Russ Allbery
2006-Nov-28 07:50 UTC
[Logcheck-devel] Bug#400714: logcheck-database: ignore ssh hosts.allow warnings
Package: logcheck-database
Version: 1.2.51
Severity: minor
Tags: patch
If one uses a TCP wrappers configuration that denies all connections
and then only permits them from certain hosts, the warnings about
inability to resolve an incoming IP address may be reported against
lines in /etc/hosts.allow as well as /etc/hosts.deny. Here's the simple
patch to violations.ignore.d/logcheck-ssh.
---
/home/eagle/tmp/logcheck-1.2.51/rulefiles/linux/violations.ignore.d/logcheck-ssh
2006-11-15 13:07:13.000000000 -0800
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh 2006-11-26 12:42:50.000000000
-0800
@@ -1,5 +1,5 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny,
line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\)
failed$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny,
line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning:
/etc/hosts\.(allow|deny), line [0-9]+: can't verify hostname:
getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning:
/etc/hosts\.(allow|deny), line [0-9]+: host name/name mismatch: [._[:alnum:]-]+
!= [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking
getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps
to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE
BREAK-?IN ATTEMPT!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write
failed: Broken pipe$
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note: