[Logcheck-devel] Bug#612046: RE-patterns in logcheck rules is contain unescaped point char ("any symbol") in many places
Stas Degteff
g_nospam at grumbler.org
Sat Feb 5 08:48:50 UTC 2011
Package: logcheck
Version: 1.2.69
Severity: normal
Many, very many logcheck rules is contain the point character (.) without escaping character
(\).
Example: /etc/logcheck/ignore.d.server/sendmail contain following line (1st line in file):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon
--------------------^
This point is unescaped and treated as any character. Because this point enclosed into
square brackets, all another RE elements in these brackets does nothing, and specified
RE-line is equivalented with following RE:
^\w{3} [ :0-9]{11} .+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon
To fix, it is needed to escape point char:
^\w{3} [ :0-9]{11} [\._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon
Errors like this discovered in each logcheck rules file!
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck depends on:
ii adduser 3.110 add and remove users and groups
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii cron 3.0pl1-105 management of regular background p
ii lockfile-progs 0.1.11-0.1 Programs for locking and unlocking
ii logtail 1.2.69 Print log file lines that have not
ii rsyslog [system-lo 3.18.6-4 enhanced multi-threaded syslogd
ii sendmail-bin [mail 8.14.3-5 powerful, efficient, and scalable
Versions of packages logcheck recommends:
ii logcheck-database 1.2.69 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summary <none> (no description available)
-- no debconf information
More information about the Logcheck-devel
mailing list