similar to: Bug#437753: logcheck-database: proftpd ignore rule does not match when rhost is IPv6

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

Package: logcheck-database Version: 1.2.54 Severity: wishlist In addition to seeing warnings from bind about REFUSED and SERVFAIL unexpected RCODE, I'm also getting from "15" in my logs as well, from various unrelated hosts. This doesn't occur nearly as frequently as the other two, but still enough to be annoying. May I suggest inserting "(REFUSED|SERVFAIL|15)" in

Package: logcheck-database Version: 1.2.49 Severity: normal Tags: patch Hi, with "UseReverseDNS off" in /etc/proftpd/proftpd.conf the IP is used instead of the hostname: ... (::ffff:aaa.bbb.ccc.ddd[::ffff:aaa.bbb.ccc.ddd]) ... The rules in /etc/logcheck/ignore.d.server/proftpd do not support colons in the hostname. The attached patch fixes this. Greetings, Gregor -- System

Package: logcheck-database Version: 1.2.62 Severity: wishlist File: /etc/logcheck/ignore.d.server/ssh openssh issues a friendly warning when the remote IP maps back to a hostname that looks just like an IP address. (For example, the address 206.251.174.31 currently maps back to the hostname "206.251.174.31".) Here's a rule that filters out these unimportant messages: ^\w{3} [

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck Version: 1.2.62 Severity: wishlist Here are two rules for ddclient, a client for dynamic IP services such as DynDNS or DynIP: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from

Package: logcheck-database Version: 1.2.63 Severity: normal Given that violations.d/logcheck has been emptied by 2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these are currently rendered useless. (I'll gladly lend a hand; I just want to make sure this is the right thing to do.) -- System Information: Debian

Package: logcheck-database Version: 1.2.61 Severity: wishlist Here's a new rule for ignore.d.server/bind: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+: )?notify question section contains no SOA$ This is apparently triggered by DJB's DNS survey (<http://cr.yp.to/surveys/dns1.html>, packet #5). It doesn't show up too often (I've seen it

Package: logcheck-database Version: 1.2.33 Severity: normal I just installed 1.2.33, and it made my rules dirs setuid, not setgid... - Marc -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/bind After #437891, I got yet another new "unexpected RCODE", this time "NOTIMP". As I was starting to get pissed off, I copied the whole list out of lib/dns/result.c, in an attempt to put an end to my headache. If you insist on using an enumeration instead of ".*",

Package: logcheck Version: 1.2.32 Severity: wishlist /etc/cron.daily/sysklogd restarts syslogd at the end of the script. This causes a daily log message, currently missed by logcheck: Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception). I'm currently using this regex in ignore.server.d/local-syslogd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote

Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in proftpd Advisory ID: RHSA-1999:034-01 Issue date: 1999-08-31 Keywords: proftpd buffer overflow remote exploit - --------------------------------------------------------------------- 1. Topic: proftpd is a ftp server

Hi, someone can help me on this follow problem? I have also write to proftpd ML and if someone give me some suggest I let you know. Many thanks for your reply. Dario ------- Messaggio inoltrato ------- Da: Dario Lesca <d.lesca at solinos.it> Rispondi a: proftp-user at lists.sourceforge.net A: proftp-user at lists.sourceforge.net Oggetto: [Proftpd-user] proftpd-1.3.6c on centos8: When

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:35 Security Advisory FreeBSD, Inc. Topic: proftpd port contains remote root compromise Category: ports Module: proftpd Announced:

I am using proftpd with my first Centos 5 box. Although it appears to be working, I see the following errors in my logwatch reports. Deprecated pam_stack module called from service "proftpd" pam_unix(proftpd:session): session opened for user steve by (uid=0) Deprecated pam_stack module called from service "proftpd" Deprecated pam_stack module called from service

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.20 > package logcheck logcheck-database logtail Ignoring bugs not assigned to: logcheck-database logtail logcheck > tags 354820 + pending Bug#354820: rules to filter out entries caused by ssh scanners Tags were: patch Tags added: pending > tags 355085 + pending

Hello list, With my latest proftpd server graphical client error on list (ls) directory: Error: Could not read from socket: ECONNRESET - Connection reset by peer Error: Disconnected from server Error: Failed to retrieve directory listing So far I've tried both filezilla and cyberduck. But command line ftp works completely: [dunphy at BAM-025715-TD:~] #ftp jfweb Connected to jfweb.

Hi Peoples, I'm still beating my head with the Proftpd although I have solved my orininal issue. That turned out to be an iptables issue and I'm beginning to wonder if iptables is playing with me again. I have an FTP server that allows anonymous downloads and with specific accounts able to upload to the anonymous directory. The problem is, those users cannot upload. I have