thr3ads.net - Logcheck devel - [Logcheck-devel] Bug#400813: logcheck-database: allow - in hostnames in ssh refused connect messages [Nov 2006]

If this information is useful, please help other people find it:
Share via:

Russ Allbery

2006-Nov-28 21:37 UTC

[Logcheck-devel] Bug#400813: logcheck-database: allow - in hostnames in ssh refused connect messages

Package: logcheck-database
Version: 1.2.51
Severity: minor
Tags: patch

The format of the sshd "refused connect" log message when TCP wrappers
is
used is "refused connect from <hostname> (<ip-address>)". 
Since dashes
are allowed in hostnames, the line matching these entries should read:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:aln
um:].-]+ \([:[:alnum:].]+\)$

(adding - to the first character class that matches the hostname).
Underscore may also be warranted, since although I believe it's a
technical violation of the DNS standards, I've seen sites that use
underscores.  I've only seen dashes in real logs, though.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.8      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

Logcheck devel - Nov 2006 - Bug#400813: logcheck-database: allow - in hostnames in ssh refused connect messages

[Logcheck-devel] Bug#400813: logcheck-database: allow - in hostnames in ssh refused connect messages