[Logcheck-devel] Bug#400813: logcheck-database: allow - in hostnames in ssh refused connect messages
Russ Allbery
rra at debian.org
Tue Nov 28 21:37:04 UTC 2006
Package: logcheck-database
Version: 1.2.51
Severity: minor
Tags: patch
The format of the sshd "refused connect" log message when TCP wrappers is
used is "refused connect from <hostname> (<ip-address>)". Since dashes
are allowed in hostnames, the line matching these entries should read:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:aln
um:].-]+ \([:[:alnum:].]+\)$
(adding - to the first character class that matches the hostname).
Underscore may also be warranted, since although I believe it's a
technical violation of the DNS standards, I've seen sites that use
underscores. I've only seen dashes in real logs, though.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
More information about the Logcheck-devel
mailing list