[Logcheck-devel] Bug#407009: logcheck-database: security events not properly categorized
Enrique Garcia
kike+bts at eldemonionegro.com
Mon Jan 15 16:46:35 UTC 2007
Package: logcheck-database
Version: 1.2.51
Severity: normal
Here are a some examples of what is working wrong under my point of view.
Security events is archiving some messages from postfix which I think are non related to security but maybe to System
Furthermore, System events has pure security messages on it.
Security Events
=-=-=-=-=-=-=-=
Jan 15 16:02:40 localhost postfix/smtpd[30975]: NOQUEUE: reject: RCPT from unknown[196.205.143.52]: 450 4.7.1 <kike at eldemonionegro.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/eldemonionegro.com.html; from=<Koch'sinducts at abril.com.br> to=<kike at eldemonionegro.com> proto=ESMTP helo=<SpeedTouch.lan>
Jan 15 16:05:23 localhost postfix/smtpd[31057]: NOQUEUE: reject: RCPT from unknown[196.205.143.52]: 450 4.7.1 <kike at eldemonionegro.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/eldemonionegro.com.html; from=<balkingphilanthropy's at aargum.com> to=<kike at eldemonionegro.com> proto=ESMTP helo=<SpeedTouch.lan>
System Events
=-=-=-=-=-=-=
Jan 15 16:25:39 localhost sshd[31642]: User postfix from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers
Jan 15 16:25:49 localhost sshd[31648]: User root from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers
Jan 15 16:26:22 localhost sshd[31690]: User mysql from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES at euro (charmap=ISO-8859-15)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
More information about the Logcheck-devel
mailing list