:51:44 [Note] Recovering after a crash using /var/log/mysql/mysql-bin Feb 12 00:51:44 lorien mysqld[9896]: 060212 0:51:44 [Note] Starting crash recovery... Feb 12 00:51:44 lorien mysqld[9896]: 060212 0:51:44 [Note] Crash recovery finished. Feb 12 00:51:45 lorien mysqld[9896]: 060212 0:51:45 [Note] /usr/sbin/ mysqld: ready for connections. Feb 12 00:51:45 lorien mysqld[9896]: Version: '5.0.18-Debian_7-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Debian Etch distribution Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#350242: [Logcheck-devel] Bug#350242: logcheck: does not handle filenames with dots in them (e.g. cyrus2.2)
reassign 350242 debianutils severity 350242 normal retitle 350242 debianutils: run-parts can't handle filenames containing a period thanks! On 28 Jan 2006, at 08:17, Paul Traina wrote: Cyrus 2.2 in experimental installs its logcheck file as: /etc/logcheck/ignore.d.server/cyrus2.2 That file is ignored... This looks like a problem with run-parts: [EMAIL PROTECTED]:~$ mkdir test [EMAIL PROTECTED]:~$ cd test [EMAIL PROTECTED]:~/test$ touch foo [EMAIL PROTECTED]:~/test$ touch bar1.1 [EMAIL PROTECTED]:~/test$ touch foobar11 [EMAIL PROTECTED]:~/test$ run-parts --list . ./foo ./foobar11 [EMAIL PROTECTED]:~/test$ mv bar1.1 bar11 [EMAIL PROTECTED]:~/test$ run-parts --list . ./bar11 ./foo ./foobar11 Therefore, I'm going to reassign this to debianutils. In the meantime I've modified logcheck to use find instead. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#344832: (fwd) Re: [Logcheck-devel] Bug#344832: correct subject header
On 3 Jan 2006, at 01:18, maximilian attems wrote: - Forwarded message from General Stone [EMAIL PROTECTED] - From: General Stone [EMAIL PROTECTED] To: maximilian attems [EMAIL PROTECTED] Subject: Re: [Logcheck-devel] Bug#344832: correct subject header On Mon, Jan 02, 2006 at 02:09:48PM +0100, maximilian attems wrote: please provide the noncorrect subject line and what is your wish? reading the switches it seems pretty clear that the highest alerts wins as expeceted. snip The subject line is: Subject: [logcheck] t-39-6-gs 02-01-2006 14:30 Security Events And I wish to change it to: --- Subject: [logcheck] t-39-6-gs 02-01-2006 14:30 Security Events, System Events So that anybody can filter and split the mail like priority. If there are Security Events and System Events then the subject will include Security Events, if there are only System Events, the subject will be System Events. I don't see how making the subject more complicated will enhance filtering - users can already filter on Security Events. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#340226: [Logcheck-devel] Bug#340226: logcheck does not succeessfully filter postfix/policy-spf or amavis
tags 340226 pending
thanks
On 22 Nov 2005, at 20:34, Todd Troxell wrote:
On Tue, Nov 22, 2005 at 02:14:47PM -0500, Lia Treffman wrote:
Well, I uninstalled and then reinstalled logcheck and now it works.
That is so very, very weird. Thanks for your time.
Lia
Weird! I'm glad it works. Logcheck should probably warn on
unreadable
rulefiles... I retitled this bug.
I've modified cleanrules to test whether the file is readable and
exit if not:
for rulefile in $(find $dir); do
rulefile=$(basename $rulefile)
if [ -f ${dir}/${rulefile} ]; then
debug cleanrules: ${dir}/${rulefile}
if [ -r ${dir}/${rulefile} ]; then
# pipe to cat on greps to get usable exit
status
egrep --text -v '^[[:space:]]*$|^#' $dir/
$rulefile | cat \
$cleaned/$rulefile \
|| error Couldn't append to $cleaned/
$rulefile. Disk Full?
else
error Couldn't read $dir/$rulefile
fi
fi
done
[EMAIL PROTECTED]:~$ sudo chown root:root /etc/logcheck/ignore.d.server/postfix
[EMAIL PROTECTED]:~$ sudo -u logcheck logcheck -o -t
Error: Couldn't read /etc/logcheck/ignore.d.server/postfix.
-j
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#352105: dspam: Minor changes to README.Debian
package: dspam version: 3.6.2-2 severity: minor tags: patch Hi there, I've been reading through the documentation with dspam and I came up with a few suggestions for README.Debian. I've included the modified version below and a patch is attached. dspam for Debian Please see http://pkg-dspam.alioth.debian.org/. The original dspam package allows a versatile set of options, however most are set at configure time (that is, before the package is actually compiled and built). The Debian package includes a mechanism that allows you to set several options and rebuild the package quickly. If you are not familiar with building Debian packages from source, please read: http://www.debian.org/doc/manuals/reference/ch-system.en.html#s- sourcebuild In order to change the options that dspam is built with you need to change the DEB_BUILD_OPTIONS environment variable. For example, in bash: $ export DEB_BUILD_OPTIONS=disable_virtual_users debug The possible values for DEB_BUILD_OPTIONS are listed below. [ standard ] noopt - disable optimizations nostrip - disable binary stripping [ dspam specific ] disable_virtual_users - disable storing the users in a database disable_preferences_extension - disable storing the users' preferences in a database disable_clamav - disable ClamAV antivirus support verbose_debug - enable extensive debug (EXTREMELY DISCOURAGED for production systems) debug - enable debug (currently enabled by default) -- Debian DSPAM Maintainers Maintainer: pkg-dspam- [EMAIL PROTECTED], Thu, 13 Oct 2005 11:53:46 + README.Debian.patch Description: Binary data Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#351669: [Logcheck-devel] Bug#351669: logcheck: [manual] the sudo(1) is missing from EXAMPLES
tags 351669 pending thanks Hey Jari, On 6 Feb 2006, at 15:33, Jari Aalto wrote: Current manual reads: EXAMPLES logcheck can be invoked directly thanks to su(8) or sudo (8), which change the user ID: snip I believe this shuold be formatted as: EXAMPLES logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID. The following Checks the logfiles without updating the offset and outputs everything to STDOUT. sudo -u logcheck logcheck -o -t I've changed it to read: logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID. The following example checks the logfiles without updating the offset and outputs everything to STDOUT. sudo -u logcheck logcheck -o -t Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#347227: [Logcheck-devel] Bug#347227: logcheck-database: additional server ignore rule for postfix
tags 347227 pending
thanks
On 9 Jan 2006, at 15:15, Adam James wrote:
Current ignore.d.server/postfix rules don't match the following:
Jan 9 11:02:41 evolution postfix/smtpd[18938]: initializing the
server-side TLS engine
The regexp below does:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]:
initializing the server-side TLS engine$
Thanks for your bug report, the rule you suggested will be included
in the next release.
-j
PGP.sig
Description: This is a digitally signed message part
Bug#346502: [Logcheck-devel] Bug#346502: logcheck-database: new output from su (login)
tags 346502 pending
thanks
On 8 Jan 2006, at 14:20, Lee Maguire wrote:
An upgrade of the login package to 1:4.0.14 causes the following to be
sent every morning when cron.daily runs.
Jan 8 06:25:03 enzo su[7896]: Successful su for nobody by root
Jan 8 06:25:04 enzo su[7899]: Successful su for nobody by root
Jan 8 06:25:05 enzo su[7901]: Successful su for nobody by root
I've added the following rule, which will be included in the next
release:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:]-]+ by [[:alnum:]-]+$
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
Bug#337998: [Logcheck-devel] Bug#337998: logcheck ignore rules updates
On 7 Nov 2005, at 18:53, Dave Vehrs wrote: Package: logcheck-database Version: 1.2.42 Files: /etc/logcheck/ignore.d.server/kernel /etc/logcheck/ignore.d.workstation/kernel Severity: Minor Tags: Patch Local system: Linux B166ER 2.6.11-mm4 #1 Fri May 27 17:30:15 MDT 2005 x86_64 GNU/Linux Updated the following rules to match the output seen on my system. Can you provide the log messages that should be ignored? Thanks, -j -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#337517: [Logcheck-devel] Bug#337517: logcheck-database: dovecot login line should have the word plain in lowercase not uppercase
package logcheck-database tags 337517 pending thanks On 4 Nov 2005, at 16:59, Philip Craig wrote: I had to change the case of the dovecot login line or it was generating spurious logchecks. Here is the version after my change: snip The above was all on one line of course. I only changed the case of plain from PLAIN to plain because I don't use the other entries. Possibly they all need to change as well but I don't know dovecot well enough to know this. It looks like they released a new version upstream, with yet another log format *sigh*. This'll be fixed in the next release. Thanks for your bug report, -j -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#337998: Subject: Re: [Logcheck-devel] Bug#337998: logcheck ignore rules updates
package logcheck-database tags 337998 pending thanks [N.B. Please ensure that you always Cc bugs.debian.org when replying.] On 17 Nov 2005, at 21:09, lowkey wrote: On 7 Nov 2005, at 18:53, Dave Vehrs wrote: snip Updated the following rules to match the output seen on my system. Can you provide the log messages that should be ignored? Log messages and old/new rules: Message(s): Oct 20 03:54:41 Hostname kernel: usb 2-1: USB disconnect, address 101 Oct 20 03:54:41 Hostname kernel: usb 2-1.1: USB disconnect, address 102 snip Oct 20 03:54:42 Hostname kernel: usb 2-1: new full speed USB device using ohci_hcd and address 104 Oct 20 03:54:42 Hostname kernel: usb 2-1.1: new full speed USB device using ohci_hcd and address 105 snip Oct 20 03:54:43 Hostname input.agent[11665]: mousedev: already loaded Oct 20 03:54:43 Hostname input.agent[11665]: tsdev: already loaded snip Oct 20 03:54:43 Hostname input: USB HID v1.00 Keyboard [Chicony PFU-65 USB Keyboard] on usb-:00:02.0-1.1 Oct 20 03:54:43 Hostname input: USB HID v1.10 Mouse [B16_b_02 USB-PS/2 Optical Mouse] on usb-:00:02.0-1.3 snip This will be fixed in the next release. Thanks for your bug report, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] PGP.sig Description: This is a digitally signed message part
Bug#337916: [Logcheck-devel] Bug#337916: logcheck-database: Corrected pattern, this time WITH pattern
Hi there, On 10 Nov 2005, at 09:04, Ralf Hildebrandt wrote: attached Please can you provide the log messages which should be ignored. Thanks, -j PGP.sig Description: This is a digitally signed message part
Bug#336558: [Logcheck-devel] Bug#336558: logcheck: spamd rules in 1.2.42
On Sun, 2005-10-30 at 23:45 -0800, Karl Chen wrote:
Hi, the new rules in logcheck 1.2.42 for spamd don't work
for me. This patch fixes it:
snip
Thanks for the patch.
--- violations.ignore.d/logcheck-spamd(revision 1076)
+++ violations.ignore.d/logcheck-spamd(working copy)
@@ -1,3 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: Cannot open bayes
databases /home/[_[:alnum:]-]+/.spamassassin/bayes_\* R/W: lock failed: File
exists$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: failed sanity check,
[0-9]+ bytes claimed, [0-9-]+ bytes seen$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: processing message .+
for .+:[0-9]+\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?result: .*$
This is far too broad. Please could you provide the log messages you're
trying to ignore with this rule.
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#335021: [Logcheck-devel] Bug#335021: logcheck-database: Spamd rule broken
package logcheck-database tags 335021 pending thanks On Fri, 2005-10-21 at 15:52 +0200, Ryszard Lach wrote: spamd's configurations do not match my log entries, I suppose that logcheck files should be fixed. See a couple of lines not-ignored by ignore.d.server/spamd: Oct 21 13:02:07 localhost spamd[5468]: spamd: connection from localhost [127.0.0.1] at port 56544 snip Thanks for your bug report, this will be fixed in the next release. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
tags 334042 moreinfo
thanks
[Quoted from private reply, submitter requested that log messages were
kept private.]
On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote:
My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I
receive the update thru mail, it is full with:
- imaplogin (LOGIN/LOGOUT)
- spamd
- qmail-scanner
that kinda stuff I don't need to see..
These messages..
183 only4clans CRON: (pam_unix) session closed for user root
1 only4clans CRON: (pam_unix) session closed for user
logcheck
snip
..are matched by rules in ignore.d.paranoid/cron:
../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for
user [[:alnum:]-]+ by \(uid=[0-9]+\)$
../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for
user [[:alnum:]-]+$
These messages are from SA 3.1, they'll be ignored in the next release
of logcheck (#335021):
only4clans spamd: spamd: connection from localhost [127.0.0.1] at port
42461
Your proftpd messages are also matched by rules in
ignore.d.server/proftpd.
1 only4clans proftpd: only4clans.com (192.168.1.1[192.168.1.1]) -
FTP session opened.
snip
What is your report level set to?
Run ls -al /etc/logcheck and ls -al /etc/logcheck/ignore.d.server
-j
signature.asc
Description: This is a digitally signed message part
Bug#334415: [Logcheck-devel] Bug#334415: logcheck: [INTL:sv] Swedish debconf templates translation
package logcheck tags 334415 pending thanks Thanks, your translation will be included in the next release. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#334342: [Logcheck-devel] Bug#334342: logcheck-database: regexp for postfix/anvil is too restrictive
package logcheck-database tags 334342 pending thanks On Mon, 2005-10-17 at 12:24 +0200, flavien wrote: postfix configuration (master.cf) allows the administrator to specify a machine name/IP before the smtp keyword. For example, I have : 1.2.3.4:smtp inet n - n - - smtpd In this case, when remote server 4.5.6.7 connects too fast, anvil logs look like : Oct 17 06:27:33 red postfix/anvil[10531]: statistics: max connection rate 1/60s for (1.2.3.4:smtp:4.5.6.7) at Oct 17 06:09:23 Thanks for your bug report, this will be fixed in the next release. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#327088: [Logcheck-devel] Bug#327088: Dovecot rules doesn't work with ipv6
On Thu, 2005-10-13 at 22:15 +0200, Elmar Hoffmann wrote:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Login:
[.[:alnum:[EMAIL PROTECTED] \[(:::)?[:0-9.]+\]$
While the given example log entry unfortunately does not show it, an
IPv6 address does use hex digits, ie. the address of the box I'm
writing this on is 2001:1638:1810::201:2ff:fe0d:6cec, which would not
be matched by the pattern (:::)?[:0-9.]+ used above (and the other
rules I didn't quote).
Thus a correct pattern to match an IPv4 or IPv6 address would be:
[0-9a-f.:]+
Thanks for catching that, my only excuse is that I was falling asleep at
the keyboard at the time..
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#332807: [Logcheck-devel] Bug#332807: proftpd rules do not support IPv6 addresses
package logcheck-database tags 332807 pending thanks On Mon, 2005-10-10 at 14:22 +0200, Elmar Hoffmann wrote: The rules for proftpd do not support IPv6 addresses, the attached patch fixes this. Here's an updated version of that patch, that also matches IPv6 hosts without working reverse DNS. Thanks for the patch, it'll be included in the next release. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote: My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I receive the update thru mail, it is full with: - imaplogin (LOGIN/LOGOUT) - spamd - qmail-scanner Which log messages are not being ignored? -j signature.asc Description: This is a digitally signed message part
Bug#333233: [Logcheck-devel] Bug#333233: ssh's own reverse DNS lookup failure messages are not ignored
package logcheck-database tags 333233 pending thanks On Fri, 2005-10-14 at 16:41 +0200, Elmar Hoffmann wrote: on Tue, Oct 11, 2005 at 02:34:31 +0200, Elmar Hoffmann wrote: While violations.ignore.d/logcheck-ssh does filter out the warnings about failed reverse DNS lookup from the TCP wrappers, it does not for ssh's own messages (which are quite overly dramatic, too). The attached patch fixes this. Added another variant of these messages. Thanks for your patch, it'll be included in the next release. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
On Sat, 2005-10-15 at 19:45 +0200, Paul van der Holst wrote: I will add one of each below proftpd: snip Can you provide the exact log messages as reported through syslog? It makes it a lot easier that way. If you feel the need, you can change the IP addresses to 127.0.0.1. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#325874: [Logcheck-devel] Processed: Re: [Pkg-nagios-devel] Bug#325874: nagios-common: logcheck regexp issue
package logcheck-database tags 325874 pending thanks On Mon, 2005-09-05 at 03:30 -0400, sean finney wrote: On Thu, Sep 01, 2005 at 08:23:04PM +0200, maximilian attems wrote: can i see this as an ack from nagios maintainer, that the UNREACHABLE logline should be ignored? oh, i didn't actually *look* at the ignore lines, i simply remembered that i wasn't the one administering the rulesets so i passed the bug on without thinking much about it. i'll take a look at the rules this afternoon and think about it and get back to you :) This bug has been idle for a while, from looking at the patch it seems to me that UNREACHABLE notification messages should be ignored. There is no point in the user being notified of the problem more than once (by nagios and in logcheck mails). Unless there are any objections I'll include this in the next logcheck release. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#328251: logcheck: please add rules for popa3d
package logcheck-database
tags 328251 pending
thanks
On Fri, 2005-09-16 at 14:15 +0200, maximilian attems wrote:
- Forwarded message from Reinhold Trocker [EMAIL PROTECTED] -
To: maximilian attems [EMAIL PROTECTED]
Subject: Antwort: Re: [Logcheck-devel] Bug#328251: logcheck: please add rules
for
popa3d
From: Reinhold Trocker [EMAIL PROTECTED]
Date: Thu, 15 Sep 2005 17:23:31 +0200
examples:
Sep 15 17:02:23 lin popa3d[14561]: Session from 127.0.0.1
snip
the exception is the following line:
Authentication passed for username
so the regex would be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ popa3d\[[0-9]+\]: Authentication passed
for [._[:alnum:]-]+$
At least I think so: is the regex [._[:alnum:]-]+ correct for
usernames?
Yes, it would.
I've added the following rules, which will be included in the next
release:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ popa3d\[[0-9]+\]: Session from
[:0-9a-f.]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ popa3d\[[0-9]+\]: Authentication
passed for [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ popa3d\[[0-9]+\]: [0-9]+ message
\([0-9]+ bytes\) loaded$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ popa3d\[[0-9]+\]: [0-9]+ \([0-9]+\)
deleted, [0-9]+ \([0-9]+\) left$
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#330208: [Logcheck-devel] Bug#330208: Mising write permisson on /var/lock/logcheck for group logcheck
package logcheck tags 330208 pending thanks On Mon, 2005-09-26 at 20:18 +0200, Achim Schaefer wrote: if a user is part of the group logcheck, he should be able to run logcheck. This will be fixed in the next release. Thanks for your bug report. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#327088: [Logcheck-devel] Bug#327088: Dovecot rules doesn't work with ipv6
package logcheck-database
tags 327088 pending
thanks
On Wed, 2005-09-07 at 17:44 +0200, Marco Nenciarini wrote:
Your rule does not fit the case that the client have an ipv6 ip. Yhis
is the log:
Sep 7 17:41:12 lorien pop3-login: Login: [EMAIL PROTECTED]
[2001:1418:13:10::1]
Adjusted for next release:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Login:
[.[:alnum:[EMAIL PROTECTED] \[(:::)?[:0-9.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login:
Disconnected \[(:::)?[:0-9.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|
pop3)\([^[:space:]]+\): File isn't in mbox format: [^[:space:]]+$
# dovecot 1.0
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login:
user=[.[:alnum:[EMAIL PROTECTED], method=(PLAIN|LOGIN|(CRAM|DIGEST)-MD5),
rip=(:::)?[:.[:digit:]]+, lip=(:::)?[:.[:digit:]]+(, TLS)?$
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#332707: [Logcheck-devel] Bug#332707: ignore.d.server/dovecot: add dovecot:
package logcheck-database tags 333461 pending thanks On Fri, 2005-10-07 at 18:19 -0700, Karl Chen wrote: In /var/log/mail.log I get lines like these: Oct 7 07:40:34 xxhostnamexx dovecot: imap-login: Disconnected [##.##.##.##] Thanks for your patch, this will be included in the next release. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#333456: [Logcheck-devel] Bug#333456: logcheck: ignore mundane tftpd messages
package logcheck
tags 333456 pending
thanks
Hi there
On Tue, 2005-10-11 at 19:56 -0400, toby cabot wrote:
Hi, thanks for maintaining logcheck, it works quite well. I run a
small network with some diskless nodes. When they boot, they download
their kernels from TFTP. Typically, I'll get two messages from
logcheck; one when the client connects, and one when they download a
file, e.g:
I've added the following rules to logcheck based on the log messages you
provided:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.tftpd\[[0-9]+\]: connect from
[._[:alnum:]-]+ \([.[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tftpd\[[0-9]+\]: tftpd: trying to get
file: [^[:space:]]+$
They'll be included in the next release. In future, if you make local
additions to the logcheck rules you should prefix the filename with
'local-' to ensure they are not overwritten when upgrading.
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#327088: [Logcheck-devel] Bug#327088: logcheck-database: dovecot logins appear after new regexp syntax
package logcheck-database
tags 327088 pending
thanks
On Thu, 2005-10-06 at 04:28 +0200, Morten 'Doc' Nielsen wrote:
from what i can see, your new log format does not hide regular logins,
so now my logcheck email is full of lines like this:
Oct 5 20:02:03 docnielsen dovecot: imap-login: Login: user=doc,
method=PLAIN, rip=192.168.1.123, lip=192.168.1.123, TLS
I've added the following rule for the new log message format in dovecot
1.0:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login:
user=[.[:alnum:[EMAIL PROTECTED], method=(PLAIN|LOGIN|(CRAM|DIGEST)-MD5),
rip=(:::)?[.[:digit:]]+, lip=(:::)?[.[:digit:]]+(, TLS)?$
It'll be included in the next release.
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#331282: [Logcheck-devel] Bug#331282: Rule for polypaudio
tags 331282 pending
thanks
On Sun, 2005-10-02 at 15:54 -0400, Anthony DeRobertis wrote:
I think the following ignore rule is appropriate for the events below:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ polypaudio\[[0-9]+\]: module-alsa-sink.c:
using [0-9]+ fragments of size [0-9]+ bytes.$
Thanks for your bug report. The rules you suggested will be included in
the next release.
Thanks,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#328632: [Logcheck-devel] Bug#328632: Please include README.logcheck-database.gz
On Wed, 2005-09-14 at 21:35 -0400, Micah Anderson wrote: man (8) logcheck says: For hints on how to maintain rules, see README.logcheck-database.gz, but this file is not included in /usr/share/doc/logcheck. It's included in the logcheck-database package upon which logcheck depends on. -j signature.asc Description: This is a digitally signed message part
Bug#327088: [Logcheck-devel] Bug#327088: Dovecot rules doesn't work with ipv6
tags 327088 pending
thanks
On Wed, 2005-09-07 at 16:44 +0200, Marco Nenciarini wrote:
If you enable ipv6 in dovecot's config, it produces logs with ipv6 addresses
within.
From my mail.log:
Sep 7 14:03:59 lorien pop3-login: Login: [EMAIL PROTECTED]
[:::11.22.33.44]
I've changed the relevant rules for dovecot so they now look like this:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Login:
[.[:alnum:[EMAIL PROTECTED] \[(:::)?[0-9.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Disconnected
\[(:::)?[0-9.]+\]$
I've tested them against the log messages you provided.
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#324451: [Logcheck-devel] Bug#324451: logcheck-database: rules to add to the database package
tags 324451 pending
thanks
On Wed, 2005-08-24 at 09:31 +0200, Robbert Muller wrote:
here are some log entries
Please ensure that you always Cc bugs.debian.org.
Based on your log messages, I've added the following rules to logcheck:
ignore.d.server/mon
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: client connection from
[.[:digit:]]+:[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: client command
(protid [0-9]+|list disabled|disable watch websites)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: authenticated monuser$
violations.ignore.d/logcheck-mon:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: client command list
failures$
I didn't include the messages given on reload, since logcheck doesn't
suppress startup/shutdown messages.
Thanks for your bug report,
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#324451: [Logcheck-devel] Bug#324451: logcheck-database: rules to add to the database package
Hi there, On Mon, 2005-08-22 at 09:22 +0200, Robbert Muller wrote: The Package mon doens't have any rules yet, but does write to the syslog. the problem is that one of the lsit commands triggers the security violation which it isn't ;-) Could you provide the log messages from mon which are being included in logcheck reports? Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#320274: logcheck-database: Please add pop3 to dovecot
severity 320274 normal merge 320274 310423 thanks On Wed, 2005-08-17 at 23:00 +0200, maximilian attems wrote: On Thu, 28 Jul 2005, Andrew Pollock wrote: On Thu, Jul 28, 2005 at 08:45:07AM +0100, Jamie L. Penman-Smithson wrote: On Thu, 2005-07-28 at 10:06 +1000, Andrew Pollock wrote: Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. Please provide the messages from pop3-login that need to be ignored. They're exactly the same as the imap-logins, except prefixed with pop3-login. This bug is a duplicate of #310423 which was fixed in 1.2.40. -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#320274: [Logcheck-devel] Bug#320274: logcheck-database: Please add pop3 to dovecot
On Thu, 2005-07-28 at 10:06 +1000, Andrew Pollock wrote: Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. Please provide the messages from pop3-login that need to be ignored. Thanks, -- -Jamie L. Penman-Smithson [EMAIL PROTECTED] t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Bug#320009: ignore.d.server rule for openvpn
On Tue, 2005-07-26 at 13:31 +0200, Martin Lohmeier wrote: the attached patch adds one line to /etc/logcheck/ignore.d.server/openvpn to ignore the following line: Jul 26 11:05:02 debian ovpn-tunnel[394]: VERIFY OK: nsCertType=SERVER Thanks for the patch, it's been applied in CVS and will be included in the next release. -j signature.asc Description: This is a digitally signed message part
Bug#318500: logcheck-database: rules for openssh-krb5
package logcheck-database
tags 318500 pending
thanks
On Fri, 2005-07-15 at 14:02 -0700, Russ Allbery wrote:
For support of openssh-krb5, please add the following rule to
rulefiles/linux/ignore.d.server/ssh:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to
[^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
and add gssapi-with-mic to the list of authentication alternatives in
the first rule in that file. Thanks!
I've made these changes in CVS, they'll be in the next release.
Thanks for your bug report,
-j
signature.asc
Description: This is a digitally signed message part
Bug#318731: [Logcheck-devel] Bug#318731: spamd rule does not work
On Sun, 2005-07-17 at 20:19 +0200, Rainer Zocholl wrote:
[EMAIL PROTECTED](Jamie L. Penman-Smithson) 17.07.05 13:31
since all log messages have trailing
spaces stripped before they are processed, your rule will never match
anything.
Sorry, i wasn't aware of that and throught something wiered inside logcheck.
That's why i file a bug.
Too i was not warned that testing rules with egrep -f
is not recommandable/is senseless, because logcheck modifies the logfile
reads.
There's a paragraph in README.logcheck-database:
| To test new rules, you can grep your log file, and remove trailing
| space with something like this:
|
| sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep \
| '^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: \
| WWWOFFLE (On|Off)line\.$'
|
| If the log line is displayed, then your regex works.
Finally, this message indicates a _PROBLEM_ with your spamassassin
configuration, ignoring it _will not_ make the problem disappear.
I assume it's problem in some users config...
I don't want littering logcheck mails with messages i
can't change. That's to dangerous as some day no one will
take a look into the file.
Then find out which users config is causing the problem?
If your users config files are in the same directory, something like
egrep -H RBL * might find the culprit. Or find / -name foobar.cf
-exec grep -H RBL \{\} \;
That'll only work if your config files have identical names, if they are
named after the user, you could try something similar to:
cat /etc/passwd | egrep -v ^[[:alnum:]]+:x:[0-9]{1,2}:.*$ | cut -f 1
-d : .users for i in $(cat .users); do find /foo -name $i.cf
-exec grep -H RBL \{\} \;; done ; rm .users
Ignoring errors is not a good strategy. See bug #3853 in SA's bugzilla
(which I found within 5 seconds using Google)
I have several(!) times tried google and did not find any useful hints
or solution.
Which words did you use?
Argument RBL isn't numeric in addition
I tried Argument isn't numeric in addition etc. with spamd and without
and only see that others asking the same.
You may or may not already know, but placing quotation marks around
words causes Google to search for the entire phrase[1], rather than
occurrences of the individual words.
The first result from that is relevant to your problem, as are most of
the other results from the first page.
[1] http://www.google.co.uk/help/basics.html#phrases
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#318500: logcheck-database: rules for openssh-krb5
On Fri, 2005-07-15 at 14:02 -0700, Russ Allbery wrote:
For support of openssh-krb5, please add the following rule to
rulefiles/linux/ignore.d.server/ssh:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to
[^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
and add gssapi-with-mic to the list of authentication alternatives in
the first rule in that file. Thanks!
Could you provide the log messages that this matches?
Thanks,
-j
signature.asc
Description: This is a digitally signed message part
Bug#318731: [Logcheck-devel] Bug#318731: spamd rule does not work
package logcheck
merge 317642 318731
tags 318731 wontfix
thanks
On Sun, 2005-07-17 at 12:33 +0200, Rainer Zocholl wrote:
Package: logcheck
Version: most recent stable
Use apt to find the version number, most recent stable is pretty
useless.
Don't open multiple bug reports about the same issue. There is already
#317642. This isn't a problem with logcheck, it's a problem with _your
own_ rules, therefore this isn't a bug and the BTS isn't really the best
place, there's the logcheck-users mailing list which would be better.
Read README.logcheck-database, it explains, in detail, how to write
rules and how to test them correctly.
i can't block the spamd warning.
Why?
Your rule has a trailing space, since all log messages have trailing
spaces stripped before they are processed, your rule will never match
anything. Removing the trailing space should fix the problem:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: Argument \RBL\
isn't numeric in addition \(\+\)
at /usr/share/perl5/Mail/SpamAssassin/Conf.pm line 244.$
Finally, this message indicates a _PROBLEM_ with your spamassassin
configuration, ignoring it _will not_ make the problem disappear.
Ignoring errors is not a good strategy. See bug #3853 in SA's bugzilla
(which I found within 5 seconds using Google) which was the result of
misconfiguration:
--- Additional Comments From [EMAIL PROTECTED] 2004-10-01 10:05
---
This type of issue has always been something like:
score FOO_RULE RBL 3
somewhere in the configuration files. Could be in any of
the /etc/mail/spamassassin/*.cf files, or in
user_prefs, or anywhere your SA installation gets configuration data
from.
Fix the problem in your SA configuration.
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#316794: freepops: crashes while reading messages in foreign charset
package: freepops
version: 0.0.30-1
severity: important
After attempting to access the message below via gmail.com, freepops
crashes.
[EMAIL PROTECTED]:~$ telnet localhost 3000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK FreePOPs/0.0.30 pop3 server ready
USER [EMAIL PROTECTED]
+OK PLEASE ENTER PASSWORD
PASS [redacted]
+OK ACCESS ALLOWED
LIST 52
+OK 52 1
RETR 52
+OK ANSWER FOLLOW
X-Gmail-Received: 3176d81df2fb02b91da749b22a6f24ea3c398bb7
Delivered-To: [EMAIL PROTECTED]
Received: by 10.36.96.4 with SMTP id t4cs6164nzb;
Thu, 26 May 2005 02:20:20 -0700 (PDT)
Received: by 10.38.74.75 with SMTP id w75mr1936205rna;
Thu, 26 May 2005 02:20:20 -0700 (PDT)
Return-Path: [EMAIL PROTECTED]
Received: from mail.kqsv12.com ([211.240.63.137])
by mx.gmail.com with SMTP id 75si535460rnb.2005.05.26.02.20.05;
Thu, 26 May 2005 02:20:20 -0700 (PDT)
Received-SPF: error (gmail.com: error in processing during lookup of
[EMAIL PROTECTED]: DNS timeout)
Received: (qmail 20038 invoked by uid 509); 26 May 2005 15:49:34 +0900
Date: 26 May 2005 15:49:34 +0900
Message-ID: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: 新規登録の方は1円分無料
一万円分!完全無料で使用OK
■今なら間に合うWチャンス!無料ポイントアップ楽しさonnection closed by
foreign host.
The message in its entirety looks like this:
X-Gmail-Received: 3176d81df2fb02b91da749b22a6f24ea3c398bb7
Delivered-To: [EMAIL PROTECTED]
Received: by 10.36.96.4 with SMTP id t4cs6164nzb;
Thu, 26 May 2005 02:20:20 -0700 (PDT)
Received: by 10.38.74.75 with SMTP id w75mr1936205rna;
Thu, 26 May 2005 02:20:20 -0700 (PDT)
Return-Path: [EMAIL PROTECTED]
Received: from mail.kqsv12.com ([211.240.63.137])
by mx.gmail.com with SMTP id 75si535460rnb.2005.05.26.02.20.05;
Thu, 26 May 2005 02:20:20 -0700 (PDT)
Received-SPF: error (gmail.com: error in processing during lookup of [EMAIL
PROTECTED]: DNS timeout)
Received: (qmail 20038 invoked by uid 509); 26 May 2005 15:49:34 +0900
Date: 26 May 2005 15:49:34 +0900
Message-ID: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: $B?75,EPO?$NJ}$O(B1$B1_J,L5NA(B
$B0lK|1_J,!*40A4L5NA$G;HMQ(BOK
$B#:#$J$i4V$K9g$(BW$B%A%c%s%9!*L5NA%]%$%s%H%%C%W3Z$7$5(B100$BG\!*#(B
$B([EMAIL PROTECTED](B
$B0l0L!'5U1g!J(B189$BLEPO?!K(B
$BFs0L!'1g8r!J(B429$BLEPO?!K(B
$B;00L!'(BSM$B5U1g!J(B243$BLEPO?!K(B
$B;M0L!'%;%U%l!J(B1038$BLEPO?!K(B
$B8^0L!'ITNQ!J(B2421$BLEPO?!K(B
$BO;0L!'%F%l%(%C%A!J(B3463$BLEPO?!K(B
$B!(B
$B!(B
$B!(B
$B0lK|1_J,40A4L5NA$G$*;n$7$O(B
$B---(B
http://www.awg4.com/?summer12
$BB~:#!*?75,EPO?$7$?J}$K$OL5NA$G(B10,000$B1_J,$4MxMQ=PMh$^$9!#(B
$B!ZL5NA%]%$%s%HFb$G==J,$K%Q!%H%J!$rC5$9;v$,=PMh$^$9!#![(B
$B((B18$B:P0Je$NHkL)87i$G$-$kJ}$J$i2?J}$G$bMxMQ(BOK
$B--F~8}--(B
CLICK
http://www.awg4.com/?summer12
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
$B((B18$B:PL$K~$N$4MxMQ1sN82$5$$!#(B
$B:#8e!%a!%k$Nu?.$r5qH]$9$kl9g$O25-(BURL$B$KJV?.2$5$$!#(B
[EMAIL PROTECTED]
From /var/log/syslog:
Jul 4 00:23:56 lorien freepopsd: Session started for
[EMAIL PROTECTED] ()
Jul 4 00:23:56 lorien freepopsd: DBG(popserver.c, 172):
Jul 4 00:23:56 lorien freepopsd: [6861] - +OK ACCESS ALLOWED
Jul 4 00:23:58 lorien freepopsd: DBG(popserver.c, 172):
Jul 4 00:23:58 lorien freepopsd: [6861] - LIST 52
Jul 4 00:24:00 lorien freepopsd: DBG(popserver.c, 172):
Jul 4 00:24:00 lorien freepopsd: [6861] - +OK 52 1
Jul 4 00:24:04 lorien freepopsd: DBG(popserver.c, 172):
Jul 4 00:24:04 lorien freepopsd: [6861] - RETR 52
Jul 4 00:24:04 lorien freepopsd: DBG(popserver.c, 172):
Jul 4 00:24:04 lorien freepopsd: [6861] - +OK ANSWER FOLLOW
Jul 4 00:24:04 lorien freepopsd: DBG(popserver.c, 172):
Immediately after this freepops crashes. The output of strace is
attached.
If there is any further information that would be any use, please let me
know.
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
execve(/usr/bin/freepopsd, [/usr/bin/freepopsd, -vv, -n, -p, 3000,
-s, freepops.freepops, -l, syslog], [/* 21 vars
*/]) = 0
uname({sys=Linux, node=lorien.silverdream.org, ...}) = 0
brk(0) = 0x8083000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fe9000
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/etc/ld.so.preload, O_RDONLY)= -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=25333, ...}) = 0
old_mmap(NULL, 25333, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT
Bug#316618: [Logcheck-devel] Bug#316618: hddtemp
package logcheck
reassign 316618 hddtemp
retitle 316618 hddtemp: logcheck rules do not ignore drive sleeping messages
thanks
On Sat, 2005-07-02 at 15:22 +0200, Rainer Zocholl wrote:
snip
Jul 2 09:25:51 data hddtemp[15424]: /dev/hda: IBM-DJNA-351520: 43 C
Jul 2 09:25:51 data hddtemp[15424]: /dev/hdb: FUJITSU MPG3204AH EF:
drive is sleeping
I found that there is already /etc/logcheck/ignore.d.server:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ hddtemp\[[0-9]+\]:
/dev/([hs]d[a-z]|sg[0-9]): .*: [0-9]+ [CF]$
snip
a) It would be nice if the loglevel would be reported in the mail too.
Once you configure the loglevel you don't need to change it again. I
fail to see how including it in messages sent by logcheck would have any
additional benefit.
b) How not to ignore too large C values?
c) Why is drive is sleeping not ignored? [0-9]+ [CF] will not fit IMHO
The hddtemp rules are provided by the hddtemp package. Reassigning.
-j
signature.asc
Description: This is a digitally signed message part
Bug#315422: postgresql: leftover reference to /etc/postgresql/postmaster.conf in bash_profile
package: postgresql
version: 7.5.7
severity: normal
$ cat /home/postgres/.bash_profile
. /etc/postgresql/postmaster.conf
PATH=/bin:/usr/bin:/usr/lib/postgresql/bin
POSTGRES_DATA=/var/lib/postgres/data
PGDATA=${POSTGRES_DATA:-/var/lib/postgres/data}
PGLIB=/usr/lib/postgresql/lib
export PGLIB PGDATA
/etc/postgresql/postmaster.conf no longer exists. Thus attempting to run
anything under the postgres user results in:
/home/postgres/.bash_profile: line 1: /etc/postgresql/postmaster.conf:
No such file or directory
--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
Bug#315250: logcheck: Installation fails due to an error
package logcheck severity 315250 normal merge 315071 315250 thanks On Tue, 2005-06-21 at 15:56 +0300, Noam Rathaus wrote: During installation the following is returned: Setting up logcheck (1.2.39) ... gpasswd: unknown user adm adduser: `/usr/bin/gpasswd -M root,adm,daemon,logcheck adm' returned error code 1. Aborting. Cleaning up. From this point the logcheck won't work anymore, sending emails that something wrong has happened. This is the same issue as #315071. Please provide the output of: $ getent group adm and: ls -l /var/log -j signature.asc Description: This is a digitally signed message part
Bug#314951: logcheck prints error message if system hostname not resolvable
package logcheck tags 314951 wontfix thanks On Sun, 2005-06-19 at 17:44 +0200, Thomas Hood wrote: [EMAIL PROTECTED]:# su -s /bin/bash -c /usr/sbin/logcheck logcheck /dev/null hostname: Unknown host [EMAIL PROTECTED]:# echo $? 0 This is a problem with your system, not logcheck. You need to ensure that your systems hostname and its IP address is listed in /etc/hosts. I seem to remember this being done by default with a new install, so I'm not sure why you're any different. -j signature.asc Description: This is a digitally signed message part
