[Logcheck-devel] Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication
philou
philou at philou.org
Sat Mar 29 21:53:09 UTC 2014
Package: logcheck
Version: 1.3.16
Severity: normal
Dear Maintainer,
Current regex in i.d.s/ssh doesn't match when using key exchange authentication.
If not using key exchange authentication, the following log message will be correctly ignored:
Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from 192.0.2.60 port 20042 ssh2
When using key exchange authentication, the following log message will NOT be ignored:
Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from 192.0.2.60 port 60594 ssh2: RSA e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c
The regex is:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$
and will not match the key fingerprint.
Truly yours,
Philippe
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.12-1-486
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck depends on:
ii adduser 3.113+nmu3
ii cron 3.0pl1-124
pn default-mta | mail-transport-agent <none>
ii lockfile-progs 0.1.17
ii logtail 1.3.16
ii mime-construct 1.11
ii rsyslog [system-log-daemon] 7.6.3-1
Versions of packages logcheck recommends:
ii logcheck-database 1.3.16
Versions of packages logcheck suggests:
pn syslog-summary <none>
-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
More information about the Logcheck-devel
mailing list