[Logcheck-devel] Bug#400714: logcheck-database: ignore ssh hosts.allow warnings

Russ Allbery rra at debian.org
Tue Nov 28 07:50:10 UTC 2006 

Package: logcheck-database
Version: 1.2.51
Severity: minor
Tags: patch

If one uses a TCP wrappers configuration that denies all connections
and then only permits them from certain hosts, the warnings about
inability to resolve an incoming IP address may be reported against
lines in /etc/hosts.allow as well as /etc/hosts.deny.  Here's the simple
patch to violations.ignore.d/logcheck-ssh.

--- /home/eagle/tmp/logcheck-1.2.51/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-11-15 13:07:13.000000000 -0800
+++ /etc/logcheck/violations.ignore.d/logcheck-ssh	2006-11-26 12:42:50.000000000 -0800
@@ -1,5 +1,5 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts\.(allow|deny), line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts\.(allow|deny), line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.8      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

More information about the Logcheck-devel mailing list