[Logcheck-devel] Bug#369497: fixed violations ignore rules for openssh 4.3

Elmar Hoffmann elho at elho.net
Tue May 30 08:35:23 UTC 2006 

Package: logcheck-database
Version: 1.2.44
Severity: normal
Tags: patch

The new openssh 4.3 changed the message for failed reverse-lookups to
contain BREAK-IN instead of BREAKIN. The attached patch fixes the
corresponding rule in violations.ignore.d/logcheck-ssh to match both.

elmar

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-bdclaim
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.1      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

-- 

 .'"`.                                                            /"\
| :' :   Elmar Hoffmann <elho at elho.net>    ASCII Ribbon Campaign  \ /
`. `'    GPG key available via pgp.net        against HTML email   X
  `-                                                    & vCards  / \
-------------- next part --------------
--- /etc/logcheck/violations.ignore.d/logcheck-ssh.dpkg-dist	2005-10-14 16:33:27.000000000 +0200
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh	2006-05-30 10:24:44.450358753 +0200
@@ -1,4 +1,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAKIN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060530/f162be9c/attachment.pgp

More information about the Logcheck-devel mailing list