Displaying 20 results from an estimated 3000 matches similar to: "Bug#437753: logcheck-database: proftpd ignore rule does not match when rhost is IPv6"
2007 Sep 24
3
Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
File: /etc/logcheck/ignore.d.server/proftpd
Two weeks ago, I got a rush of these:
Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd
(Apparently, fail2ban managed to miss those.)
This is triggered by pam_listfile, which is used by proftpd (and other
FTP daemons) to block users listed in
2007 Aug 14
0
Bug#437891: logcheck-database: addition to ignore rule for bind's RCODE
Package: logcheck-database
Version: 1.2.54
Severity: wishlist
In addition to seeing warnings from bind about REFUSED and SERVFAIL
unexpected RCODE, I'm also getting from "15" in my logs as well, from
various unrelated hosts. This doesn't occur nearly as frequently as the
other two, but still enough to be annoying.
May I suggest inserting "(REFUSED|SERVFAIL|15)" in
2006 Nov 07
1
Bug#397466: logcheck-database: proftpd rules do not support IPv6 addresses with UseReverseDNS off
Package: logcheck-database
Version: 1.2.49
Severity: normal
Tags: patch
Hi,
with "UseReverseDNS off" in /etc/proftpd/proftpd.conf the IP is used instead
of the hostname:
... (::ffff:aaa.bbb.ccc.ddd[::ffff:aaa.bbb.ccc.ddd]) ...
The rules in /etc/logcheck/ignore.d.server/proftpd do not support colons in
the hostname.
The attached patch fixes this.
Greetings,
Gregor
-- System
2007 Oct 03
1
Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record
Package: logcheck-database
Version: 1.2.62
Severity: wishlist
File: /etc/logcheck/ignore.d.server/ssh
openssh issues a friendly warning when the remote IP maps back to a
hostname that looks just like an IP address. (For example, the address
206.251.174.31 currently maps back to the hostname "206.251.174.31".)
Here's a rule that filters out these unimportant messages:
^\w{3} [
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2005 Jun 07
2
Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
Package: logcheck
Version: 1.2.39
Severity: normal
Since I've upgraded my servers to sarge, I'm getting mail every hour for
stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns
out that sarge's version no longer reads that file.
If this was a conscious decision, then there should be some warning
about this when upgrading (via debconf of NEWS.Debian). Also, the
2007 Sep 26
1
Bug#444097: /etc/logcheck/ignore.d.server/ddclient: 2 rules to get you started
Package: logcheck
Version: 1.2.62
Severity: wishlist
Here are two rules for ddclient, a client for dynamic IP services such
as DynDNS or DynIP:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from
2008 Mar 15
1
Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
Package: logcheck-database
Version: 1.2.63
Severity: normal
Given that violations.d/logcheck has been emptied by
2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of
violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these
are currently rendered useless.
(I'll gladly lend a hand; I just want to make sure this is the right
thing to do.)
-- System Information:
Debian
2007 Sep 24
0
Bug#443869: logcheck-database: [bind] notify question section contains no SOA
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
Here's a new rule for ignore.d.server/bind:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+: )?notify question section contains no SOA$
This is apparently triggered by DJB's DNS survey
(<http://cr.yp.to/surveys/dns1.html>, packet #5). It doesn't show up
too often (I've seen it
2005 Jan 20
2
Bug#291395: logcheck-database: Rules dirs are setuid, they should be setgid
Package: logcheck-database
Version: 1.2.33
Severity: normal
I just installed 1.2.33, and it made my rules dirs setuid, not setgid...
- Marc
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of
2007 Sep 24
1
Bug#443908: /etc/logcheck/ignore.d.server/bind: [bind] unexpected RCODE (NOTIMP)
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
File: /etc/logcheck/ignore.d.server/bind
After #437891, I got yet another new "unexpected RCODE", this time
"NOTIMP". As I was starting to get pissed off, I copied the whole list
out of lib/dns/result.c, in an attempt to put an end to my headache.
If you insist on using an enumeration instead of ".*",
2005 Jan 14
3
Bug#290511: logcheck: syslogd restart in cron.daily/sysklogd causes a log message
Package: logcheck
Version: 1.2.32
Severity: wishlist
/etc/cron.daily/sysklogd restarts syslogd at the end of the script.
This causes a daily log message, currently missed by logcheck:
Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception).
I'm currently using this regex in ignore.server.d/local-syslogd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote
2013 Mar 25
1
Bug#703936: logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete
Package: logcheck-database
Version: 1.3.13
Severity: normal
The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes
inside the version string ('[^']'). I am however getting mails including those lines:
Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification
1999 Aug 31
0
[SECURITY] RHSA-1999:034 New proftpd packages available
-----BEGIN PGP SIGNED MESSAGE-----
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Buffer overflow in proftpd
Advisory ID: RHSA-1999:034-01
Issue date: 1999-08-31
Keywords: proftpd buffer overflow remote exploit
- ---------------------------------------------------------------------
1. Topic:
proftpd is a ftp server
2020 May 10
0
CentOS8 and proftpd with quota file module enable
Hi, someone can help me on this follow problem?
I have also write to proftpd ML and if someone give me some suggest I
let you know.
Many thanks for your reply.
Dario
------- Messaggio inoltrato -------
Da: Dario Lesca <d.lesca at solinos.it>
Rispondi a: proftp-user at lists.sourceforge.net
A: proftp-user at lists.sourceforge.net
Oggetto: [Proftpd-user] proftpd-1.3.6c on centos8: When
2000 Aug 14
0
FreeBSD Ports Security Advisory: FreeBSD-SA-00:35.proftpd
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-00:35 Security Advisory
FreeBSD, Inc.
Topic: proftpd port contains remote root compromise
Category: ports
Module: proftpd
Announced:
2007 Nov 20
1
Proftpd log errors - retrying please.
I am using proftpd with my first Centos 5 box. Although it appears to be
working, I see the following errors in my logwatch reports.
Deprecated pam_stack module called from service "proftpd"
pam_unix(proftpd:session): session opened for user steve by (uid=0)
Deprecated pam_stack module called from service "proftpd"
Deprecated pam_stack module called from service
2006 Jul 04
0
Processed: setting package to logcheck logcheck-database logtail, tagging 354820, tagging 355085, tagging 356681 ... ... ... ... ... ... ...
Processing commands for control at bugs.debian.org:
> # Automatically generated email from bts, devscripts version 2.9.20
> package logcheck logcheck-database logtail
Ignoring bugs not assigned to: logcheck-database logtail logcheck
> tags 354820 + pending
Bug#354820: rules to filter out entries caused by ssh scanners
Tags were: patch
Tags added: pending
> tags 355085 + pending
2011 Dec 13
0
proftpd graphical clients not working
Hello list,
With my latest proftpd server graphical client error on list (ls) directory:
Error: Could not read from socket: ECONNRESET - Connection reset by peer
Error: Disconnected from server
Error: Failed to retrieve directory listing
So far I've tried both filezilla and cyberduck.
But command line ftp works completely:
[dunphy at BAM-025715-TD:~] #ftp jfweb
Connected to jfweb.
2005 Sep 16
1
OT: Proftpd and Iptables
Hi Peoples,
I'm still beating my head with the Proftpd although I have solved my
orininal issue. That turned out to be an iptables issue and I'm
beginning to wonder if iptables is playing with me again. I have an FTP
server that allows anonymous downloads and with specific accounts able
to upload to the anonymous directory. The problem is, those users
cannot upload. I have