[Logcheck-devel] Bug#269959: marked as done (logcheck-database: courier ignore.d.server contains word from violations.d list)

Debian Bug Tracking System owner at bugs.debian.org
Tue Sep 7 00:03:15 UTC 2004 

Your message dated Mon, 06 Sep 2004 19:47:03 -0400
with message-id <E1C4TCR-0008Qz-00 at newraff.debian.org>
and subject line Bug#269959: fixed in logcheck 1.2.27
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Sep 2004 15:23:43 +0000
>From le-debianbugs at biz.h42.de Sat Sep 04 08:23:43 2004
Return-path: <le-debianbugs at biz.h42.de>
Received: from aurisp.biz (mail.aurisp.de) [81.169.158.23] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C3cOE-0002zW-00; Sat, 04 Sep 2004 08:23:42 -0700
Received: from localhost (localhost [127.0.0.1])
	by mail.aurisp.de (Postfix) with ESMTP id 5ACD78351
	for <submit at bugs.debian.org>; Sat,  4 Sep 2004 17:23:41 +0200 (CEST)
Received: from mail.aurisp.de ([127.0.0.1])
	by localhost (mail.aurisp.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 02031-06; Sat, 4 Sep 2004 17:23:37 +0200 (CEST)
Received: from hitchhiker.hong.h42.net (cl-72.ham-01.de.sixxs.net [IPv6:2001:6f8:900:47::2])
	by mail.aurisp.de (Postfix) with ESMTP id 249A282C2;
	Sat,  4 Sep 2004 17:23:37 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hitchhiker.hong.h42.net (Postfix) with ESMTP id 34F0018794;
	Sat,  4 Sep 2004 17:23:34 +0200 (CEST)
Received: from hitchhiker.hong.h42.net ([127.0.0.1])
	by localhost (hitchhiker.hong.h42.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 06918-03; Sat, 4 Sep 2004 17:23:26 +0200 (CEST)
Received: by hitchhiker.hong.h42.net (Postfix, from userid 1000)
	id 39BE418793; Sat,  4 Sep 2004 17:23:23 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Lars Ehrhardt <le-debianbugs at biz.h42.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck-database: courier ignore.d.server contains word from violations.d
 list
X-Mailer: reportbug 2.63
Date: Sat, 04 Sep 2004 17:23:23 +0200
Message-Id: <20040904152323.39BE418793 at hitchhiker.hong.h42.net>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at hong.h42.net
X-Virus-Scanned: by amavisd-maia-1.0.0-rc5 (Debian) at aurisp.de
X-BadReturnPath: lars at hitchhiker.hong.h42.net rewritten as le-debianbugs at biz.h42.de
  using "From" header
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.26
Severity: normal

Hi,

the file courier contains the line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection
shutdown\.$

This triggers the security logcheck section because of the word
"shutdown". Quick fix is to move or duplicate this line to
violations.ignore.d/logcheck-courier.

BTW: It looks like the courier package added logcheck rules as well,
although they look incomplete and could be more specific. Maybe it is a 
good idea to talk to the courier maintainer and ask him to include the
courier rules from logcheck-database in his packages?

Cheers

Lars

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.2   Debian configuration management sy

-- debconf information excluded

---------------------------------------
Received: (at 269959-close) by bugs.debian.org; 6 Sep 2004 23:55:10 +0000
>From katie at ftp-master.debian.org Mon Sep 06 16:55:10 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C4TKI-00012u-00; Mon, 06 Sep 2004 16:55:10 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1C4TCR-0008Qz-00; Mon, 06 Sep 2004 19:47:03 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 269959-close at bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#269959: fixed in logcheck 1.2.27
Message-Id: <E1C4TCR-0008Qz-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Mon, 06 Sep 2004 19:47:03 -0400
Delivered-To: 269959-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 4

Source: logcheck
Source-Version: 1.2.27

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.27_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.27_all.deb
logcheck_1.2.27.dsc
  to pool/main/l/logcheck/logcheck_1.2.27.dsc
logcheck_1.2.27.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.27.tar.gz
logcheck_1.2.27_all.deb
  to pool/main/l/logcheck/logcheck_1.2.27_all.deb
logtail_1.2.27_all.deb
  to pool/main/l/logcheck/logtail_1.2.27_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 269959 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Monday, 06 Sep 2004 19:10:19 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.27
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 268277 269310 269318 269959 270191
Changes: 
 logcheck (1.2.27) unstable; urgency=low
 .
   todd:
   * Add pointer to README.logcheck-database.gz in logcheck man page.
   (Closes: #268277)
   * Remove qmail rules because they have been added to qmail package.
   * Rule updates for spamd (Closes: #269318)
   * Add note about avoiding file name confilcts in README.Maintainer
   * Add violations ignore for courier-pop3d-ssl (Closes: #269959)
   * Add anon-proxy rules (Closes: #269310)
   * Add perdition rules thanks to jamie at silverdream.org (Closes: #270191)
Files: 
 3b83540730550fc605c480be9fe1ff9e 668 admin optional logcheck_1.2.27.dsc
 712939ee0208deb9dceba24798991849 80682 admin optional logcheck_1.2.27.tar.gz
 41d40ce1fa306dff8c22d72c6a8afeb2 39060 admin optional logcheck_1.2.27_all.deb
 0c414c87cc73407e869ff56d09cb892a 47806 admin optional logcheck-database_1.2.27_all.deb
 7c98ef585497f77c228e61f00cefcd72 22908 admin optional logtail_1.2.27_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBPPLr4u3oQ3FHP2YRAl6AAKC44D2pz6+FfpHdUISkFboUkdBhxwCgpK5G
Ff/jn4MytuONotRHYbVwebE=
=6zqn
-----END PGP SIGNATURE-----

More information about the Logcheck-devel mailing list