[Logcheck-devel] Bug#397466: logcheck-database: proftpd rules do not support IPv6 addresses with UseReverseDNS off

Gregor Hermens gregor at hermens.org
Tue Nov 7 15:52:08 UTC 2006 

Package: logcheck-database
Version: 1.2.49
Severity: normal
Tags: patch

Hi,

with "UseReverseDNS off" in /etc/proftpd/proftpd.conf the IP is used instead
of the hostname:

... (::ffff:aaa.bbb.ccc.ddd[::ffff:aaa.bbb.ccc.ddd]) ...

The rules in /etc/logcheck/ignore.d.server/proftpd do not support colons in
the hostname.
The attached patch fixes this.

Greetings,
Gregor

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (600, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.8      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information excluded
-------------- next part --------------
--- /etc/logcheck/ignore.d.server/proftpd.dpkg-dist	2006-10-21 10:41:43.000000000 +0200
+++ /etc/logcheck/ignore.d.server/proftpd	2006-11-07 15:21:32.000000000 +0100
@@ -1,10 +1,10 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[0-9]+\))?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP session (opened|closed)\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON (anonymous|ftp)): Login successful\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON (anonymous|ftp)): Limit access denies login\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login successful.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user '[-_.[:alnum:]]+'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP session (opened|closed)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON (anonymous|ftp)): Login successful\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - (USER [._[:alnum:]-]+|ANON (anonymous|ftp)): Limit access denies login\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9]\.[0-9]: delaying for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - ANON (anonymous|ftp): Login successful.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - FTP no transfer timeout, disconnected$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - no such user '[-_.[:alnum:]]+'$

More information about the Logcheck-devel mailing list