[Logcheck-devel] Bug#407009: logcheck-database: security events not properly categorized

Enrique Garcia kike+bts at eldemonionegro.com
Mon Jan 15 16:46:35 UTC 2007 

Package: logcheck-database
Version: 1.2.51
Severity: normal


Here are a some examples of what is working wrong under my point of view.

Security events is archiving some messages from postfix which I think are non related to security but maybe to System

Furthermore, System events has pure security messages on it.


Security Events
=-=-=-=-=-=-=-=
Jan 15 16:02:40 localhost postfix/smtpd[30975]: NOQUEUE: reject: RCPT from unknown[196.205.143.52]: 450 4.7.1 <kike at eldemonionegro.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/eldemonionegro.com.html; from=<Koch'sinducts at abril.com.br> to=<kike at eldemonionegro.com> proto=ESMTP helo=<SpeedTouch.lan>
Jan 15 16:05:23 localhost postfix/smtpd[31057]: NOQUEUE: reject: RCPT from unknown[196.205.143.52]: 450 4.7.1 <kike at eldemonionegro.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/eldemonionegro.com.html; from=<balkingphilanthropy's at aargum.com> to=<kike at eldemonionegro.com> proto=ESMTP helo=<SpeedTouch.lan>

System Events
=-=-=-=-=-=-=

Jan 15 16:25:39 localhost sshd[31642]: User postfix from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers
Jan 15 16:25:49 localhost sshd[31648]: User root from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers
Jan 15 16:26:22 localhost sshd[31690]: User mysql from eom166.internetdsl.tpnet.pl not allowed because not listed in AllowUsers



-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES at euro (charmap=ISO-8859-15)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.11     Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

More information about the Logcheck-devel mailing list