[Logcheck-devel] Bug#445073: /etc/logcheck/violations.ignore.d/logcheck-ssh: Update to "reverse mapping checking getaddrinfo" rule
Frédéric Brière
fbriere at fbriere.net
Wed Oct 3 03:18:02 UTC 2007
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Last year, openssh was modified[*] to include the IP address when
issueing its "reverse mapping checking getaddrinfo" message. From what
I can tell, this was probably only brought into Debian with 4.6p1 this
June, so I'm leaving that part optional to ease the etch backports:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ (\[[:.[:xdigit:]]+\] )?failed - POSSIBLE BREAK-?IN ATTEMPT!$
[*] <http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/canohost.c.diff?r1=1.49&r2=1.50&f=h>
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- debconf information excluded
More information about the Logcheck-devel
mailing list