Elmar Hoffmann
2005-Oct-08 18:11 UTC
[Logcheck-devel] Bug#332807: proftpd rules do not support IPv6 addresses
Package: logcheck-database Version: 1.2.41 Severity: normal Tags: patch The rules for proftpd do not support IPv6 addresses, the attached patch fixes this. elmar -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-bdclaim Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: -- .'"`. /"\ | :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ / `. `' GPG key available via pgp.net against HTML email X `- & vCards / \ -------------- next part -------------- --- /etc/logcheck/ignore.d.server/proftpd.dpkg-dist 2005-05-29 06:32:18.000000000 +0200 +++ /etc/logcheck/ignore.d.server/proftpd 2005-10-08 19:36:22.567973645 +0200 @@ -1,4 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login successful\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )FTP session (opened|closed)\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )USER [._[:alnum:]-]+: Login successful\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051008/c89518dd/attachment.pgp
Elmar Hoffmann
2005-Oct-10 12:22 UTC
[Logcheck-devel] Bug#332807: proftpd rules do not support IPv6 addresses
Hi, on Sat, Oct 08, 2005 at 20:11:35 +0200, I wrote:> The rules for proftpd do not support IPv6 addresses, the attached > patch fixes this.Here's an updated version of that patch, that also matches IPv6 hosts without working reverse DNS. elmar -- .'"`. /"\ | :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ / `. `' GPG key available via pgp.net against HTML email X `- & vCards / \ -------------- next part -------------- --- /etc/logcheck/ignore.d.server/proftpd.dpkg-dist 2005-05-29 06:32:18.000000000 +0200 +++ /etc/logcheck/ignore.d.server/proftpd 2005-10-10 14:08:02.011280280 +0200 @@ -1,4 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login successful\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )FTP session (opened|closed)\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )USER [._[:alnum:]-]+: Login successful\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([.:_[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051010/ff50d7a5/attachment.pgp
Debian Bug Tracking System
2005-Oct-23 04:48 UTC
[Logcheck-devel] Bug#332807: marked as done (proftpd rules do not support IPv6 addresses)
Your message dated Sat, 22 Oct 2005 21:32:06 -0700 with message-id <E1ETXWg-0003nB-00 at spohr.debian.org> and subject line Bug#332807: fixed in logcheck 1.2.42 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 8 Oct 2005 18:11:40 +0000>From elho at psycho.elho.net Sat Oct 08 11:11:40 2005Return-path: <elho at psycho.elho.net> Received: from psycho.elho.net [62.8.228.162] (Debian-exim) by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EOJAY-0003rh-00; Sat, 08 Oct 2005 11:11:38 -0700 Received: from elho by psycho.elho.net with local (Exim 4.53) id 1EOJAV-0002WE-N8; Sat, 08 Oct 2005 20:11:35 +0200 Date: Sat, 8 Oct 2005 20:11:35 +0200 From: Elmar Hoffmann <elho at elho.net> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: proftpd rules do not support IPv6 addresses Message-ID: <20051008181135.GA4796 at psycho.elho.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5I6of5zJg18YgZEa" Content-Disposition: inline X-Reportbug-Version: 3.17 OpenPGP: id=0x3F101691D98502C5; url=http://www.elho.net/gpg.asc User-Agent: Mutt/1.5.11 Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 --5I6of5zJg18YgZEa Content-Type: multipart/mixed; boundary="DocE+STaALJfprDB" Content-Disposition: inline --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: logcheck-database Version: 1.2.41 Severity: normal Tags: patch The rules for proftpd do not support IPv6 addresses, the attached patch fixes this. elmar -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-bdclaim Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: --=20 .'"`. /"\ | :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ / `. `' GPG key available via pgp.net against HTML email X `- & vCards / \ --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="logcheck-proftpd.diff" --- /etc/logcheck/ignore.d.server/proftpd.dpkg-dist 2005-05-29 06:32:18.000000000 +0200 +++ /etc/logcheck/ignore.d.server/proftpd 2005-10-08 19:36:22.567973645 +0200 @@ -1,4 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )FTP session (opened|closed)\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )USER [._[:alnum:]-]+: Login successful\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )FTP session (opened|closed)\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )USER [._[:alnum:]-]+: Login successful\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9.]{7,15}\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[0-9a-f.:]+\]\) (- )mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$ --DocE+STaALJfprDB-- --5I6of5zJg18YgZEa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDSAvXPxAWkdmFAsURAr/PAKCOLZ5QED132/xOloWNCn0tgnBfkQCgiyJQ QSqS3+PWSW/pKvUskxb9nWc=iRH+ -----END PGP SIGNATURE----- --5I6of5zJg18YgZEa-- --------------------------------------- Received: (at 332807-close) by bugs.debian.org; 23 Oct 2005 04:38:31 +0000>From katie at spohr.debian.org Sat Oct 22 21:38:31 2005Return-path: <katie at spohr.debian.org> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1ETXWg-0003nB-00; Sat, 22 Oct 2005 21:32:06 -0700 From: Todd Troxell <ttroxell at debian.org> To: 332807-close at bugs.debian.org X-Katie: $Revision: 1.56 $ Subject: Bug#332807: fixed in logcheck 1.2.42 Message-Id: <E1ETXWg-0003nB-00 at spohr.debian.org> Sender: Archive Administrator <katie at spohr.debian.org> Date: Sat, 22 Oct 2005 21:32:06 -0700 Delivered-To: 332807-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 22 Source: logcheck Source-Version: 1.2.42 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.42_all.deb to pool/main/l/logcheck/logcheck-database_1.2.42_all.deb logcheck_1.2.42.dsc to pool/main/l/logcheck/logcheck_1.2.42.dsc logcheck_1.2.42.tar.gz to pool/main/l/logcheck/logcheck_1.2.42.tar.gz logcheck_1.2.42_all.deb to pool/main/l/logcheck/logcheck_1.2.42_all.deb logtail_1.2.42_all.deb to pool/main/l/logcheck/logtail_1.2.42_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 332807 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 22 Oct 2005 23:14:54 -0400 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.42 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 312393 324347 324451 324613 324615 324751 325800 325801 325874 327088 327100 327114 328251 328632 330208 331282 332707 332807 333233 333456 333461 334342 334415 335021 Changes: logcheck (1.2.42) unstable; urgency=low . [ maximilian attems ] * Add dccproc timeout rule. * Only source the conffile if we can read it. Should enable logcheck runs directly out of the logcheck source. * Default to send mail to local root otherwise messages go to Nirvana. * Check if conffile with list of logfiles is readable. * Fallback to read syslog if no logfile is provided. * Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751) * Add rule for recent nfs mountd messages. Thanks to toby cabot <toby at caboteria.org>. (Closes: #325800) * Move imap file to server level, not appropriate for paranoid. * Add imap ignore rule for moved bytes, seems pretty normal imap usage. Thanks to toby cabot <toby at caboteria.org>. (Closes: #325801) * Add rule for Postponed keyboard-interactive ssh logins. * Update some usb rules for usb-storage and phone devices. (Closes: #324347) * Update horde3 rules the identifier can be changed by the user to any char. Thanks to Martin Lohmeier <martin at mein-horde.de> (Closes: #324613) * Add imp4 rule for successful logins. Thanks to Martin Lohmeier <martin at mein-horde.de> (Closes: #324615) * Bumped standards to 3.6.2. * Fix exim4 rule for more modern tls string. * logcheck.8 fix add full path to README.logcheck-database.gz. (Closes: #328632) . [ Jamie Penman-Smithson ] * Add the first rules for mon. Thanks to Robbert Muller <muller at muze.nl>. (Closes: #324451) * Modify dovecot rules to match ipv6 addresses too. (Closes: #327088) * Add first polypaudio rules in workstation to suppress module-alsa-sink.c messages. (Closes: #331282) * Add first rules for tftpd, suppress 'connect' and 'get file' messages. (Closes: #333456) * Fix dovecot rules to match the new format log messages in 1.0. (Closes: #332707, #333461) * Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann <elho at elho.net> (Closes: #332807) * Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar Hoffmann <elho at elho.net> (Closes: #333233) * Update nagios rules to match host UNREACHABLE notification messages. (Closes: #325874) * Add the first rules for popa3d. (Closes: #328251) * Fix group permissions for /var/lock/logcheck on install or upgrade so logcheck can be executed by the logcheck group. (Closes: #330208) * Add Swedish translation, thanks to Daniel Nylander <yeager at lidkoping.net>. (Closes: #334415) * Fix anvil max rate rule to match statistics messages when postfix is bound to a specific IP. (Closes: #334342) * Modify spamd rules to match log message format in 3.1. (Closes: #335021) . [ Todd Troxell ] * Add check for lockfile-progs to aid non-debian installations. * Set logcheck to remove cleanup trap if an error occours while getting lockfile. This will prevent many confusing error messages. * Add error reporting on -o option * Add IPv6 support to bind rules. Thanks Marco Nenciarin <mnencia at prato.linux.it> (Closes: #327100) * Add IPV6 support to postfix rules. Thanks Marco Nenciarin <mnencia at prato.linux.it> (Closes: #327114) * Add INSTALL documentation for manual/non-Debian installation. * Add 5 receive rules for hylafax's FaxGetty. * Call adduser without --home flag in postinst. (Closes: #312393) Files: bb7c028e97c78ab67d9c8417de1d1d3b 736 admin optional logcheck_1.2.42.dsc a17f485774e5c00cb314b74c30d0929c 104787 admin optional logcheck_1.2.42.tar.gz e06b1c7bea38cf6b8a6977df05997481 48606 admin optional logcheck_1.2.42_all.deb 54f5ed99e3e602561f69e39cf5236800 66628 admin optional logcheck-database_1.2.42_all.deb f2875097308d99e0663d9d583b1548b5 30976 admin optional logtail_1.2.42_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDWw344u3oQ3FHP2YRAm+4AJ4g+FoIjbpI67yD8N9sBXE+Gok5pQCfRF7+ K2Akj9p3eKdJdHqBKRFJjfA=lJbY -----END PGP SIGNATURE-----