Bug#265588: [Logcheck-devel] Bug#265588: logcheck-database: coreection to oidentd rules
maks attems
debian at sternwelten.at
Fri Aug 13 22:56:07 UTC 2004
tags 265588 pending
thanks
On Fri, 13 Aug 2004, jonas at mail.kidns.de wrote:
> Package: logcheck-database
> Version: 1.2.24
> Severity: wishlist
>
> hello,
>
> the current rules for oidentd are to strict, as they require connections
> to oidentd to come from port 0:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> localhost \(127.0.0.1\):0$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):0$
>
> anyway, ident lookups seem to come from very different ports, according
> to my logs:
> Aug 12 13:37:37 host oidentd[2673]: Connection from gluck.debian.org (192.25.206.10):39225
> Aug 13 19:30:04 host oidentd[27268]: Connection from run.smurf.noris.de (192.109.102.41):51246
> Aug 13 16:23:53 host oidentd[25436]: Connection from spohr.debian.org (128.193.0.4):54192
>
>
> i suggest to change rules to the following:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> localhost \(127.0.0.1\):[0-9]{1,5}$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
>
>
> bye
> jonas
great timing, bug just got fixed in cvs,
will get in sarge (hopefully) as next release is imminent.
--
maks
kernel janitor http://janitor.kernelnewbies.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040814/c4704e2f/attachment.pgp
More information about the Logcheck-devel
mailing list