[Logcheck-devel] Bug#333233: ssh's own reverse DNS lookup failure messages are not ignored

Elmar Hoffmann elho at elho.net
Tue Oct 11 00:34:31 UTC 2005 

Package: logcheck-database
Version: 1.2.41
Severity: normal
Tags: patch

While violations.ignore.d/logcheck-ssh does filter out the warnings
about failed reverse DNS lookup from the TCP wrappers, it does not for
ssh's own messages (which are quite overly dramatic, too).
The attached patch fixes this.

elmar

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-bdclaim
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.58     Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

-- 

 .'"`.                                                            /"\
| :' :   Elmar Hoffmann <elho at elho.net>    ASCII Ribbon Campaign  \ /
`. `'    GPG key available via pgp.net        against HTML email   X
  `-                                                    & vCards  / \
-------------- next part --------------
--- /etc/logcheck/violations.ignore.d/logcheck-ssh.dpkg-dist	2005-10-11 01:37:46.356925928 +0200
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh	2005-10-11 01:38:05.833787515 +0200
@@ -1,2 +1,3 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAKIN ATTEMPT!$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051011/d50a0ec5/attachment.pgp

More information about the Logcheck-devel mailing list