Loïc Minier
2010-Jan-28 17:14 UTC
[Logcheck-devel] Bug#567355: Add "disconnected by user" ignore for recent openssh-client
Package: logcheck-database
Version: 1.3.5
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
Hi
With the most recent openssh-client in Ubuntu lucid (10.04), I get new
warnings with an Ubuntu karmic (9.10) openssh-server. I think openssh
in Ubuntu and Debian are really close, so I believe this will hit
Debian pretty soon too.
Please find a patch to address these. According to the OpenSSH
maintainer these are expected:
10:53 < lool> cjwatson: Hi, since a recent upgrade of the ssh client on
lucid,
I get warnings in logcheck from auth.log; the following lines now
appear everytime I close a ssh connection:
10:53 < lool> Jan 28 10:52:51 fox sshd[26563]: Received disconnect from
192.168.0.119: 11: disconnected by user
10:53 < lool> (before pam session is closed)
10:54 < lool> cjwatson: I don't know whether this is expected or not,
in which
case I'll update the logcheck rules
12:52 < cjwatson> lool: it appears to be intentional
12:52 < cjwatson> lool: from what I can tell it was part of the
preparation for
roaming support
Thanks,
--
Lo?c Minier
-------------- next part --------------
diff -Nru logcheck-1.3.5ubuntu1/debian/changelog
logcheck-1.3.5ubuntu2/debian/changelog
--- logcheck-1.3.5ubuntu1/debian/changelog 2010-01-21 23:36:34.000000000 +0100
+++ logcheck-1.3.5ubuntu2/debian/changelog 2010-01-28 18:10:35.000000000 +0100
@@ -1,3 +1,11 @@
+logcheck (1.3.5ubuntu2) lucid; urgency=low
+
+ * rulefiles/linux/ignore.d.server/ssh: Add "disconnected by user"
re in the
+ "Received disconnect from" series; this now occurs frequently
with lucid
+ ssh clients.
+
+ -- Lo?c Minier <loic.minier at ubuntu.com> Thu, 28 Jan 2010 18:09:22
+0100
+
logcheck (1.3.5ubuntu1) lucid; urgency=low
* rulefiles/linux/ignore.d.paranoid/cron: make /usr/sbin/ optional in
diff -Nru logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.server/ssh
logcheck-1.3.5ubuntu2/rulefiles/linux/ignore.d.server/ssh
--- logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.server/ssh 2009-09-05
12:45:08.000000000 +0200
+++ logcheck-1.3.5ubuntu2/rulefiles/linux/ignore.d.server/ssh 2010-01-28
18:09:15.000000000 +0100
@@ -13,6 +13,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received
disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received
disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received
disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows
SSH Client\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received
disconnect from [:[:xdigit:].]+: [[:digit:]]+: disconnected by user$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening
on [:[:xdigit:].]+ port [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User
[-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not
listed in Allow)Users$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:
\(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by
([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
Debian Bug Tracking System
2010-Feb-22 21:45 UTC
[Logcheck-devel] Bug#567355: marked as done (Add "disconnected by user" ignore for recent openssh-client)
Your message dated Mon, 22 Feb 2010 21:42:58 +0000 with message-id <E1Njg3O-00014a-K0 at ries.debian.org> and subject line Bug#567317: fixed in logcheck 1.3.7 has caused the Debian Bug report #567317, regarding Add "disconnected by user" ignore for recent openssh-client to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 567317: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567317 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?iso-8859-1?Q?Lo=EFc?= Minier <lool at dooz.org> Subject: Add "disconnected by user" ignore for recent openssh-client Date: Thu, 28 Jan 2010 18:14:48 +0100 Size: 5360 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20100222/08ebe9c4/attachment-0002.eml> -------------- next part -------------- An embedded message was scrubbed... From: Hannes von Haugwitz <hannes at vonhaugwitz.com> Subject: Bug#567317: fixed in logcheck 1.3.7 Date: Mon, 22 Feb 2010 21:42:58 +0000 Size: 7061 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20100222/08ebe9c4/attachment-0003.eml>