Dan Christensen
2004-May-17 17:13 UTC
[Logcheck-devel] Bug#249474: logcheck-database: more "session opened" and "session closed" lines getting through
Package: logcheck-database Version: 1.2.20a Severity: normal logcheck e-mails me the following lines when I log in and out of xdm: May 17 12:54:07 jdc : (pam_unix) session closed for user jdc May 17 12:55:23 jdc : (pam_unix) session opened for user jdc by root(uid=0) And this line when I log in on the console: May 17 12:54:14 jdc login[26025]: (pam_unix) session opened for user root by LOGIN(uid=0) And this line when I log in via ssh: May 16 14:27:55 jdc sshd[26584]: (pam_unix) session opened for user root by root(uid=0) (Note the word "root" right before "(uid=0)".) Also, reportbug generated the information at the bottom of this message, but it isn't all correct. I have REPORTLEVEL="server" in my logcheck.conf file. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.4.26-1-686-smp Locale: LANG=C, LC_CTYPE=C Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.25 Debian configuration management sy -- debconf information: * logcheck-database/conffile-cleanup: true * logcheck-database/rules-directories-note: * logcheck-database/security_level: workstation * logcheck-database/standard-rename-note:
maks attems
2004-May-17 17:43 UTC
Bug#249474: [Logcheck-devel] Bug#249474: logcheck-database: more "session opened" and "session closed" lines getting through
On Mon, 17 May 2004, Dan Christensen wrote:> logcheck e-mails me the following lines when I log in and out of xdm: > > May 17 12:54:07 jdc : (pam_unix) session closed for user jdc > May 17 12:55:23 jdc : (pam_unix) session opened for user jdc by root(uid=0) > > And this line when I log in on the console: > > May 17 12:54:14 jdc login[26025]: (pam_unix) session opened for user root by LOGIN(uid=0)ok we don't have rules for the above, we will add rules for aboves line for next release.> And this line when I log in via ssh: > > May 16 14:27:55 jdc sshd[26584]: (pam_unix) session opened for user root by root(uid=0)this one is already catched in cvs.> Also, reportbug generated the information at the bottom of this > message, but it isn't all correct. I have > > REPORTLEVEL="server" > > in my logcheck.conf file.you might want to use workstation for a machine that is running xdm? anyways thanks for your bugreport. a++ maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040517/d18cd510/attachment.pgp
maks attems
2004-May-17 18:20 UTC
Bug#249474: [Logcheck-devel] Bug#249474: logcheck-database: more "session opened" and "session closed" lines getting through
On Mon, 17 May 2004, Dan Christensen wrote:> logcheck e-mails me the following lines when I log in and out of xdm: > > May 17 12:54:07 jdc : (pam_unix) session closed for user jdc^ ^> May 17 12:55:23 jdc : (pam_unix) session opened for user jdc by root(uid=0)my previsou reply was to quick, i can't get something usefull of aboves line. what xdm version are you using, default settings? any info regarding xdm would be appreciated, because aboves logging looks more like a bug for xdm. aboves lines shoutld contain something like xdm[579] thanks for more info a++ maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040517/5d1335e4/attachment.pgp
Debian Bug Tracking System
2004-Jun-05 19:03 UTC
[Logcheck-devel] Bug#249474: marked as done (logcheck-database: more "session opened" and "session closed" lines getting through)
Your message dated Sat, 05 Jun 2004 14:47:14 -0400 with message-id <E1BWgCI-0002Wk-00 at newraff.debian.org> and subject line Bug#249474: fixed in logcheck 1.2.22 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 17 May 2004 17:13:32 +0000>From jdc at uwo.ca Mon May 17 10:13:32 2004Return-path: <jdc at uwo.ca> Received: from pony.its.uwo.ca [129.100.2.63] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BPlgC-0003FM-00; Mon, 17 May 2004 10:13:32 -0700 Received: from spork.its.uwo.ca (ride.its.uwo.ca [10.10.10.10]) by pony.its.uwo.ca (8.12.10/8.12.10) with ESMTP id i4HHDLsU006181 for <submit at bugs.debian.org>; Mon, 17 May 2004 13:13:24 -0400 (EDT) Received: from jdc.math.uwo.ca (jdc.math.uwo.ca [129.100.75.77]) by spork.its.uwo.ca (8.12.10/8.12.10) with ESMTP id i4HHD63B021823; Mon, 17 May 2004 13:13:06 -0400 Received: from jdc by jdc.math.uwo.ca with local (Exim 3.36 #1 (Debian)) id 1BPlfl-0000oT-00; Mon, 17 May 2004 13:13:05 -0400 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Dan Christensen <jdc at uwo.ca> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck-database: more "session opened" and "session closed" lines getting through X-Mailer: reportbug 2.58 Date: Mon, 17 May 2004 13:13:05 -0400 Message-Id: <E1BPlfl-0000oT-00 at jdc.math.uwo.ca> X-Spam-Score: 0 () X-Scanned-By: MIMEDefang 2.39 Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck-database Version: 1.2.20a Severity: normal logcheck e-mails me the following lines when I log in and out of xdm: May 17 12:54:07 jdc : (pam_unix) session closed for user jdc May 17 12:55:23 jdc : (pam_unix) session opened for user jdc by root(uid=0) And this line when I log in on the console: May 17 12:54:14 jdc login[26025]: (pam_unix) session opened for user root by LOGIN(uid=0) And this line when I log in via ssh: May 16 14:27:55 jdc sshd[26584]: (pam_unix) session opened for user root by root(uid=0) (Note the word "root" right before "(uid=0)".) Also, reportbug generated the information at the bottom of this message, but it isn't all correct. I have REPORTLEVEL="server" in my logcheck.conf file. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.4.26-1-686-smp Locale: LANG=C, LC_CTYPE=C Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.25 Debian configuration management sy -- debconf information: * logcheck-database/conffile-cleanup: true * logcheck-database/rules-directories-note: * logcheck-database/security_level: workstation * logcheck-database/standard-rename-note: --------------------------------------- Received: (at 249474-close) by bugs.debian.org; 5 Jun 2004 18:53:08 +0000>From katie at ftp-master.debian.org Sat Jun 05 11:53:08 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BWgI0-00047K-00; Sat, 05 Jun 2004 11:53:08 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1BWgCI-0002Wk-00; Sat, 05 Jun 2004 14:47:14 -0400 From: Todd Troxell <ttroxell at debian.org> To: 249474-close at bugs.debian.org X-Katie: $Revision: 1.49 $ Subject: Bug#249474: fixed in logcheck 1.2.22 Message-Id: <E1BWgCI-0002Wk-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Sat, 05 Jun 2004 14:47:14 -0400 Delivered-To: 249474-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 5 Source: logcheck Source-Version: 1.2.22 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.22_all.deb to pool/main/l/logcheck/logcheck-database_1.2.22_all.deb logcheck_1.2.22.dsc to pool/main/l/logcheck/logcheck_1.2.22.dsc logcheck_1.2.22.tar.gz to pool/main/l/logcheck/logcheck_1.2.22.tar.gz logcheck_1.2.22_all.deb to pool/main/l/logcheck/logcheck_1.2.22_all.deb logtail_1.2.22_all.deb to pool/main/l/logcheck/logtail_1.2.22_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 249474 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Saturday, 05 Jun 2004 14:02:47 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.22 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 187496 214117 244172 249181 249474 252078 252174 252216 252556 252597 252661 252712 Changes: logcheck (1.2.22) unstable; urgency=low . maks: * Remove broken attempt to avoid UTF-8. (Closes: #214117) * Update automount, innd, kernel, openvpn, postfix rules. (Closes: #252216, #249474, #244172, #252174, #187496, #249181, #252712) * Better readability of greplogoutput() in logcheck. * Our Perl usage needs 5.8, add dependency. (Closes: #252078) * Rename conflicting logcheck-sendmail rule in logcheck-sendmail_tmp Sendmail ships aboves rule. (Closes: #252661, #252556) todd: * add MAILTO=root to logcheck.cron.d (Closes: #252597) Files: b4d649271722f1adaba3eae3b961bcb4 670 admin optional logcheck_1.2.22.dsc cce8e3065b2037b4fdc21af925488117 72703 admin optional logcheck_1.2.22.tar.gz 15e4a28c47997a531f2c6c8fbc3e1fee 36578 admin optional logcheck_1.2.22_all.deb 7ffa1c5b19d6a56da2907fbc7cf8731e 40522 admin optional logcheck-database_1.2.22_all.deb f4125c78ea56ea2b69da7128731da1cc 21352 admin optional logtail_1.2.22_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAwgxt4u3oQ3FHP2YRAiNUAKDRYE0ttlDkso7D/RmM1CW4TUMrrACfWbfi sOHqiHBgCnThHOqDehtkSVE=Sk5k -----END PGP SIGNATURE-----