[Logcheck-devel] Bug#712785: logcheck: SSH subsystem request rule incomplete

[Daniel Case]

Package: logcheck
Version: 1.3.15
Severity: normal

Dear Maintainer,

There appears to be a slight bug in the /etc/logcheck/ignore.d.server/ssh file in that the following line (line 44) is incomplete:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp$

This means that those messages like this do get through the filter: "subsystem request for sftp by user username"

The corrected line which blocks those messages is below:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [._:[:alnum:]-]+$

-- System Information:
Debian Release: 7.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-25-hvmflexiant (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser                         3.113+nmu3
ii  cron                            3.0pl1-124
ii  lockfile-progs                  0.1.17
ii  logtail                         1.3.15
ii  mime-construct                  1.11
ii  postfix [mail-transport-agent]  2.9.6-2
ii  rsyslog [system-log-daemon]     5.8.11-3

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.15

Versions of packages logcheck suggests:
pn  syslog-summary  <none>

-- Configuration Files:
/etc/cron.d/logcheck changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
2 0,6,12,18 * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi

/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'

-- no debconf information