Logcheck devel - Jul 2004 - Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped

Package: logcheck
Version: 1.2.23
Severity: normal



Hello,

I have:

# /bin/cat ignore.d.server/cron 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST
\([[:alnum:]-]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE
\([[:alnum:]-]+\)$

and:

# /bin/cat ignore.d.paranoid/cron 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\)
CMD \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) STARTUP
\(fork ok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \([^[:space:]]+\)
RELOAD \([^[:space:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(pidfile fd = [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(Running @reboot jobs\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(Skipping @reboot jobs -- not system startup\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
closed for user [[:alnum:]-]+$



which does not make sense. Generally, "paranoid" excludes fewer
items from a listing, not more.



Best,
--Toni++



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.20-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US

Your message dated Wed, 21 Jul 2004 11:29:31 +0200
with message-id <20040721092931.GB1874 at stro.at>
and subject line [Logcheck-devel] Bug#260573: logcheck: ignore.d.paranoid/cron
and ignore.d.server/cron swapped
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Jul 2004 08:53:45
+0000
>From support at oeko.net Wed Jul 21 01:53:45 2004
Return-path: <support at oeko.net>
Received: from maple.oeko.net (mail2.oeko.net) [212.102.236.23] 
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1BnCrB-0007va-00; Wed, 21 Jul 2004 01:53:45 -0700
Received: (qmail 19142 invoked from network); 21 Jul 2004 08:53:41 -0000
Received: from unknown (HELO oak.oeko.net) (212.102.236.48)
  by maple.oeko.net with SMTP; 21 Jul 2004 08:53:41 -0000
Received: (qmail 26580 invoked from network); 21 Jul 2004 08:53:41 -0000
Received: from 5.1.168.192.in-addr.arpa (HELO birch) (192.168.1.5)
  by 8.1.168.192.in-addr.arpa with SMTP; 21 Jul 2004 08:53:41 -0000
Received: by birch (Postfix, from userid 1000)
	id 081AA3BEB5; Wed, 21 Jul 2004 10:53:40 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: duun <support at oeko.net>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
X-Mailer: reportbug 2.56
Date: Wed, 21 Jul 2004 10:53:40 +0200
Message-Id: <20040721085340.081AA3BEB5 at birch>
X-BadReturnPath: toni at birch.oeko.net rewritten as support at oeko.net
  using "From" header
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck
Version: 1.2.23
Severity: normal



Hello,

I have:

# /bin/cat ignore.d.server/cron 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST
\([[:alnum:]-]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE
\([[:alnum:]-]+\)$

and:

# /bin/cat ignore.d.paranoid/cron 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\)
CMD \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) STARTUP
\(fork ok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \([^[:space:]]+\)
RELOAD \([^[:space:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(pidfile fd = [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(Running @reboot jobs\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(Skipping @reboot jobs -- not system startup\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
closed for user [[:alnum:]-]+$



which does not make sense. Generally, "paranoid" excludes fewer
items from a listing, not more.



Best,
--Toni++



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.20-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US

---------------------------------------
Received: (at 260573-done) by bugs.debian.org; 21 Jul 2004 09:29:35
+0000
>From max at stro.at Wed Jul 21 02:29:35 2004
Return-path: <max at stro.at>
Received: from baikonur.stro.at [213.239.196.228] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BnDPr-0005Ey-00; Wed, 21 Jul 2004 02:29:35 -0700
Received: from localhost (localhost [127.0.0.1])
	by baikonur.stro.at (Postfix) with ESMTP id 0D6035C009
	for <260573-done at bugs.debian.org>; Wed, 21 Jul 2004 11:29:33 +0200
(CEST)
Received: from baikonur.stro.at ([127.0.0.1])
	by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 18286-10 for <260573-done at bugs.debian.org>;
	Wed, 21 Jul 2004 11:29:31 +0200 (CEST)
Received: from sputnik (M984P025.adsl.highway.telekom.at [62.47.154.249])
	by baikonur.stro.at (Postfix) with ESMTP id 753035C008
	for <260573-done at bugs.debian.org>; Wed, 21 Jul 2004 11:29:31 +0200
(CEST)
Received: from max by sputnik with local (Exim 4.32)
	id 1BnDPn-00031J-A3
	for 260573-done at bugs.debian.org; Wed, 21 Jul 2004 11:29:31 +0200
Date: Wed, 21 Jul 2004 11:29:31 +0200
From: maks attems <debian at sternwelten.at>
To: 260573-done at bugs.debian.org
Subject: Re: [Logcheck-devel] Bug#260573: logcheck: ignore.d.paranoid/cron and
ignore.d.server/cron swapped
Message-ID: <20040721092931.GB1874 at stro.at>
References: <20040721085340.081AA3BEB5 at birch>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
boundary="cvVnyQ+4j833TQvp"
Content-Disposition: inline
In-Reply-To: <20040721085340.081AA3BEB5 at birch>
User-Agent: Mutt/1.5.6+20040523i
Sender: maximilian attems <max at stro.at>
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 260573-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--cvVnyQ+4j833TQvp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, 21 Jul 2004, duun wrote:
> Package: logcheck
> Version: 1.2.23
> Severity: normal
>=20
>=20
>=20
> Hello,
>=20
> I have:
>=20
> # /bin/cat ignore.d.server/cron=20
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\)
LIST \([[:alnum:]-]+\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\)
REPLACE \([[:alnum:]-]+\)$
>=20
> and:
>=20
> # /bin/cat ignore.d.paranoid/cron=20
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]:
\([[:alnum:]-]+\) CMD \(.*\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\)
STARTUP \(fork ok\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]:
\([^[:space:]]+\) RELOAD \([^[:space:]]+\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(pidfile fd =3D [0-9]+\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(Running @reboot jobs\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO
\(Skipping @reboot jobs -- not system startup\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\)
session opened for user [[:alnum:]-]+ by \(uid=3D[0-9]+\)$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\)
session closed for user [[:alnum:]-]+$
>=20
>=20
>=20
> which does not make sense. Generally, "paranoid" excludes fewer
> items from a listing, not more.
>=20
>=20
>=20
> Best,
> --Toni++
it makes perfectly sense for cron,=20
as even on a machine running as few services as possible,
you will have with high probability cron running.
admins will not want to get spewed with harmless loglines.

unless you tell a specific message that logcheck should report at level paranoid
for cron your bug report is just childish. closing it.

a++ maks


--cvVnyQ+4j833TQvp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA/jd76//kSTNjoX0RAg+OAJ9B7uOY2Btj9Ciy0eK0ci1jGYJfCwCfSgYo
7TVQ/8VFAAiRSFfXYODNCz8=OD2O
-----END PGP SIGNATURE-----

--cvVnyQ+4j833TQvp--