Documento sin título

From info at imagenarte.net Wed Aug 2 04:45:41 2006 From: info at imagenarte.net (IART) Date: Wed, 2 Aug 2006 04:45:41 +0000 Subject: [Logcheck-devel] Pregunte como mejorar su imagen. Message-ID: <200608020445.LIONNPPMVF@Dynamic-IP-697918666.cable.net.co> Documento sin título

Dise?o Publicitario

Atr?s quedo la vieja idea de comunicaci?n que afirmaba que tan solo exist?a un emisor-mensaje-receptor. Ahora, las nuevas tecnolog?as permiten acceder a la l?gica de la interactividad en la cual no somos tan solo los espectadores de un acontecimiento sino que tambi?n somos los creadores de este.

Los multimedios abren los campos de alimentaci?n y retroalimentaci?n para una buena comunicaci?n porque con la vertiginosa rapidez de la actividad humana los antiguos esquemas de comunicaci?n cada vez se vuelven m?s ineficaces. La mezcla de audio, video, animaci?n, navegaci?n e impacto visual hace de la multimedia un nuevo elemento con un sin numero de cualidades que pueden ayudar al proceso de aprendizaje, desarrollo intelectual y entrete

Boletin Informativo

I-magen.net Lanza su nuevo sitio web

Agosto 1 lanzamiento del nuevo sitio Web de i-magen.net, este nuevo sitio estar? enfocado al servicio en l?nea para sus clientes, contara con nuevos productos y servicios para cada necesidad, con un dise?o l?gico y novedoso con el cual lograra ser uno de los sitio mas ?tiles para las empresas que requieren servicios publicitarios y gr?ficos.

I-magen.net nuevo nombre nueva imagen

iart es el nuevo nombre con el cual pretendemos posicionarnos en el mercado, con el lanzamiento del sitio Web se iniciara una campa?a electr?nica de posicionamiento de marca, i-magen.net con un nuevo nombre y una nueva imagen pretende tener mayor recordaci?n y diferenciales espec?ficos dentro del medio, logrando mayor penetraci?n en el mercado.

Telefono: 526-0867 Cel.316 357-8997 e-mail: info at imagenarte.net

-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060802/4857393b/attachment.htm From sat06 at mat.mohn.bertelsmann.de Mon Aug 7 09:45:48 2006 From: sat06 at mat.mohn.bertelsmann.de (Bernhard Sadlowski) Date: Mon, 07 Aug 2006 11:45:48 +0200 Subject: [Logcheck-devel] Bug#381839: logcheck: netatalk filter not working because of a atalk line with a superfluous blank Message-ID: <20060807094548.19733.70019.reportbug@dematl14.mat.mohn.bertelsmann.de> Package: logcheck Version: 1.2.47 Severity: minor Tags: patch -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.7-mat Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii adduser 3.95 Add and remove users and groups ii cron 3.0pl1-95 management of regular background p ii debconf [debconf 1.5.2 Debian configuration management sy ii grep 2.5.1.ds2-5 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logtail 1.2.47 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii postfix [mail-tr 2.2.10-2 A high-performance mail transport ii sysklogd [system 1.4.1-18 System Logging Daemon Versions of packages logcheck recommends: pn logcheck-database (no description available) -- debconf information: logcheck/changes: * logcheck/install-note: Suggested fix: # rcsdiff -ur /etc/logcheck/ignore.d.server/netatalk [...] -atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ $[[:alnum:]]+ [[:alnum:]]+$) $ +atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ $[[:alnum:]]+ [[:alnum:]]+$)$ [...] From mh+reportbug at glandium.org Tue Aug 8 05:36:08 2006 From: mh+reportbug at glandium.org (Mike Hommey) Date: Tue, 08 Aug 2006 07:36:08 +0200 Subject: [Logcheck-devel] Bug#381983: logcheck: Doesn't detect cron-apt lines anymore Message-ID: <20060808053608.22506.65717.reportbug@namakemono.glandium.org> Package: logcheck Version: 1.2.47 Severity: normal Setup is the default one. I used to receive the full cron-apt log in the logcheck summaries before, but since recently, it only shows random log lines. For example, I received that today: System Events =-=-=-=-=-=-= Aug 8 04:29:17 vaio cron-apt: Get:2 http://ftp.fr.debian.org testing/main python2.3 2.3.5-15 [3103kB] While the log contains much more: Aug 8 04:29:17 vaio cron-apt: CRON-APT RUN [/etc/cron-apt/config]: Tue Aug 8 04:00:02 CEST 2006 Aug 8 04:29:17 vaio cron-apt: CRON-APT SLEEP: 1727, Tue Aug 8 04:28:50 CEST 2006 Aug 8 04:29:17 vaio cron-apt: CRON-APT ACTION: 3-download Aug 8 04:29:17 vaio cron-apt: CRON-APT LINE: /usr/bin/apt-get dist-upgrade -d -y -o APT::Get::Show-Upgraded=true Aug 8 04:29:17 vaio cron-apt: Reading package lists... Aug 8 04:29:17 vaio cron-apt: Building dependency tree... Aug 8 04:29:17 vaio cron-apt: The following packages will be upgraded: Aug 8 04:29:17 vaio cron-apt: apt apt-utils bash binutils console-data cpio db4.3-util fakeroot grub Aug 8 04:29:17 vaio cron-apt: initscripts klibc-utils libacl1 libcupsys2 libdb4.3 libklibc libnewt0.52 Aug 8 04:29:17 vaio cron-apt: libtasn1-3 libtiff4 libxml2 libxml2-dev libxv1 linux-kernel-headers pbuilder Aug 8 04:29:17 vaio cron-apt: pppoeconf python2.3 sysv-rc sysvinit whiptail Aug 8 04:29:17 vaio cron-apt: 28 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Aug 8 04:29:17 vaio cron-apt: Need to get 3235kB/14.8MB of archives. Aug 8 04:29:17 vaio cron-apt: After unpacking 1171kB disk space will be freed. Aug 8 04:29:17 vaio cron-apt: Get:1 http://ftp.fr.debian.org testing/main cpio 2.6-17 [132kB] Aug 8 04:29:17 vaio cron-apt: Get:2 http://ftp.fr.debian.org testing/main python2.3 2.3.5-15 [3103kB] Aug 8 04:29:17 vaio cron-apt: Fetched 3235kB in 12s (251kB/s) Aug 8 04:29:17 vaio cron-apt: Download complete and in download only mode -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-1-686 Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) From micah at debian.org Fri Aug 11 01:27:38 2006 From: micah at debian.org (Micah Anderson) Date: Thu, 10 Aug 2006 21:27:38 -0400 Subject: [Logcheck-devel] Bug#382440: logcheck-database: Postfix rule missing in violations.ignore.d Message-ID: <20060811012738.8762.74272.reportbug@pond.riseup.net> Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Without the following logcheck line in /etc/logcheck/violations.ignore.d, lines such as the following are reported: postfix/smtp[30054]: 824E9A2C1E: to=, relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22, from MTA: 250 Ok: queued as 15140A2D0A) This is because of the keyword "illegal" other accounts with words such as "attack" in their username also get reported. Adding the following seems to resolve this: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ $.*$$ Micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-vserver-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: logcheck-database/conffile-cleanup: false From micah at debian.org Fri Aug 11 02:35:18 2006 From: micah at debian.org (Micah Anderson) Date: Thu, 10 Aug 2006 22:35:18 -0400 Subject: [Logcheck-devel] Bug#382442: logcheck-database: violations.ignore.d/logcheck-postfix "Sender address rejected" rule needs tweak Message-ID: <20060811023518.13316.20935.reportbug@pond.riseup.net> Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch The attached patch makes this postfix line go away: Aug 10 18:04:46 buffy postfix/smtpd[16540]: NOQUEUE: reject: MAIL from mail.stormhosts.net[0.0.0.0]: 504 : Sender address rejected: need fully-qualified address; from= proto=ESMTP helo= You will notice that the current violations.ignore.d/logcheck-postfix has a line for this, but it expects to=<[^[:space:]]+> to always be there, which it is not for some reason. The attached patch fixes this for both cases. Micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-vserver-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: logcheck-database/conffile-cleanup: false -------------- next part -------------- === logcheck-postfix ================================================================== --- logcheck-postfix (revision 1168) +++ logcheck-postfix (local) @@ -1,6 +1,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [.[:digit:]]+: hostname [^[:space:]]+ verification failed: (Host not found|Host name has no address|Name or service not known|Temporary failure in name resolution)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: reject: RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP) helo=[^[:space:]]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: (Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: (Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> (to=<[^[:space:]]+>)?proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo command rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Sender address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)? from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ From micah at riseup.net Fri Aug 11 14:10:16 2006 From: micah at riseup.net (Micah Anderson) Date: Fri, 11 Aug 2006 10:10:16 -0400 Subject: [Logcheck-devel] Bug#382442: ... and yet another Message-ID: <44DC8FC8.8050704@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This same problem occurs in another rule in logcheck-postfix: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( <[^[:space:]]*>:)? Sender address rejected: Domain not found; from=<[^[:space:]]*> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ Many cases have a "to=" occuring after the "from=" and before the "proto=" as the following logline illustrates: Aug 11 05:02:04 buffy postfix/smtpd[30286]: NOQUEUE: reject: RCPT from unknown[0.0.0.0]: 450 : Recipient address rejected: Temporarily refused, please try again later; from= to= proto=SMTP helo=<0.0.0.0>" So the "Sender address rejected: Domain not found" logcheck rule also needs to be modified in the same way as the "Sender address rejected" line was modified in the previous entries to this bug. I've attached a new patch, which resolves both of these issues, you can ignore the previous two patches as this one replaces those. Micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE3I/H9n4qXRzy1ioRArMtAKCkadeK25ISP5tMgS2/CUBoYnJ3mQCeOzAE 1PcTTOARWlUTyFZYMgclJPY= =Z7x3 -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: postfix3.diff Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060811/3c9421ad/attachment.txt From micah at riseup.net Fri Aug 11 13:43:21 2006 From: micah at riseup.net (Micah Anderson) Date: Fri, 11 Aug 2006 09:43:21 -0400 Subject: [Logcheck-devel] Bug#382442: Actual patch attached Message-ID: <44DC8979.6050003@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apparently using reportbug to followup on a bug you cannot attach a patch, so attached here is the actual patch. Micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE3Il59n4qXRzy1ioRAtP3AJ0XqE8ytRVaNi7n8l4i7kLFAIER3gCghNoU Cx5cg/jyWw4dQMCJshIg1No= =ZdHA -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: postfix2.diff Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060811/6e2129ce/attachment.txt From micah at debian.org Fri Aug 11 13:42:03 2006 From: micah at debian.org (Micah Anderson) Date: Fri, 11 Aug 2006 09:42:03 -0400 Subject: [Logcheck-devel] Bug#382442: logcheck-database: Please ignore previous patch, this one should replace it Message-ID: <20060811134203.640.48990.reportbug@pond.riseup.net> Package: logcheck-database Version: 1.2.47 Followup-For: Bug #382442 The patch attached to the original bug report has a flat with a missing space, please use this attached patch instead. Thank you, micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-vserver-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy logcheck-database recommends no packages. -- debconf information excluded From liw at iki.fi Sun Aug 13 09:33:47 2006 From: liw at iki.fi (Lars Wirzenius) Date: Sun, 13 Aug 2006 12:33:47 +0300 Subject: [Logcheck-devel] Bug#355701: Piuparts log for logcheck-database 1.2.47 Message-ID: <1155461627.4865.1.camel@dorfl.liw.iki.fi> Hi, for what it's worth, the piuparts log for the 1.2.47 version of the package is at: http://piuparts.cs.helsinki.fi/bugged/logcheck-database_1.2.47.log It still exhibits the problem, it seems. From maks at sternwelten.at Sun Aug 13 10:20:23 2006 From: maks at sternwelten.at (maximilian attems) Date: Sun, 13 Aug 2006 12:20:23 +0200 Subject: Bug#355701: [Logcheck-devel] Bug#355701: Piuparts log for logcheck-database 1.2.47 In-Reply-To: <1155461627.4865.1.camel@dorfl.liw.iki.fi> References: <1155461627.4865.1.camel@dorfl.liw.iki.fi> Message-ID: <20060813102023.GC4868@baikonur.stro.at> tags 355701 pending stop On Sun, Aug 13, 2006 at 12:33:47PM +0300, Lars Wirzenius wrote: > Hi, for what it's worth, the piuparts log for the 1.2.47 version of the > package is at: > > http://piuparts.cs.helsinki.fi/bugged/logcheck-database_1.2.47.log > > It still exhibits the problem, it seems. thanks for your retest. ok quick and dirty analysis: * /etc/logcheck/ignore.d.paranoid/imap owned by: logcheck-database got moved to server level, can be safely removed. * /etc/logcheck/ignore.d.paranoid/proftpd owned by: logcheck-database zero file size, got dropped due to the move to svn, needs to be removed * /etc/logcheck/ignore.d.workstation/anacron owned by: logcheck-database was moved to ignore.d.server/anacron so can be safely removed. will implement that in postinst for upgrades in svn. -- maks From owner at bugs.debian.org Sun Aug 13 11:03:40 2006 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 13 Aug 2006 04:03:40 -0700 Subject: Processed: Re: [Logcheck-devel] Bug#355701: Piuparts log for logcheck-database 1.2.47 In-Reply-To: <20060813102023.GC4868@baikonur.stro.at> References: <20060813102023.GC4868@baikonur.stro.at> Message-ID: Processing commands for control at bugs.debian.org: > tags 355701 pending Bug#355701: logcheck-database: upgrade from sarge to sid, then purging leaves /etc/logcheck/ignore.d.paranoid/imap Tags were: moreinfo Tags added: pending > stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) From hkunz at ifi.unizh.ch Sun Aug 13 14:07:04 2006 From: hkunz at ifi.unizh.ch (Hanspeter Kunz) Date: Sun, 13 Aug 2006 16:07:04 +0200 Subject: [Logcheck-devel] Bug#382805: logcheck-database: rule to ignore "checking message" (spamd) Message-ID: <1155478024.12889.71.camel@localhost.localdomain> Package: logcheck-database Version: 1.2.47 Severity: normal I get a lot of "System Events" like Aug 13 15:20:38 irulan spamd[13278]: spamd: checking message <20060813132013.6EF8913E7A at localhost.localdomain> for hkunz:1000 or Aug 13 15:22:39 irulan spamd[13278]: spamd: checking message <20060813131956.GA28942 at lapse.madduck.net> aka for hkunz:1000 please consider to add the following rule to ignore.d.server/spamd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?(checking| processing) message <[^[:space:]]+>( aka [^[:space:]]+>)? for [._[:alnum:]-]+:[0-9]+(\.)?$ additionally you could also update the 3rd rule of violations.d.ignore/logcheck-spamd. cheers, Hp. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/standard-rename-note: From owner at bugs.debian.org Sun Aug 13 15:34:19 2006 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 13 Aug 2006 08:34:19 -0700 Subject: Processed: Re: [Logcheck-devel] Bug#382805: logcheck-database: rule to ignore "checking message" (spamd) In-Reply-To: <20060813150613.GA13238@lapse.madduck.net> References: <20060813150613.GA13238@lapse.madduck.net> Message-ID: Processing commands for control at bugs.debian.org: > severity 382805 wishlist Bug#382805: logcheck-database: rule to ignore "checking message" (spamd) Severity set to `wishlist' from `normal' > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) From hkunz at ifi.unizh.ch Sun Aug 13 16:53:25 2006 From: hkunz at ifi.unizh.ch (Hanspeter Kunz) Date: Sun, 13 Aug 2006 18:53:25 +0200 Subject: [Logcheck-devel] Bug#382805: slightly more specific rule Message-ID: <1155488005.12889.100.camel@localhost.localdomain> this is a slightly more specific (and logically more consistent) rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?(checking| processing) message <[^[:space:]]+>( aka <[^[:space:]]+>)? for [._[:alnum:]-]+:[0-9]+(\.)?$ cheers, Hp. From jochem at seventyeight.nl Sun Aug 13 19:30:14 2006 From: jochem at seventyeight.nl (Jochem) Date: Sun, 13 Aug 2006 21:30:14 +0200 Subject: [Logcheck-devel] Bug#382858: logcheck reports "Could not run logtail or save output" Message-ID: <20060813213014.72t5r8lnb4cssggc@webmail.paarlberg.net> Package: logcheck Version: 1.2.39 logcheck sends the following email, without the expected log data: Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.Fu54WY declare -x HOME="/var/lib/logcheck" declare -x LANG="en_US" declare -x LANGUAGE="en_NL:en_US:en_GB:en" declare -x LOGNAME="logcheck" declare -x MAILTO="root" declare -x OLDPWD declare -x PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" declare -x PWD="/var/lib/logcheck" declare -x SHELL="/bin/sh" declare -x SHLVL="2" This looks like an earlier bug with version 1.2.28 of logcheck (bug 277782). However, # ls -l -d /var/lib/logcheck gives drwxr-xr-x 2 logcheck logcheck 4096 2005-04-19 17:58 /var/lib/logcheck System information: Debian Sarge Kernel 2.6.8-3-686-smp From madduck at debian.org Mon Aug 14 14:18:25 2006 From: madduck at debian.org (martin f krafft) Date: Mon, 14 Aug 2006 15:18:25 +0100 Subject: [Logcheck-devel] Bug#382986: default tw=0 for logcheck files Message-ID: <20060814141825.GA22052@lapse.madduck.net> Package: vim Version: 1:7.0-035+1 Severity: wishlist Could vim set autocmd BufNewFile,BufRead /etc/logcheck/*.d*/* set tw=0 by default? Rationale is that /etc/logcheck/*.d*/* are one-per-line regular expressions, some of them way longer than 80 characters. You *never* want them to wrap, which can actually cause problems (too much information filtered). I think the above is non-intrusive and may be magic to users, but I don't think they're going to be much surprised. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature (GPG/PGP) Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060814/a1ca8d55/attachment.pgp From postcards at postcards.com Mon Aug 14 17:41:14 2006 From: postcards at postcards.com (postcards.com) Date: Mon, 14 Aug 2006 19:41:14 +0200 (CEST) Subject: [Logcheck-devel] You have received a greeting from a family member! Message-ID: <20060814174114.1CAF5A35465@mail> An HTML attachment was scrubbed... URL: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060814/3bda8883/attachment.htm From debianbugs at gurski.org Tue Aug 15 04:04:33 2006 From: debianbugs at gurski.org (Michael Gurski) Date: Tue, 15 Aug 2006 00:04:33 -0400 Subject: [Logcheck-devel] Bug#383112: logcheck generates a security alert for bind FORMERR entries, regardless of regex Message-ID: <20060815040433.10193.46673.reportbug@kadath.gurski.org> Package: logcheck Version: 1.2.47 Severity: normal Even when using an ignore regex of ^.+$ or ^.+named.+$ in /etc/logcheck/ignore.d.*/, logcheck generates a security alert entry for bind FORMERR log messages, causing every logcheck email to be flagged as an alert: # sudo -u logcheck logcheck -o -t This email is sent by logcheck. If you wish to no-longer receive it, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). Security Alerts =-=-=-=-=-=-=-= Aug 14 23:02:06 kadath named[6955]: FORMERR resolving 'attacker.com/NS/IN': 216.152.252.8#53 Aug 14 23:02:07 kadath named[6955]: FORMERR resolving 'attacker.com/NS/IN': 64.250.235.139#53 -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-1-vserver-amd64-k8 Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii adduser 3.96 Add and remove users and groups ii cron 3.0pl1-95 management of regular background p ii debconf [debconf 1.5.3 Debian configuration management sy ii grep 2.5.1.ds2-5 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logtail 1.2.47 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii postfix [mail-tr 2.3.2-1 A high-performance mail transport ii syslog-ng [syste 2.0rc1-2 Next generation logging daemon Versions of packages logcheck recommends: ii logcheck-database 1.2.47 database of system log rules for t -- debconf information: logcheck/changes: * logcheck/install-note: From debianbugs at gurski.org Tue Aug 15 04:08:47 2006 From: debianbugs at gurski.org (Michael Gurski) Date: Tue, 15 Aug 2006 00:08:47 -0400 Subject: [Logcheck-devel] Bug#383114: logcheck: violations.ignore.d/postgrey tweak Message-ID: <20060815040847.17088.522.reportbug@kadath.gurski.org> Package: logcheck Version: 1.2.47 Severity: normal The following tweak is needed to match the log messages in postgrey 1.27 in violations.ignore.d/postgrey: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: (NOQUEUE|[0-9A-F]{7,8}): reject: RCPT from .+\[[0-9.]{7,15}\]: 450 [0-9.]+ <.+>: Recipient address rejected: Greylisted, see http://isg\.ee\.ethz\.ch/tools/postgrey/help/.+\.html; from=<.*> to=<.+> proto=E?SMTP helo=<.+>$ (comma after "Greylisted", no parens around "see http://......") -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-1-vserver-amd64-k8 Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii adduser 3.96 Add and remove users and groups ii cron 3.0pl1-95 management of regular background p ii debconf [debconf 1.5.3 Debian configuration management sy ii grep 2.5.1.ds2-5 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logtail 1.2.47 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii postfix [mail-tr 2.3.2-1 A high-performance mail transport ii syslog-ng [syste 2.0rc1-2 Next generation logging daemon Versions of packages logcheck recommends: ii logcheck-database 1.2.47 database of system log rules for t -- debconf information: logcheck/changes: * logcheck/install-note: From peter_e at gmx.net Tue Aug 15 21:28:26 2006 From: peter_e at gmx.net (Peter Eisentraut) Date: Tue, 15 Aug 2006 23:28:26 +0200 Subject: [Logcheck-devel] Bug#377618: logcheck: Please do not abuse debconf Message-ID: <200608152328.26794.peter_e@gmx.net> I had never installed logcheck before today, and the first thing it does is pop up a debconf note to the effect "If you want to configure this package, edit the configuration file. For more information, read the documentation." -- No kidding. I appreciate that you guys are addressing this. I don't see, however, where this claimed fix is. The version in unstable (1.2.47) still contains both notes, which should be moved to README.Debian and NEWS.Debian, respectively. From peter_e at gmx.net Tue Aug 15 22:00:42 2006 From: peter_e at gmx.net (Peter Eisentraut) Date: Wed, 16 Aug 2006 00:00:42 +0200 Subject: [Logcheck-devel] ntp logcheck files Message-ID: <200608160000.43208.peter_e@gmx.net> I see that the logcheck-database package contains a logcheck file for ntp, while the ntp package does the same. This is not good. Is it the ambition of the logcheck team to collect all/many logcheck files in the logcheck-database package, or would you rather keep these with the individual packages? If you would rather keep the ntp logcheck files, please also add one for ntpdate (or make a case why one is no longer needed), and then we can close the relevant bugs (#305864 and #283386). I don't have a strong opinion either way. Just let me know what the plan is. From peter_e at gmx.net Tue Aug 15 21:38:25 2006 From: peter_e at gmx.net (Peter Eisentraut) Date: Tue, 15 Aug 2006 23:38:25 +0200 Subject: [Logcheck-devel] Bug#383243: deluser error message on purge Message-ID: <20060815213825.27430.1519.reportbug@colt.pezone.net> Package: logcheck Version: 1.2.47 Severity: minor $ sudo dpkg --purge logcheck (Reading database ... 157183 files and directories currently installed.) Removing logcheck ... Purging configuration files for logcheck ... /usr/sbin/deluser: The user `logcheck' does not exist. The user did exist before that, as it was properly created on installation. I'm not sure why it would complain like that, but it's weird. From bingo1 at bluebottle.com Wed Aug 16 10:33:26 2006 From: bingo1 at bluebottle.com (bingo) Date: Wed, 16 Aug 2006 05:33:26 -0500 Subject: [Logcheck-devel] Bug#383289: RFE: logtail locking Message-ID: <1155724406.44e2f476e4d68@www.bluebottle.com> Package: logtail Version: 1.2.47 It would be good if logtail supports locking. I can't add locking in the script that parses the output from logtail, because that would be too late. Thanks! -------------------------------------------------------------------------- Get a spam free email account - Visit http://www.bluebottle.com From hart at opensystems.nl Fri Aug 18 23:25:08 2006 From: hart at opensystems.nl (Frank Hart) Date: Sat, 19 Aug 2006 01:25:08 +0200 Subject: [Logcheck-devel] Bug#378333: add it to violations.ignore.d Message-ID: <20060818232508.GA13775@opensystems.nl> Isn't the problem the 'REFUSED' part? This word is also in /etc/logcheck/violations.d/logcheck. So if you add this rule to /etc/logcheck/violations.ignore.d/logcheck-bind, the problem should be solved. -- Frank Hart -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060819/945a0299/attachment.pgp From lists at johnmecham.com Fri Aug 25 14:34:12 2006 From: lists at johnmecham.com (Gary V) Date: Fri, 25 Aug 2006 08:34:12 -0600 Subject: [Logcheck-devel] Bug#384623: ignore.d.server directory only contains lpr and ntp Message-ID: <711738029.20060825083412@johnmecham.com> Package: logcheck-database Version: 1.2.47 Installed 1.2.47. The ignore.d.server directory is dated 8/22/2006 so I would assume it has been recently updated (today is 8/25/2006). Looks like there is a problem with the build as the only two files in the directory are lpr and ntp. Gary V From bernd at zeimetz.de Mon Aug 28 12:19:18 2006 From: bernd at zeimetz.de (Bernd Zeimetz) Date: Mon, 28 Aug 2006 14:19:18 +0200 Subject: [Logcheck-devel] Bug#385001: logcheck-database: 2 broken rules in ignore.d.server/postfix Message-ID: <20060828121918.5305.61633.reportbug@one.recluse.de> Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Heya, 2 of the postfix rules in ignore.d.server are broken/buggy, please apply the attached patch. In [...] [[:alnum:]]+: resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]+>$ is the + missing at the end of the line ---------------------------^ and in [...] statistics: max (message [...] )?(smtp(s)?|25|587): [...] port number 25 should be accepted, too ----------^^ Thanks, Bernd -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.7-grsec Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: logcheck-database/conffile-cleanup: false -------------- next part -------------- diff -cr logcheck-1.2.47.old/rulefiles/linux/ignore.d.server/postfix logcheck-1.2.47/rulefiles/linux/ignore.d.server/postfix *** logcheck-1.2.47.old/rulefiles/linux/ignore.d.server/postfix Mon Aug 28 14:00:18 2006 --- logcheck-1.2.47/rulefiles/linux/ignore.d.server/postfix Mon Aug 28 14:02:27 2006 *************** *** 59,65 **** ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$ ! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP command: .*$ --- 59,65 ---- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$ ! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]+>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP command: .*$ *************** *** 69,75 **** ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent $250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*$$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent $delivered to command: exec /usr/bin/procmail$$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$ ! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for $([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+$ at \w{3} [ :0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start interval \w{3} [ :0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: (domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$ --- 69,75 ---- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent $250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*$$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent $delivered to command: exec /usr/bin/procmail$$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$ ! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for $([.[:digit:]]{1,16}:)?(smtp(s)?|25|587):[.[:digit:]]+$ at \w{3} [ :0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start interval \w{3} [ :0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: (domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$ From bernd at zeimetz.de Mon Aug 28 16:51:44 2006 From: bernd at zeimetz.de (Bernd Zeimetz) Date: Mon, 28 Aug 2006 18:51:44 +0200 Subject: [Logcheck-devel] Bug#385001: Acknowledgement (logcheck-database: 2 broken rules in ignore.d.server/postfix) In-Reply-To: References: <20060828121918.5305.61633.reportbug@one.recluse.de> Message-ID: <44F31F20.3040709@zeimetz.de> Heya, the resent-messages line is obviously still not completely fixed, sorry. I've attached a new patch which will make sure ids like 2 one postfix/cleanup: 9A74170000A0: resent-message-id=<1W_3hD.A.F6E.LVx8EB at murphy> get filtered, too. Best regards, Bernd -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: logcheck_postfix.patch Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060828/85d9b93d/attachment.txt