[Logcheck-devel] Bug#712785: logcheck: SSH subsystem request rule incomplete
Daniel Case
daniel at zynet.net
Wed Jun 19 13:16:13 UTC 2013
Package: logcheck
Version: 1.3.15
Severity: normal
Dear Maintainer,
There appears to be a slight bug in the /etc/logcheck/ignore.d.server/ssh file in that the following line (line 44) is incomplete:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp$
This means that those messages like this do get through the filter: "subsystem request for sftp by user username"
The corrected line which blocks those messages is below:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [._:[:alnum:]-]+$
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-25-hvmflexiant (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.113+nmu3
ii cron 3.0pl1-124
ii lockfile-progs 0.1.17
ii logtail 1.3.15
ii mime-construct 1.11
ii postfix [mail-transport-agent] 2.9.6-2
ii rsyslog [system-log-daemon] 5.8.11-3
Versions of packages logcheck recommends:
ii logcheck-database 1.3.15
Versions of packages logcheck suggests:
pn syslog-summary <none>
-- Configuration Files:
/etc/cron.d/logcheck changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
2 0,6,12,18 * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
More information about the Logcheck-devel
mailing list