Enrique Garcia
2007-Jan-15 16:46 UTC
[Logcheck-devel] Bug#407009: logcheck-database: security events not properly categorized
Package: logcheck-database Version: 1.2.51 Severity: normal Here are a some examples of what is working wrong under my point of view. Security events is archiving some messages from postfix which I think are non related to security but maybe to System Furthermore, System events has pure security messages on it. Security Events =-=-=-=-=-=-=-Jan 15 16:02:40 localhost postfix/smtpd[30975]: NOQUEUE: reject: RCPT from unknown[196.205.143.52]: 450 4.7.1 <kike at eldemonionegro.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/eldemonionegro.com.html; from=<Koch'sinducts at abril.com.br> to=<kike at eldemonionegro.com> proto=ESMTP helo=<SpeedTouch.lan> Jan 15 16:05:23 localhost postfix/smtpd[31057]: NOQUEUE: reject: RCPT from unknown[196.205.143.52]: 450 4.7.1 <kike at eldemonionegro.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/eldemonionegro.com.html; from=<balkingphilanthropy's at aargum.com> to=<kike at eldemonionegro.com> proto=ESMTP helo=<SpeedTouch.lan> System Events =-=-=-=-=-=- Jan 15 16:25:39 localhost sshd[31642]: User postfix from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers Jan 15 16:25:49 localhost sshd[31648]: User root from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers Jan 15 16:26:22 localhost sshd[31690]: User mysql from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: