Sam Snow
2004-Aug-17 21:09 UTC
[Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
Package: logcheck Version: 1.2.24 Severity: wishlist pam_winbind, part of the Winbind package which works with Samba generates various messages to auth.log. The most common of these messages is not ignored by logcheck, but probably should be. Example: Aug 17 14:49:51 wardrobe pam_winbind[31161]: user 'joeuser' granted acces Other messages are also generated, but should probably *not* be ignored (?): Aug 7 07:35:09 wardrobe pam_winbind[19822]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD Aug 7 07:35:46 wardrobe pam_winbind[19829]: request failed: Account locked out, PAM error was 11, NT error was NT_STATUS_ACCOUNT_LOCKED_OUT Aug 9 20:51:38 wardrobe pam_winbind[24950]: request failed: Password expired, PAM error was 27, NT error was NT_STATUS_PASSWORD_EXPIRED Aug 13 15:14:36 wardrobe pam_winbind[1108]: request failed: Must change password, PAM error was 12, NT error was NT_STATUS_PASSWORD_MUST_CHANGE etc. Thank you for your help! Sam -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (650, 'testing'), (600, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.20-bf2.4 Locale: LANG=C, LC_CTYPE=C Versions of packages logcheck depends on: ii adduser 3.57 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.24 A database of system log rules for ii logtail 1.2.24 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent ii perl 5.8.4-2 Larry Wall's Practical Extraction ii qmail-run [mail- 1.1.0 sets up qmail as mail-transfer-age ii sysklogd [system 1.4.1-15 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note:
maks attems
2004-Aug-25 17:12 UTC
Bug#266432: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
tags #266432 pending thanks On Tue, 17 Aug 2004, Sam Snow wrote:> Package: logcheck > Version: 1.2.24 > Severity: wishlist > > pam_winbind, part of the Winbind package which works with Samba > generates various messages to auth.log. The most common of these > messages is not ignored by logcheck, but probably should be. > > Example: > Aug 17 14:49:51 wardrobe pam_winbind[31161]: user 'joeuser' granted > acces > > > Other messages are also generated, but should probably *not* be ignored > (?): > > Aug 7 07:35:09 wardrobe pam_winbind[19822]: request failed: Wrong > Password, PAM > error was 7, NT error was NT_STATUS_WRONG_PASSWORD > > > Aug 7 07:35:46 wardrobe pam_winbind[19829]: request failed: Account > locked out, PAM > error was 11, NT error was NT_STATUS_ACCOUNT_LOCKED_OUT > > > Aug 9 20:51:38 wardrobe pam_winbind[24950]: request failed: Password > expired, PAM error was 27, NT error was NT_STATUS_PASSWORD_EXPIRED > > > Aug 13 15:14:36 wardrobe pam_winbind[1108]: request failed: Must change > password, > PAM error was 12, NT error was NT_STATUS_PASSWORD_MUST_CHANGE > > etc. > > Thank you for your help! > Samadded in logcheck cvs for workstation level. thanks for your bug-report, you may want to test attached local-winbind in ignore.d.server or ignore.d.workstation on your machine and report back. -- maks -------------- next part -------------- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user '[_[:alnum:]-]+' granted acces$
Debian Bug Tracking System
2004-Aug-25 17:18 UTC
Processed: Re: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
Processing commands for control at bugs.debian.org:> tags #266432 pendingBug#266432: logcheck: missing ignore pattern for pam_winbind There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Sam Snow
2004-Aug-27 14:04 UTC
Bug#266432: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
A non-text attachment was scrubbed... Name: not available Type: multipart/mixed Size: 1302 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040827/b29066ca/attachment.bin
maks attems
2004-Aug-27 22:55 UTC
Bug#266432: [Logcheck-devel] Bug#266432: logcheck: missing ignore pattern for pam_winbind
On Fri, 27 Aug 2004, Sam Snow wrote:> maks attems said:..> > you may want to try attached local-winbind. > > please report back. > > > > Works perfectly; tested against the latest testing install. I placed the > "nt user does not exist" in violations.ignore.d and the other line in > ignore.d.server (for my setup).thanks for testing them :) great hint that one message was a "security event". both rules are in current logcheck cvs. -- maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040828/82f11d4e/attachment.pgp
Debian Bug Tracking System
2004-Aug-31 06:18 UTC
[Logcheck-devel] Bug#266432: marked as done (logcheck: missing ignore pattern for pam_winbind)
Your message dated Tue, 31 Aug 2004 02:02:03 -0400 with message-id <E1C21iV-0007Rv-00 at newraff.debian.org> and subject line Bug#266432: fixed in logcheck 1.2.26 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 17 Aug 2004 21:09:57 +0000>From snowsam at christianheritageschool.org Tue Aug 17 14:09:57 2004Return-path: <snowsam at christianheritageschool.org> Received: from mgr2.xmission.com [198.60.22.202] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BxBDQ-0004sq-00; Tue, 17 Aug 2004 14:09:57 -0700 Received: from [198.60.22.201] (helo=mgr1.xmission.com) by mgr2.xmission.com with esmtp (Exim 3.35 #1) id 1BxBDP-0001iG-02 for submit at bugs.debian.org; Tue, 17 Aug 2004 15:09:55 -0600 Received: from [166.70.196.231] (helo=christianheritageschool.org) by mgr1.xmission.com with smtp (Exim 4.32) id 1BxBDP-0002Xs-Ql for submit at bugs.debian.org; Tue, 17 Aug 2004 15:09:55 -0600 Received: (qmail 31866 invoked by uid 1000); 17 Aug 2004 21:09:55 -0000 Message-ID: <20040817210955.31865.qmail at christianheritageschool.org> MIME-Version: 1.0 From: Sam Snow <snowsam at christianheritageschool.org> To: Debian Bug Tracking System <submit at bugs.debian.org> X-Mailer: reportbug 2.63 Date: Tue, 17 Aug 2004 15:09:55 -0600 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: logcheck: missing ignore pattern for pam_winbind X-SA-Exim-Connect-IP: 166.70.196.231 X-SA-Exim-Mail-From: snowsam at christianheritageschool.org X-SA-Exim-Version: 4.0 (built Sat, 24 Apr 2004 12:31:30 +0200) X-SA-Exim-Scanned: Yes (on mgr1.xmission.com) Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck Version: 1.2.24 Severity: wishlist pam_winbind, part of the Winbind package which works with Samba generates various messages to auth.log. The most common of these messages is not ignored by logcheck, but probably should be. Example: Aug 17 14:49:51 wardrobe pam_winbind[31161]: user 'joeuser' granted acces Other messages are also generated, but should probably *not* be ignored (?): Aug 7 07:35:09 wardrobe pam_winbind[19822]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD Aug 7 07:35:46 wardrobe pam_winbind[19829]: request failed: Account locked out, PAM error was 11, NT error was NT_STATUS_ACCOUNT_LOCKED_OUT Aug 9 20:51:38 wardrobe pam_winbind[24950]: request failed: Password expired, PAM error was 27, NT error was NT_STATUS_PASSWORD_EXPIRED Aug 13 15:14:36 wardrobe pam_winbind[1108]: request failed: Must change password, PAM error was 12, NT error was NT_STATUS_PASSWORD_MUST_CHANGE etc. Thank you for your help! Sam -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (650, 'testing'), (600, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.20-bf2.4 Locale: LANG=C, LC_CTYPE=C Versions of packages logcheck depends on: ii adduser 3.57 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.24 A database of system log rules for ii logtail 1.2.24 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent ii perl 5.8.4-2 Larry Wall's Practical Extraction ii qmail-run [mail- 1.1.0 sets up qmail as mail-transfer-age ii sysklogd [system 1.4.1-15 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note: --------------------------------------- Received: (at 266432-close) by bugs.debian.org; 31 Aug 2004 06:08:03 +0000>From katie at ftp-master.debian.org Mon Aug 30 23:08:03 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C21oJ-0000Ow-00; Mon, 30 Aug 2004 23:08:03 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1C21iV-0007Rv-00; Tue, 31 Aug 2004 02:02:03 -0400 From: Todd Troxell <ttroxell at debian.org> To: 266432-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#266432: fixed in logcheck 1.2.26 Message-Id: <E1C21iV-0007Rv-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Tue, 31 Aug 2004 02:02:03 -0400 Delivered-To: 266432-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Source: logcheck Source-Version: 1.2.26 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.26_all.deb to pool/main/l/logcheck/logcheck-database_1.2.26_all.deb logcheck_1.2.26.dsc to pool/main/l/logcheck/logcheck_1.2.26.dsc logcheck_1.2.26.tar.gz to pool/main/l/logcheck/logcheck_1.2.26.tar.gz logcheck_1.2.26_all.deb to pool/main/l/logcheck/logcheck_1.2.26_all.deb logtail_1.2.26_all.deb to pool/main/l/logcheck/logtail_1.2.26_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 266432 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Friday, 13 Aug 2004 22:54:13 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.26 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 266432 267587 Changes: logcheck (1.2.26) unstable; urgency=low . maks: * Fix multi-line build-depends lintian warning for source package. * Add su usage hint a root check. thanks todd and Alfie! * Small rules updated and added dhcp, nagios, postfix, squid, winbind. (Closes: #267587, #266432) Files: b9ca574020cda3972f357127e89e3795 668 admin optional logcheck_1.2.26.dsc f50076134d05b50316ffbf3782a3947e 80223 admin optional logcheck_1.2.26.tar.gz 96ffe9620646e6290a2a60937bcae9dc 38714 admin optional logcheck_1.2.26_all.deb 5fb917e0881453ddf9b101b221b9c19e 47408 admin optional logcheck-database_1.2.26_all.deb 1742a7bd5cddd1bd8ba3b68420ad5715 22748 admin optional logtail_1.2.26_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBNBFK4u3oQ3FHP2YRAspdAKCvswrmU8OJ9wetOnBX+HMxe+3r+wCfcdU/ lpUu/ag4a36CI5d+lY3Qg9I=lpq6 -----END PGP SIGNATURE-----