Logcheck devel - Jan 2005 - Bug#289866: logcheck-database: acces should be access in .../ignore.d.workstation/winbind

Package: logcheck-database
Version: 1.2.32
Severity: normal
Tags: patch

pam_winbind logs every login with:
Jan 11 12:05:01 server pam_winbind[19120]: user 'root' granted
access

Here's my patch for /etc/logcheck/ignore.d.workstation/winbind

--- winbind.orig        2005-01-11 14:26:17.000000000 +0100
+++ winbind     2005-01-11 14:26:33.000000000 +0100
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user
'[._[:alnum:]-]+' granted acces$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user
'[._[:alnum:]-]+' granted access$

Can this file be moved to /etc/logcheck/ignore.d.server?

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]     1.4.34+kalyxo1 Debian configuration management sy

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

tags 289866 pending
thanks

On Tue, 11 Jan 2005, Jens Stark wrote:
> pam_winbind logs every login with:
> Jan 11 12:05:01 server pam_winbind[19120]: user 'root' granted
> access
> 
> Here's my patch for /etc/logcheck/ignore.d.workstation/winbind
 
thanks for bringing that up, fixed in current logcheck cvs.
a++ maks

Processing commands for control at bugs.debian.org:
> tags 289866 pending
Bug#289866: logcheck-database: acces should be access in
.../ignore.d.workstation/winbind
Tags were: patch
Tags added: pending
> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Your message dated Sun, 23 Jan 2005 22:02:06 -0500
with message-id <E1CsuUQ-0007Ww-00 at newraff.debian.org>
and subject line Bug#289866: fixed in logcheck 1.2.34
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Jan 2005 13:35:45
+0000
>From jens.stark at jestanet.de Tue Jan 11 05:35:45 2005
Return-path: <jens.stark at jestanet.de>
Received: from p15160389.pureserver.info (mail.jensstark.com) [217.160.134.83] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CoMBU-0004Xg-00; Tue, 11 Jan 2005 05:35:44 -0800
Received: from localhost (localhost.localnet [127.0.0.1])
	by mail.jensstark.com (Postfix) with ESMTP id CDE02DEC02
	for <submit at bugs.debian.org>; Tue, 11 Jan 2005 14:37:31 +0100 (CET)
Received: from mail.jensstark.com ([127.0.0.1])
	by localhost (rootserver [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 03385-04-10 for <submit at bugs.debian.org>;
	Tue, 11 Jan 2005 14:37:31 +0100 (CET)
Received: from server.home.jestanet.de (server.home.jestanet.de [192.168.1.100])
	by mail.jensstark.com (Postfix) with ESMTP id 092F5DEB40
	for <submit at bugs.debian.org>; Tue, 11 Jan 2005 14:37:31 +0100 (CET)
Received: by server.home.jestanet.de (Postfix, from userid 1000)
	id BDF7F81C27; Tue, 11 Jan 2005 14:35:08 +0100 (CET)
Date: Tue, 11 Jan 2005 14:35:08 +0100
From: Jens Stark <jens.stark at jestanet.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck-database: acces should be access in
.../ignore.d.workstation/winbind
Message-ID: <20050111133508.GA7850 at server.home.jestanet.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at jensstark.com
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.32
Severity: normal
Tags: patch

pam_winbind logs every login with:
Jan 11 12:05:01 server pam_winbind[19120]: user 'root' granted
access

Here's my patch for /etc/logcheck/ignore.d.workstation/winbind

--- winbind.orig        2005-01-11 14:26:17.000000000 +0100
+++ winbind     2005-01-11 14:26:33.000000000 +0100
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user
'[._[:alnum:]-]+' granted acces$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_winbind\[[0-9]+\]: user
'[._[:alnum:]-]+' granted access$

Can this file be moved to /etc/logcheck/ignore.d.server?

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]     1.4.34+kalyxo1 Debian configuration management sy

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

---------------------------------------
Received: (at 289866-close) by bugs.debian.org; 24 Jan 2005 03:05:41
+0000
>From katie at ftp-master.debian.org Sun Jan 23 19:05:41 2005
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CsuXt-0005bJ-00; Sun, 23 Jan 2005 19:05:41 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1CsuUQ-0007Ww-00; Sun, 23 Jan 2005 22:02:06 -0500
From: Todd Troxell <ttroxell at debian.org>
To: 289866-close at bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#289866: fixed in logcheck 1.2.34
Message-Id: <E1CsuUQ-0007Ww-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sun, 23 Jan 2005 22:02:06 -0500
Delivered-To: 289866-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 2

Source: logcheck
Source-Version: 1.2.34

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.34_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.34_all.deb
logcheck_1.2.34.dsc
  to pool/main/l/logcheck/logcheck_1.2.34.dsc
logcheck_1.2.34.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.34.tar.gz
logcheck_1.2.34_all.deb
  to pool/main/l/logcheck/logcheck_1.2.34_all.deb
logtail_1.2.34_all.deb
  to pool/main/l/logcheck/logtail_1.2.34_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 289866 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sunday, 23 Jan 2005 21:31:00 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.34
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at
lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 289529 289801 289866 290195 290511 291395
Changes: 
 logcheck (1.2.34) unstable; urgency=low
 .
   todd:
   * Correct "Gandhi" spelling in docs/README.how.to.interpret.
     Thanks Satya <debbugs at thesatya.com> (closes: #289529)
   * Set logtail to report errors on stderr instead of stdout.
     (closes: #289801)
   * Adjust logcheck to redirect stdout and also stderr when reporting in order
     to maintain the current behavior of logcheck after the change above.
   * Change rule directories to setgid for real this time. (closes: #291395)
   * Update gconf, workstation/kernel rules
   maks:
   * Add pdns, fix scponly, fix gconfd SIGHUP rule.
   * Fix pam_winbind rule at level workstation. (Closes: #289866)
   * Ignore sudo "command continued" logline. (Closes: #290195)
   * Add rule for daily sysklogd -r restart at level server. (Closes: #290511)
   jamie:
   * Update rules for nagios.
Files: 
 6612f3aae699b008fbbce64951b28d74 703 admin optional logcheck_1.2.34.dsc
 1042830c8ae783c69751fc99b588f943 90068 admin optional logcheck_1.2.34.tar.gz
 6cd0126e9f140a2dbaf22d28b5ce08d6 42210 admin optional logcheck_1.2.34_all.deb
 5fc7d09450a439eb169010993c84ac9b 57956 admin optional
logcheck-database_1.2.34_all.deb
 2426337abec798ed7a28ee5954f8717c 25770 admin optional logtail_1.2.34_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9F+E4u3oQ3FHP2YRAvaHAJ95fSajvH++jdpR2UqWiIjk7zXf3QCeJZb1
CdzEyRku0QK3EEeGm27yzUg=ACq6
-----END PGP SIGNATURE-----