[Logcheck-devel] Bug#383112: logcheck generates a security alert for bind FORMERR entries, regardless of regex
Michael Gurski
debianbugs at gurski.org
Tue Aug 15 04:04:33 UTC 2006
Package: logcheck
Version: 1.2.47
Severity: normal
Even when using an ignore regex of ^.+$ or ^.+named.+$ in
/etc/logcheck/ignore.d.*/, logcheck generates a security alert entry
for bind FORMERR log messages, causing every logcheck email to be
flagged as an alert:
# sudo -u logcheck logcheck -o -t
This email is sent by logcheck. If you wish to no-longer receive it,
you can either deinstall the logcheck package or modify its
configuration file (/etc/logcheck/logcheck.conf).
Security Alerts
=-=-=-=-=-=-=-=
Aug 14 23:02:06 kadath named[6955]: FORMERR resolving 'attacker.com/NS/IN': 216.152.252.8#53
Aug 14 23:02:07 kadath named[6955]: FORMERR resolving 'attacker.com/NS/IN': 64.250.235.139#53
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-vserver-amd64-k8
Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages logcheck depends on:
ii adduser 3.96 Add and remove users and groups
ii cron 3.0pl1-95 management of regular background p
ii debconf [debconf 1.5.3 Debian configuration management sy
ii grep 2.5.1.ds2-5 GNU grep, egrep and fgrep
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.2.47 Print log file lines that have not
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii postfix [mail-tr 2.3.2-1 A high-performance mail transport
ii syslog-ng [syste 2.0rc1-2 Next generation logging daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.47 database of system log rules for t
-- debconf information:
logcheck/changes:
* logcheck/install-note:
More information about the Logcheck-devel
mailing list