Gregor Hermens
2006-Nov-07 15:52 UTC
[Logcheck-devel] Bug#397466: logcheck-database: proftpd rules do not support IPv6 addresses with UseReverseDNS off
Package: logcheck-database
Version: 1.2.49
Severity: normal
Tags: patch
Hi,
with "UseReverseDNS off" in /etc/proftpd/proftpd.conf the IP is used
instead
of the hostname:
... (::ffff:aaa.bbb.ccc.ddd[::ffff:aaa.bbb.ccc.ddd]) ...
The rules in /etc/logcheck/ignore.d.server/proftpd do not support colons in
the hostname.
The attached patch fixes this.
Greetings,
Gregor
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (600, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information excluded
-------------- next part --------------
--- /etc/logcheck/ignore.d.server/proftpd.dpkg-dist 2006-10-21
10:41:43.000000000 +0200
+++ /etc/logcheck/ignore.d.server/proftpd 2006-11-07 15:21:32.000000000 +0100
@@ -1,10 +1,10 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session
(opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP session (opened|closed)\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Login successful\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Limit access denies login\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9]\.[0-9]: delaying for
[0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login
successful.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+
usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user
found from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] to
[.:[:xdigit:]]+:[[:digit:]]{2,5}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user '[-_.[:alnum:]]+'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP session (opened|closed)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Login successful\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON
(anonymous|ftp)): Limit access denies login\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9]\.[0-9]: delaying for
[0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login
successful.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+
usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user
found from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] to
[.:[:xdigit:]]+:[[:digit:]]{2,5}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user
'[-_.[:alnum:]]+'$
Gregor Hermens
2006-Dec-04 11:35 UTC
[Logcheck-devel] Bug#397466: closed by madduck@debian.org (martin f. krafft) (Bug#397466: fixed in logcheck 1.2.51)
Package: logcheck-database Version: 1.2.51 Severity: normal Tags: patch Hi,> We believe that the bug you reported is fixed in the latest version of > logcheck, which is due to be installed in the Debian FTP archive:there is one more colon missing I didn't cover with my last patch. The attached patch fixes this. Greetings, Gregor -------------- next part -------------- A non-text attachment was scrubbed... Name: logcheck-proftpd.diff Type: text/x-diff Size: 1565 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20061204/32131db2/attachment.diff
Possibly Parallel Threads
- Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
- Bug#437753: logcheck-database: proftpd ignore rule does not match when rhost is IPv6
- OT: ProFTPD web browser login
- Bug#583155: logcheck-database: Please create rules for amavis(d-new)
- OT: Proftpd and Iptables