unmatched entry for securetty on focal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
logwatch (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Unassigned | ||
Groovy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
Messages about /etc/securetty aren't being handled by logwatch and end up in the "Unmatched Entries" section. Support for /etc/securetty was dropped in focal, but some services or other software haven't been updated to reflect this change and so issue the warning.
[Test Case]
$ export CODENAME="focal"
$ lxc launch ubuntu:${CODENAME} test-logwatch
$ lxc exec test-logwatch -- bash
# apt-get update
# apt-get dist-upgrade -y
# apt-get install -y logwatch
# wget https:/
# cat unmatched-
# logwatch --detail High --service all --range all --output stdout
Without the fix, there will be unmatched entries for /etc/securetty, which may appear in multiple sections within the report; with the fix there will be no such messages.
(Note: For testing it's not really necessary to trigger the original condition that produces the log entry, since for Logwatch the purpose is more about making sure the entry is detected and processed appropriately.)
[Regression Potential]
Since logwatch filters logs for errors pertinent to administrators,
standard things to watch out for are undesired changes in this filtering
behavior, such as flagging or failing to flag issues differently than
before, other than the specific messages being filtered with this
change.
[Original Report]
$ sudo logwatch --detail Low --range today --service all --output stdout
------
sudo:
Sessions Opened:
root -> root: 4 Time(s)
Unknown Entries:
Couldn't open /etc/securetty: No such file or directory: 4 Time(s)
------
Related branches
- Bryce Harrington (community): Approve
- Christian Ehrhardt (community): Needs Fixing
- Canonical Server: Pending requested
-
Diff: 1086 lines (+868/-2)13 files modifieddebian/changelog (+371/-0)
debian/control (+4/-2)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch (+32/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch (+73/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch (+69/-0)
debian/patches/series (+12/-0)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
- Sergio Durigan Junior: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 651 lines (+569/-0)13 files modifieddebian/changelog (+43/-0)
debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch (+34/-0)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch (+32/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch (+73/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch (+69/-0)
debian/patches/series (+11/-0)
- Seth Arnold (community): Approve
- Canonical Server: Pending requested
- Canonical Server Core Reviewers: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 649 lines (+561/-1)13 files modifieddebian/changelog (+39/-0)
debian/control (+1/-1)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch (+32/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/0016-audit-Flag-apparmor-confinement-drops.patch (+62/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+36/-0)
debian/patches/0018-audit-Handle-apparmor-errors-on-DENIED-messages.patch (+56/-0)
debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch (+73/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/series (+11/-0)
description: | updated |
tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
I've reproduced this in lxd on groovy and focal, but not on xenial or bionic.