Ubuntu
logwatch package

Merge ~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-bionic into ubuntu/+source/logwatch:ubuntu/bionic-devel

  1. Git
  2. lp:~bryce/ubuntu/+source/logwatch
  3. fix-unmatched-entries-bionic
  4. Merge into ubuntu/bionic-devel
Proposed by Bryce Harrington
Status: Merged
Approved by: Bryce Harrington
Approved revision: fbeb92c11da180d1f9faa58aab33d2dcea1f9481
Merged at revision: fbeb92c11da180d1f9faa58aab33d2dcea1f9481
Proposed branch: ~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-bionic
Merge into: ubuntu/+source/logwatch:ubuntu/bionic-devel
Diff against target: 419 lines (+354/-0)
10 files modified
debian/changelog (+33/-0)
debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch (+34/-0)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/series (+8/-0)
debian/patches/ssh-ignore-disconnected.patch (+23/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Sergio Durigan Junior Pending
Canonical Server packageset reviewers Pending
Review via email: mp+390213@code.launchpad.net

Description of the change

This is a bionic SRU for most of the patches landed in groovy's logwatch. This omits several changes, including an update to upstream's homepage in d/control (it's not user-visible), and omission of patches for unmatched entries in exim4, pam_unix, and gnome-keyring since the issues in those packages that cause the error messages do not exist in bionic.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/logwatch-unmatched-entries

There is not an autopkgtest for logwatch (yet), but the directions for testing each of the SRU bugs is detailed on the corresponding bug report, and mainly just involves catting the log entries to the appropriate system log, running logwatch, and verifying the entries are no longer marked unmatched.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I will review this one.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Christian told me he will review this one, since he's already reviewing the focal one.

Revision history for this message
Bryce Harrington (bryce) wrote :

I've updated this with the review comments from the focal MP, and also added a couple patches for server-next bugs against logwatch. Both of these additional patches are backports already included in the groovy version.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As on F-MP, please add some Origin/Forwared (most likely an explicit "no - ubuntu only" given the patch name) to the new ZFS patch

Patch 18 on Focal got:
Origin: vendor, https://sourceforge.net/p/logwatch/git/ci/c827d09423489fcdd840c670528a05573bd90278/
Here it is still missing that info.

review: Needs Fixing
Revision history for this message
Bryce Harrington (bryce) wrote :

I've updated patch 0010 with the DEP3.

Note there is also a patch from an old SRU by Karl included, that I forgot to mention. The DEP3 for it looks reasonably complete, and part of it's SRU already landed but worth doublechecking.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

10 and the fix of Karl LGTM now.
Thanks!

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks, pushed and uploaded to proposed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index a565b3a..4c1d72e 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,36 @@
6+logwatch (7.4.3+git20161207-2ubuntu1.2) bionic; urgency=medium
7+
8+ [ Bryce Harrington ]
9+ * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
10+ dhcpd: Ignore lease age under threshold messages
11+ (LP: #1578001)
12+ * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
13+ audit: Treat Denial-Errors same as Denied.
14+ (LP: #1577948)
15+ * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
16+ audit: Apparmor DENIED entries don't always include parent=N.
17+ (LP: #1577948)
18+ * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
19+ zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
20+ These are not installed by default in Ubuntu's logwatch packaging.
21+ (LP: #1890749)
22+ * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
23+ postfix: Handle backwards-compatible mode.
24+ (LP: #1583705)
25+ * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
26+ postfix: Ignore Resolved loghost to 127.0.0.1.
27+ (LP: #1583705)
28+ * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
29+ Use $PATH to determine location of zpool and zfs.
30+ (LP: #1880211)
31+
32+ [ Karl Stenerud ]
33+ * d/p/ssh-ignore-disconnected.patch:
34+ sshd: ignore disconnected from user USER
35+ (LP: #1644057)
36+
37+ -- Bryce Harrington <bryce@canonical.com> Thu, 03 Sep 2020 04:21:53 +0000
38+
39 logwatch (7.4.3+git20161207-2ubuntu1.1) bionic; urgency=medium
40
41 * Add d/patches/ignore-ras-correctable-errors.patch to fix false
42diff --git a/debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch b/debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch
43new file mode 100644
44index 0000000..0afcc6d
45--- /dev/null
46+++ b/debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch
47@@ -0,0 +1,34 @@
48+From 01136a8b3e14a58660db6cc39138d3e40a852737 Mon Sep 17 00:00:00 2001
49+From: bjorn <bjorn1@users.sourceforge.net>
50+Date: Sat, 6 Jun 2020 18:03:32 -0700
51+Subject: [PATCH] [zz-zfs] Use $PATH to determine location of zpool and zfs.
52+ Reported by Paride Legovini, and previously by Stephen Sewell.
53+
54+Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
55+---
56+ scripts/services/zz-zfs | 4 ++--
57+ 1 file changed, 2 insertions(+), 2 deletions(-)
58+
59+Origin: upstream, https://sourceforge.net/p/logwatch/git/ci/01136a8b3e14a58660db6cc39138d3e40a852737
60+Bug: https://sourceforge.net/p/logwatch/bugs/83
61+Ubuntu-Bug: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1880211
62+Last-Updated: 2020-09-08
63+
64+diff --git a/scripts/services/zz-zfs b/scripts/services/zz-zfs
65+index 2234403..95eff2c 100644
66+--- a/scripts/services/zz-zfs
67++++ b/scripts/services/zz-zfs
68+@@ -52,8 +52,8 @@ if ($ENV{'LOGWATCH_ONLY_HOSTNAME'} && ($logwatch_hostname ne $host)) {
69+ exit 0;
70+ }
71+
72+-my $pathto_zpool = $ENV{'pathto_zpool'} || '/usr/sbin/zpool';
73+-my $pathto_zfs = $ENV{'pathto_zfs'} || '/usr/sbin/zfs';
74++my $pathto_zpool = $ENV{'pathto_zpool'} || 'zpool';
75++my $pathto_zfs = $ENV{'pathto_zfs'} || 'zfs';
76+ my $summary_only = $ENV{'summary_only'} || ($detail < 5);
77+ my $detail_only = $ENV{'detail_only'} || 0;
78+
79+--
80+2.25.1
81+
82diff --git a/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch b/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch
83new file mode 100644
84index 0000000..3060a0b
85--- /dev/null
86+++ b/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch
87@@ -0,0 +1,42 @@
88+From 6373191438fb8f4699aaeb8c53aaf7abcd4d8999 Mon Sep 17 00:00:00 2001
89+From: Bryce Harrington <bryce@canonical.com>
90+Date: Wed, 19 Aug 2020 03:29:42 +0000
91+Subject: [PATCH 01/10] postfix: Ignore Resolved loghost to 127.0.0.1
92+
93+Ref: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
94+Signed-off-by: Bryce Harrington <bryce@canonical.com>
95+---
96+ scripts/services/postfix | 5 +++--
97+ 1 file changed, 3 insertions(+), 2 deletions(-)
98+
99+Origin: vendor
100+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
101+Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
102+Last-Updated: 2020-08-20
103+
104+diff --git a/scripts/services/postfix b/scripts/services/postfix
105+index b5cb2ec..6550e3d 100644
106+--- a/scripts/services/postfix
107++++ b/scripts/services/postfix
108+@@ -2286,7 +2286,7 @@ sub postfix_postgrey($) {
109+ #TDpg unrecognized request type: ''
110+ #TDpg rm /var/spool/postfix/postgrey/log.0000000002
111+ #TDpg 2007/01/25-14:48:00 Pid_file already exists for running process (4775)... aborting at line 232 in file /usr/lib/perl5/vendor_perl/5.8.7/Net/Server.pm
112+-
113++ #TDpg Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
114+
115+ $line =~ /^cleaning / or
116+ $line =~ /^delayed / or
117+@@ -2301,7 +2301,8 @@ sub postfix_postgrey($) {
118+ # unanchored last
119+ $line =~ /Pid_file already exists/ or
120+ $line =~ /postgrey .* starting!/ or
121+- $line =~ /Server closing!/
122++ $line =~ /Server closing!/ or
123++ $line =~ /Resolved .*localhost.*IPv4/
124+ );
125+
126+ my ($action,$reason,$delay,$host,$ip,$sender,$recip);
127+--
128+2.27.0
129+
130diff --git a/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch b/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch
131new file mode 100644
132index 0000000..f4261e3
133--- /dev/null
134+++ b/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch
135@@ -0,0 +1,74 @@
136+From 44848e3237ddbdc593a938b543f897117049bb36 Mon Sep 17 00:00:00 2001
137+From: Bryce Harrington <bryce@canonical.com>
138+Date: Wed, 19 Aug 2020 04:01:24 +0000
139+Subject: [PATCH 02/10] postfix: Handle backwards-compatible mode
140+
141+Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
142+Signed-off-by: Bryce Harrington <bryce@canonical.com>
143+---
144+ scripts/services/postfix | 23 +++++++++++++++++++++++
145+ 1 file changed, 23 insertions(+)
146+
147+Origin: vendor
148+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
149+Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
150+Last-Updated: 2020-08-20
151+
152+diff --git a/scripts/services/postfix b/scripts/services/postfix
153+index 6550e3d..253401c 100644
154+--- a/scripts/services/postfix
155++++ b/scripts/services/postfix
156+@@ -2609,6 +2609,7 @@ sub postfix_fatal;
157+ sub postfix_error;
158+ sub postfix_warning;
159+ sub postfix_script;
160++sub backwards_compatible;
161+ sub postfix_postsuper;
162+ sub process_delivery_attempt;
163+ sub cleanhostreply;
164+@@ -2815,6 +2816,9 @@ sys 0m3.005s
165+ if ($p1 =~ /^panic: +(.*)$/) { postfix_panic($1); next; }
166+ if ($p1 =~ /^error: +(.*)$/) { postfix_error($1); next; }
167+
168++ # Backwards compatibility mode
169++ if ($p1 =~ /compati/i) { backwards_compatible($p1); next; } # backwards-compatible default settings
170++
171+ # output by all services that use table lookups - process before specific messages
172+ if ($p1 =~ /(?:lookup )?table (?:[^ ]+ )?has changed -- (?:restarting|exiting)$/) {
173+ #TD table hash:/var/mailman/data/virtual-mailman(0,lock|fold_fix) has changed -- restarting
174+@@ -4806,6 +4810,22 @@ sub postfix_script($) {
175+ }
176+ }
177+
178++# Handles postfix backwards compatibility mode lines
179++#
180++sub backwards_compatible($) {
181++ my $line = shift;
182++
183++ if ($line =~ /^Postfix is running with backwards-compatible default settings/o) {
184++ $Totals{'backwardscompatible'}++;
185++ }
186++ elsif ($line =~ /^See http.*COMPATIBILITY_README.html for details/o) {
187++ $Totals{'backwardscompatible'}++;
188++ }
189++ elsif ($line =~ /^To disable backwards compatibility use.*/o) {
190++ $Totals{'backwardscompatible'}++;
191++ }
192++}
193++
194+ # Clean up a server's reply, to give some uniformity to reports
195+ #
196+ sub cleanhostreply($ $ $ $) {
197+@@ -5213,6 +5233,9 @@ sub build_sect_table() {
198+ add_section ($S, 'postfixwaiting', 0, 'd', 'Postfix waiting to terminate');
199+ end_section_group ($S, 'postfixstate');
200+
201++ begin_section_group ($S, 'backwardscompatible', "\n");
202++ add_section ($S, 'backwardscompatible', 1, 'd', 'Running in backwards compatibile mode');
203++ end_section_group ($S, 'backwardscompatible');
204+
205+ if ($Opts{'debug'} & Logreporters::D_SECT) {
206+ print "\tSection table\n";
207+--
208+2.27.0
209+
210diff --git a/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch b/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch
211new file mode 100644
212index 0000000..67ebf81
213--- /dev/null
214+++ b/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch
215@@ -0,0 +1,52 @@
216+From 488a232634c1d383f4ec356d776b4ee292e48b0a Mon Sep 17 00:00:00 2001
217+From: Bryce Harrington <bryce@canonical.com>
218+Date: Wed, 19 Aug 2020 04:39:22 +0000
219+Subject: [PATCH 04/10] zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo
220+ are missing
221+
222+Neither of these perl modules are installed by default with a logwatch
223+installation, by intention, so the missing module warnings are
224+inappropriate. These modules only provide a minor amount of detail when
225+installed, and their information is volatile which can trigger false
226+test failures in some cases.
227+
228+Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890749
229+Signed-off-by: Bryce Harrington <bryce@canonical.com>
230+---
231+ scripts/services/zz-sys | 8 ++++----
232+ 1 file changed, 4 insertions(+), 4 deletions(-)
233+
234+Origin: vendor
235+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890749
236+Forwarded: no
237+Last-Updated: 2020-08-20
238+
239+diff --git a/scripts/services/zz-sys b/scripts/services/zz-sys
240+index 39f94ce..6bbf3fe 100644
241+--- a/scripts/services/zz-sys
242++++ b/scripts/services/zz-sys
243+@@ -35,8 +35,8 @@
244+
245+ eval "require Sys::CPU";
246+ if ($@) {
247+- print STDERR "No Sys::CPU module installed. To install, execute the command:\n";
248+- print STDERR " perl -MCPAN -e 'install Sys::CPU' \n\n";
249++ # Sys::CPU (and Sys::MemInfo) are intentionally not installed on Ubuntu.
250++ # Silently skip this if not present.
251+ } else {
252+ import Sys::CPU;
253+ print " CPU: " . Sys::CPU::cpu_count() . " " . Sys::CPU::cpu_type() . " at " . Sys::CPU::cpu_clock() . "MHz\n";
254+@@ -52,8 +52,8 @@ print " Release: $OStitle $release\n";
255+
256+ eval "require Sys::MemInfo";
257+ if ($@) {
258+- print STDERR "No Sys::MemInfo module installed. To install, execute the command:\n";
259+- print STDERR " perl -MCPAN -e 'install Sys::MemInfo' \n\n";
260++ # Sys::CPU (and Sys::MemInfo) are intentionally not installed on Ubuntu.
261++ # Silently skip this if not present.
262+ } else {
263+ import Sys::MemInfo qw(totalmem freemem totalswap freeswap);
264+ my $swapused = &totalswap - &freeswap;
265+--
266+2.27.0
267+
268diff --git a/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch b/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch
269new file mode 100644
270index 0000000..cacf79e
271--- /dev/null
272+++ b/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch
273@@ -0,0 +1,28 @@
274+From: Bryce Harrington <bryce@canonical.com>
275+Date: Thu, 20 Aug 2020 04:56:08 +0000
276+Subject: [PATCH 07/10] audit: Apparmor DENIED entries don't always include
277+ parent=N
278+
279+Ref: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948
280+Signed-off-by: Bryce Harrington <bryce@canonical.com>
281+---
282+ scripts/services/audit | 1 +
283+ 1 file changed, 1 insertion(+)
284+
285+Origin: vendor
286+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948
287+Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
288+Last-Updated: 2020-08-20
289+
290+diff --git a/scripts/services/audit b/scripts/services/audit
291+index b12f710..46e300e 100644
292+--- a/scripts/services/audit
293++++ b/scripts/services/audit
294+@@ -134,6 +134,7 @@ while ($ThisLine = <STDIN>) {
295+ } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" parent=\d+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
296+ # type=1400 audit(1314853822.672:33649): apparmor="DENIED" operation="mknod" parent=27250 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/share/wordpress/1114140474e5f13bea68a4.tmp" pid=27289 comm="apache2" requested_mask="c" denied_mask="c" fsuid=33 ouid=33
297+ # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
298++ # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s)
299+ $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++;
300+ } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) {
301+ # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12"
302diff --git a/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch b/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch
303new file mode 100644
304index 0000000..1d322d2
305--- /dev/null
306+++ b/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch
307@@ -0,0 +1,28 @@
308+From: Bryce Harrington <bryce@bryceharrington.org>
309+Date: Tue, 25 Aug 2020 18:02:43 -0300
310+Subject: audit: Treat Denial Errors same as Denied
311+
312+Ubuntu Security says, "I think this would be more useful as DENIED, as
313+that's how we discuss these line events elsewhere."
314+---
315+ scripts/services/audit | 3 +++
316+ 1 file changed, 3 insertions(+)
317+
318+Origin: vendor, https://sourceforge.net/p/logwatch/git/ci/c827d09423489fcdd840c670528a05573bd90278/
319+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948
320+Last-Updated: 2020-08-25
321+
322+diff --git a/scripts/services/audit b/scripts/services/audit
323+index 46e300e..a590c5e 100644
324+--- a/scripts/services/audit
325++++ b/scripts/services/audit
326+@@ -136,6 +136,9 @@ while ($ThisLine = <STDIN>) {
327+ # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
328+ # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s)
329+ $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++;
330++ } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" info="([^"]+)" error=-*[0-9]+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
331++ # type=1400 audit(1597690743.153:8073): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-open-iscsi-review-mp389234-groovy_</var/snap/lxd/common/lxd>" name="/run/" pid=1694826 comm="mount" flags="rw, nosuid, nodev, remount": 1 Time(s)
332++ $denials{$1.' '.$4.' ('.$3.' via '.$5 .': '.$2. ')'}++;
333+ } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) {
334+ # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12"
335+ # type=1400 audit(1369627891.522:447576): apparmor="ALLOWED" operation="capable" parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" pid=3733 comm="dovecot" capability=5 capname="kill"
336diff --git a/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch b/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch
337new file mode 100644
338index 0000000..d73695a
339--- /dev/null
340+++ b/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch
341@@ -0,0 +1,32 @@
342+From b5ba9adac18b8b964f1bc8532ef6b9809656777c Mon Sep 17 00:00:00 2001
343+From: Bryce Harrington <bryce@canonical.com>
344+Date: Thu, 20 Aug 2020 22:53:30 +0000
345+Subject: [PATCH 10/10] dhcpd: Ignore lease age under threshold messages
346+
347+Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578001
348+Signed-off-by: Bryce Harrington <bryce@canonical.com>
349+---
350+ scripts/services/dhcpd | 2 ++
351+ 1 file changed, 2 insertions(+)
352+
353+Origin: vendor
354+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578001
355+Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
356+Last-Updated: 2020-08-20
357+
358+diff --git a/scripts/services/dhcpd b/scripts/services/dhcpd
359+index 98e7fa7..87312f7 100644
360+--- a/scripts/services/dhcpd
361++++ b/scripts/services/dhcpd
362+@@ -119,6 +119,8 @@ while (my $line = <STDIN>) {
363+ ($line =~ /^of the dhcpd.conf file\./)
364+ ) {
365+ # Do nothing
366++ } elsif ($line =~ /lease age \d+ \(secs\) under \d+% threshold, reply with unaltered, existing lease/) {
367++ # Do nothing
368+
369+ } elsif ($line =~ s/^exiting./DHCP server exiting./) {
370+ $data{'Generic error'}{$line}++;
371+--
372+2.27.0
373+
374diff --git a/debian/patches/series b/debian/patches/series
375index 35fbd8b..c4a4ac6 100644
376--- a/debian/patches/series
377+++ b/debian/patches/series
378@@ -8,4 +8,12 @@
379 0008-postfix-Fix-unaligned-output.patch
380 0009-Revert-Changed-encoding-to-UTF-8-as-suggested-by-G-r.patch
381
382+ssh-ignore-disconnected.patch
383 ignore-ras-correctable-errors.patch
384+0010-00-debspecific-disable-su-reporting-in-secure.diff.patch
385+0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch
386+0012-postfix-Handle-backwards-compatible-mode.patch
387+0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch
388+0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch
389+0018-audit-Treat-Denial-Errors-same-as-Denied.patch
390+0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch
391diff --git a/debian/patches/ssh-ignore-disconnected.patch b/debian/patches/ssh-ignore-disconnected.patch
392new file mode 100644
393index 0000000..ed1c0c3
394--- /dev/null
395+++ b/debian/patches/ssh-ignore-disconnected.patch
396@@ -0,0 +1,23 @@
397+Description: [sshd] ignore disconnected from user USER
398+Author: Karl Stenerud <karl.stenerud@canonical.com>
399+Origin: https://sourceforge.net/u/jsoref/logwatch/ci/f8aae45768d5ddf01e55b86afa9af90757530089/
400+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855539
401+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1644057
402+Applied-Upstream: https://sourceforge.net/u/jsoref/logwatch/ci/f8aae45768d5ddf01e55b86afa9af90757530089/
403+Last-Update: 2018-08-31
404+---
405+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
406+diff --git a/scripts/services/sshd b/scripts/services/sshd
407+index a7edb41..5ff18dd 100755
408+--- a/scripts/services/sshd
409++++ b/scripts/services/sshd
410+@@ -297,7 +297,8 @@ while (defined(my $ThisLine = <STDIN>)) {
411+ ($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
412+ ($ThisLine =~ /Found matching \w+ key:/ ) or
413+ ($ThisLine =~ /User child is on pid \d/ ) or
414+- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
415++ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or
416++ ($ThisLine =~ /Disconnected from (?:user \S+ |)[\da-fA-F.:]* port \d*/ )
417+ ) {
418+ # Ignore these
419+ } elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {

Subscribers

People subscribed via source and target branches