[Logcheck-devel] Bug#369497: fixed violations ignore rules for openssh 4.3
Elmar Hoffmann
elho at elho.net
Tue May 30 08:35:23 UTC 2006
Package: logcheck-database
Version: 1.2.44
Severity: normal
Tags: patch
The new openssh 4.3 changed the message for failed reverse-lookups to
contain BREAK-IN instead of BREAKIN. The attached patch fixes the
corresponding rule in violations.ignore.d/logcheck-ssh to match both.
elmar
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-bdclaim
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.1 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
--
.'"`. /"\
| :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ /
`. `' GPG key available via pgp.net against HTML email X
`- & vCards / \
-------------- next part --------------
--- /etc/logcheck/violations.ignore.d/logcheck-ssh.dpkg-dist 2005-10-14 16:33:27.000000000 +0200
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh 2006-05-30 10:24:44.450358753 +0200
@@ -1,4 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAKIN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060530/f162be9c/attachment.pgp
More information about the Logcheck-devel
mailing list