Logcheck devel - Jun 2004 - Bug#186849: marked as done (logcheck-database: corrections to oidentd rules )

Your message dated Thu, 03 Jun 2004 06:02:03 -0400
with message-id <E1BVp2x-00023s-00 at newraff.debian.org>
and subject line Bug#186849: fixed in logcheck 1.2.21
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Mar 2003 15:28:31
+0000
>From ik5pvx at home.tippete.net Sun Mar 30 09:28:30 2003
Return-path: <ik5pvx at home.tippete.net>
Received: from host130-255.pool62211.interbusiness.it (penny.tippete.net)
[62.211.255.130] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 18zejW-0003VQ-00; Sun, 30 Mar 2003 09:28:30 -0600
Received: from ik5pvx by penny.tippete.net with local (Exim 4.14 #1 (Debian)
[+prerelease])
	id 18zejT-00065g-JK
	for <submit at bugs.debian.org>; Sun, 30 Mar 2003 17:28:27 +0200
To: Debian Bug Tracking System <submit at bugs.debian.org> 
Subject: logcheck-database: corrections to oidentd rules 
X-Debbugs-CC: Pierfrancesco Caci <pf at tippete.net>
Reply-To: Pierfrancesco Caci <pf at tippete.net>
From: Pierfrancesco Caci <ik5pvx at home.tippete.net>
Date: Sun, 30 Mar 2003 17:28:27 +0200
Message-ID: <87llywri04.fsf at home.tippete.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: submit at bugs.debian.org
X-Spam-Status: No, hits=-2.5 required=4.0
	tests=HAS_PACKAGE,SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,
	      X_DEBBUGS_CC
	version=2.44
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.12
Severity: minor
Tags: patch


Hello, 
the rules included for oidentd in ignore.d.server are not complete:
The first one:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from localhost
\(127.0.0.1\)$

does not catch this type of message from oidentd:

Mar 30 17:12:54 penny oidentd[22407]: Connection from localhost (127.0.0.1):0

i.e., it fails because of that :0 at the end.

I've never seen anything else than :0 so this modified line should be
enough:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from localhost
\(127.0.0.1\):0$

oidentd also frequently gives these lines (they are triggered by
fetchmail passing the mail to locally running exim):

oidentd[22407]: [localhost] Successful lookup: 42974 , 25 : root (UNKNOWN)

I think it would be safe to ignore all localhost messages while
running as reportlevel=server 

This line catches the above message:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: \[localhost\] Successful
lookup: .* , .* : .* \(.*\)$


As an aside, I would like to know why the above two lines did not work
if I put them in ignore.d.server/local-oidentd instead of 
ignore.d.server/oidentd (and yes, you can file a bug against my brain
if necessary :-) 

Thank you


Pf


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux penny 2.4.21-pre5-ac3 #1 Sat Mar 15 22:04:18 CET 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck-database depends on:
ii  debconf                       1.2.34     Debian configuration management sy

-- debconf information:
* logcheck-database/rules-directories-note: 
* logcheck-database/standard-rename-note: 
* logcheck-database/conffile-cleanup: true
* logcheck-database/security_level: server


-- 

-------------------------------------------------------------------------------
 Pierfrancesco Caci | ik5pvx | mailto:p.caci at tin.it  - 
http://gusp.dyndns.org
  Firenze - Italia  | Office for the Complication of Otherwise Simple Affairs 
     Linux penny 2.4.21-pre5-ac3 #1 Sat Mar 15 22:04:18 CET 2003 i686 GNU/Linux


---------------------------------------
Received: (at 186849-close) by bugs.debian.org; 3 Jun 2004 10:09:30
+0000
>From katie at ftp-master.debian.org Thu Jun 03 03:09:30 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BVpAA-0005S5-00; Thu, 03 Jun 2004 03:09:30 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1BVp2x-00023s-00; Thu, 03 Jun 2004 06:02:03 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 186849-close at bugs.debian.org
X-Katie: $Revision: 1.49 $
Subject: Bug#186849: fixed in logcheck 1.2.21
Message-Id: <E1BVp2x-00023s-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Thu, 03 Jun 2004 06:02:03 -0400
Delivered-To: 186849-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 3

Source: logcheck
Source-Version: 1.2.21

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.21_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.21_all.deb
logcheck_1.2.21.dsc
  to pool/main/l/logcheck/logcheck_1.2.21.dsc
logcheck_1.2.21.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.21.tar.gz
logcheck_1.2.21_all.deb
  to pool/main/l/logcheck/logcheck_1.2.21_all.deb
logtail_1.2.21_all.deb
  to pool/main/l/logcheck/logtail_1.2.21_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 186849 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thursday, 03 Jun 2004 05:49:47 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.21
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at
lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 174173 182992 186849 192192 198767 213709 222240 226937 248409 248816
249074 249181 249324 250373 250374 251364 251463 252173
Changes: 
 logcheck (1.2.21) unstable; urgency=low
 .
   maks:
   * Better description of logtail package.
   * Recommend use of an offsite email address in main conf.
   * Added and updated bind, cracklib, innd, kernel, logcheck, nntpcache,
     Login.app, proftp, postfix, pump, sendmail rulefiles.
     (Closes: #248816, #213709, #198767, #248409, #249074, #250374, #250373,
      #249181)
   * Added -v switch (outputs logcheck version).
   * Harden permissions regarding world.
   * Added and updated arpwatch, bind, gconf, gdm, kernel, openvpn, postfix,
     rpc.statd and spamd rules.  thanks to Peter Palfrader <weasel at
debian.org>.
   * New Config option for subject tags [logcheck].
   * Lower all debconf messages priority.
   * Added and updated oidentd rules. (Closes: #186849)
     thanks to Tobias Wolter <towo+bugs at ydal.de>
   * Ignore normal use of su and sudo. (Closes: #182992, #192192)
   * Remove empty file innd.
   * Add switches to logtails default arguments.
   * Added cvs-build, cvs-clean debian/rules - stolen from apt.
   * Denote /etc/logcheck/logcheck.logfile as CFG in manpage and logcheck.
   * Move logtail.8 from debian to doc dir.
   * Added Japanese translation. thanks to Hideki Yamane (Closes: #251463)
   * Added French translation. thanks to R?mi Pannequin (Closes: #252173)
   * Fix bashishm in preinst and postinst. (Closes: #251364)
   todd:
   * Add debconf to logcheck Depends:
   * Check the return values of all commands that write to disk.
     (Closes: #174173)
   * Add NEWS.Debian to logcheck.docs (Followup to #247360)
   eevans:
   * Made addition of logcheck user and permissions/ownership changes a
     conditional of an upgrade from a version less than 1.2.19.
     (Closes: #249324)
   * Added a note to README.Debian on how to manually change the cronjob
     interval. (Closes: #222240, #226937)
   alfie:
   * src/logcheck: test also for readability for the header.txt and footer.txt.
   * debian/changelog: stripped all trailing whitespace from the file.
   * debian/*templates: Some small consistency and formating updates. Updated
     the debian/po/*.po files too.
Files: 
 ca12c9c51dc70453a7fcb1859f17ccc3 670 admin optional logcheck_1.2.21.dsc
 2def0e9e4ccc428e49126c5e391e4597 72037 admin optional logcheck_1.2.21.tar.gz
 c87bba838b413e6f939edd7336e07579 36388 admin optional logcheck_1.2.21_all.deb
 806b69d2d16042c4f2060df79d73a1bd 39956 admin optional
logcheck-database_1.2.21_all.deb
 2554603f91374e07d19293a5277ab153 21170 admin optional logtail_1.2.21_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFAvvYw4u3oQ3FHP2YRAkukAKCztbEVc4ziE6zmo4VijzQHma/yKwCYvKTP
1FzcH4V8Ag3K8hSwSnDbvw==s9Dc
-----END PGP SIGNATURE-----