similar to: Bug#443869: logcheck-database: [bind] notify question section contains no SOA

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck-database Version: 1.2.63 Severity: normal Given that violations.d/logcheck has been emptied by 2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these are currently rendered useless. (I'll gladly lend a hand; I just want to make sure this is the right thing to do.) -- System Information: Debian

Package: logcheck-database Version: 1.2.62 Severity: wishlist File: /etc/logcheck/ignore.d.server/ssh openssh issues a friendly warning when the remote IP maps back to a hostname that looks just like an IP address. (For example, the address 206.251.174.31 currently maps back to the hostname "206.251.174.31".) Here's a rule that filters out these unimportant messages: ^\w{3} [

Package: logcheck Version: 1.2.62 Severity: wishlist Here are two rules for ddclient, a client for dynamic IP services such as DynDNS or DynIP: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/bind After #437891, I got yet another new "unexpected RCODE", this time "NOTIMP". As I was starting to get pissed off, I copied the whole list out of lib/dns/result.c, in an attempt to put an end to my headache. If you insist on using an enumeration instead of ".*",

Package: logcheck-database Version: 1.2.54 Severity: normal It would appear that proftpd is now logging IP addresses in IPv6 form, even the v4 ones. I got a bunch of these last week: Aug 7 04:00:11 goretex proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=::ffff:58.60.237.66 user=mysql Simply adding a ":" to the rhost character class did the

Package: logcheck-database Version: 1.2.54 Severity: wishlist In addition to seeing warnings from bind about REFUSED and SERVFAIL unexpected RCODE, I'm also getting from "15" in my logs as well, from various unrelated hosts. This doesn't occur nearly as frequently as the other two, but still enough to be annoying. May I suggest inserting "(REFUSED|SERVFAIL|15)" in

Package: logcheck-database Version: 1.2.33 Severity: normal I just installed 1.2.33, and it made my rules dirs setuid, not setgid... - Marc -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of

Package: logcheck Version: 1.2.32 Severity: wishlist /etc/cron.daily/sysklogd restarts syslogd at the end of the script. This causes a daily log message, currently missed by logcheck: Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception). I'm currently using this regex in ignore.server.d/local-syslogd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote

Package: logcheck-database,sendmail-base Version: logcheck-database/1.2.69 Version: sendmail-base/8.14.3-9 Severity: serious User: treinen at debian.org Usertags: edos-file-overwrite Date: 2009-08-18 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the

I see that this openvpn rule has been modified to no longer attach the ":port" part to "[undef]" -- probably to reflect a recent change in openvpn. Unfortunately, the rule no longer matches in etch, thus breaking the backport. Here's a patch to match both versions. Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn

Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn index 68ebf8f..c57e3cb 100644 --- a/rulefiles/linux/ignore.d.server/openvpn +++ b/rulefiles/linux/ignore.d.server/openvpn @@ -13,7 +13,7

Package: logcheck Version: 1.3.4 Severity: normal I am running debian/testing and just upgraded to logcheck 1.3.4 and it started reporting the error: mkdir: cannot create directory `/var/lock/logcheck': Permission denied I created the directory and chown'd it to logcheck and it seems fine now. Looking at the changelog, I see something was purposefully changed, so I imagine I

Package: logcheck-database Version: 1.2.32 Severity: normal Tags: patch The fix for 283331 exposed a bug in the dnsmasq rules. The rule was looking for DHCPINFO, but the actual message is DHCPINFORM. Prior to the 283331 fix, the old rule worked, because the "[()[:alnum:]]+" part of the rule matched the "RM" at the end of DHCPINFORM. -- System Information: Debian Release:

Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me.

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

I am trying to determine how to customize the date and time display of system utilities and user programs using the locale settings. What I really want is some sort of utility program that does the same thing for CentOS as the Regions Settings Control Panel app. for MicroSoft Windows accomplishes, but I have no hope of seeing that. I have traced the login locale processing through /etc/profile

On Mon, 14 Jan 2019 16:27:04 -0500 Gilbert Soucy <gsoucy at 36pix.com> wrote: > Yes, I have tried testparam. All is OK . Note that I can write > anything for unix charset and testparm does not complain. > > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) Processing section