thr3ads.net - Logcheck devel - [Logcheck-devel] Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication [Mar 2014]

If this information is useful, please help other people find it:
Share via:

philou

2014-Mar-29 21:53 UTC

[Logcheck-devel] Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication

Package: logcheck
Version: 1.3.16
Severity: normal

Dear Maintainer,

Current regex in i.d.s/ssh doesn't match when using key exchange
authentication.

If not using key exchange authentication, the following log message will be
correctly ignored:

Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from 192.0.2.60
port 20042 ssh2

When using key exchange authentication, the following log message will NOT be
ignored:

Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from 192.0.2.60
port 60594 ssh2: RSA e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c

The regex is:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted
(gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased)
for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$

and will not match the key fingerprint.

Truly yours,

Philippe

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.12-1-486
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser                             3.113+nmu3
ii  cron                                3.0pl1-124
pn  default-mta | mail-transport-agent  <none>
ii  lockfile-progs                      0.1.17
ii  logtail                             1.3.16
ii  mime-construct                      1.11
ii  rsyslog [system-log-daemon]         7.6.3-1

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.16

Versions of packages logcheck suggests:
pn  syslog-summary  <none>

-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.logfiles'

-- no debconf information

Alberto Gonzalez Iniesta

2014-Apr-02 16:58 UTC

head link

[Logcheck-devel] Bug#743000: Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication

On Sat, Mar 29, 2014 at 10:53:09PM +0100, philou wrote:> Current regex in i.d.s/ssh doesn't match when using key exchange
authentication.
> 
> If not using key exchange authentication, the following log message will be
correctly ignored:
> 
> Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from
192.0.2.60 port 20042 ssh2
> 
> When using key exchange authentication, the following log message will NOT
be ignored:
> 
> Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from
192.0.2.60 port 60594 ssh2: RSA e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c
> 
Hi Philippe, 

Could you tell me which option are you using in order to get the latter
message? That way I can reproduce it and fix the rule.

Thanks,

Alberto

-- 
Alberto Gonzalez Iniesta    | Formaci?n, consultor?a y soporte t?cnico
mailto/sip: agi at inittab.org | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55

Debian Bug Tracking System

2014-Oct-24 22:54 UTC

head link

[Logcheck-devel] Bug#743000: marked as done (logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication)

Your message dated Fri, 24 Oct 2014 22:52:12 +0000
with message-id <E1XhniO-0006fZ-EY at franck.debian.org>
and subject line Bug#743000: fixed in logcheck 1.3.17
has caused the Debian Bug report #743000,
regarding logcheck: i.d.s/ssh regex doesn't match when using key exchange
authentication
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
743000: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743000
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: philou <philou at philou.org>
Subject: logcheck: i.d.s/ssh regex doesn't match when using key exchange
authentication
Date: Sat, 29 Mar 2014 22:53:09 +0100
Size: 3395
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20141024/acb098fe/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Subject: Bug#743000: fixed in logcheck 1.3.17
Date: Fri, 24 Oct 2014 22:52:12 +0000
Size: 6846
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20141024/acb098fe/attachment-0001.mht>

Logcheck devel - Mar 2014 - Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication

[Logcheck-devel] Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication

[Logcheck-devel] Bug#743000: Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication

[Logcheck-devel] Bug#743000: marked as done (logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication)