[Logcheck-devel] Bug#690145: bad rule in ignore for saslauthd (patch included)

CJ Fearnley cjf at LinuxForce.net
Wed Oct 10 13:24:26 UTC 2012 

Package: logcheck-database
Version: 1.3.13
Severity: normal
File: /etc/logcheck/ignore.d.server/saslauthd


The following patch fixes a bug in the regex for ignoring
useless lines from saslauthd authentication failures
(/etc/logcheck/ignore.d.server/saslauthd) on this Squeeze system:

--- saslauthd.orig	2012-10-10 08:37:50.000000000 -0400
+++ saslauthd	2012-10-10 08:38:10.000000000 -0400
@@ -4,7 +4,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= [[:space:]]*user=[-._[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: pam_unix\(:auth\): check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_auth[[:space:]]*: auth failure: \[user=[._[:alnum:]-]+\] \[service=smtp\] \[realm=[._[:alnum:]-]+\] \[mech=pam\] \[reason=PAM auth error\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_request[[:space:]]*: NULL password received$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: pam_unix\([[:alnum:]]+:[[:alnum:]]+\): check pass; user unknown$

-- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- Configuration Files:
/etc/logcheck/violations.d/logcheck changed [not included]
/etc/logcheck/violations.ignore.d/logcheck-sudo [Errno 2] No such file or directory: u'/etc/logcheck/violations.ignore.d/logcheck-sudo'

-- no debconf information

More information about the Logcheck-devel mailing list