Bug#265588: [Logcheck-devel] Bug#265588: logcheck-database: coreection to oidentd rules

[maks attems]

tags 265588 pending
thanks

On Fri, 13 Aug 2004, jonas at mail.kidns.de wrote:

> Package: logcheck-database
> Version: 1.2.24
> Severity: wishlist
> 
> hello,
> 
> the current rules for oidentd are to strict, as they require connections
> to oidentd to come from port 0:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> 				localhost \(127.0.0.1\):0$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> 		[._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):0$
> 
> anyway, ident lookups seem to come from very different ports, according
> to my logs:
> Aug 12 13:37:37 host oidentd[2673]: Connection from gluck.debian.org (192.25.206.10):39225
> Aug 13 19:30:04 host oidentd[27268]: Connection from run.smurf.noris.de (192.109.102.41):51246
> Aug 13 16:23:53 host oidentd[25436]: Connection from spohr.debian.org (128.193.0.4):54192
> 
> 
> i suggest to change rules to the following:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> 	localhost \(127.0.0.1\):[0-9]{1,5}$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> 	[._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
> 
> 
> bye
>  jonas

great timing, bug just got fixed in cvs,
will get in sarge (hopefully) as next release is imminent.


--
maks
kernel janitor  	http://janitor.kernelnewbies.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040814/c4704e2f/attachment.pgp