[Logcheck-devel] Bug#333233: ssh's own reverse DNS lookup failure messages are not ignored
Elmar Hoffmann
elho at elho.net
Tue Oct 11 00:34:31 UTC 2005
Package: logcheck-database
Version: 1.2.41
Severity: normal
Tags: patch
While violations.ignore.d/logcheck-ssh does filter out the warnings
about failed reverse DNS lookup from the TCP wrappers, it does not for
ssh's own messages (which are quite overly dramatic, too).
The attached patch fixes this.
elmar
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-bdclaim
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
--
.'"`. /"\
| :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ /
`. `' GPG key available via pgp.net against HTML email X
`- & vCards / \
-------------- next part --------------
--- /etc/logcheck/violations.ignore.d/logcheck-ssh.dpkg-dist 2005-10-11 01:37:46.356925928 +0200
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh 2005-10-11 01:38:05.833787515 +0200
@@ -1,2 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAKIN ATTEMPT!$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051011/d50a0ec5/attachment.pgp
More information about the Logcheck-devel
mailing list