Ubuntu
logwatch package

Merge ~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-bionic into ubuntu/+source/logwatch:ubuntu/bionic-devel

  1. Git
  2. lp:~bryce/ubuntu/+source/logwatch
  3. fix-unmatched-entries-bionic
  4. Merge into ubuntu/bionic-devel
Proposed by Bryce Harrington
Status: Merged
Approved by: Bryce Harrington
Approved revision: fbeb92c11da180d1f9faa58aab33d2dcea1f9481
Merged at revision: fbeb92c11da180d1f9faa58aab33d2dcea1f9481
Proposed branch: ~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-bionic
Merge into: ubuntu/+source/logwatch:ubuntu/bionic-devel
Diff against target: 419 lines (+354/-0)
10 files modified
debian/changelog (+33/-0)
debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch (+34/-0)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/series (+8/-0)
debian/patches/ssh-ignore-disconnected.patch (+23/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Sergio Durigan Junior Pending
Canonical Server packageset reviewers Pending
Review via email: mp+390213@code.launchpad.net

Description of the change

This is a bionic SRU for most of the patches landed in groovy's logwatch. This omits several changes, including an update to upstream's homepage in d/control (it's not user-visible), and omission of patches for unmatched entries in exim4, pam_unix, and gnome-keyring since the issues in those packages that cause the error messages do not exist in bionic.

PPA: https://launchpad.net/~bryce/+archive/ubuntu/logwatch-unmatched-entries

There is not an autopkgtest for logwatch (yet), but the directions for testing each of the SRU bugs is detailed on the corresponding bug report, and mainly just involves catting the log entries to the appropriate system log, running logwatch, and verifying the entries are no longer marked unmatched.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I will review this one.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Christian told me he will review this one, since he's already reviewing the focal one.

Revision history for this message
Bryce Harrington (bryce) wrote :

I've updated this with the review comments from the focal MP, and also added a couple patches for server-next bugs against logwatch. Both of these additional patches are backports already included in the groovy version.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As on F-MP, please add some Origin/Forwared (most likely an explicit "no - ubuntu only" given the patch name) to the new ZFS patch

Patch 18 on Focal got:
Origin: vendor, https://sourceforge.net/p/logwatch/git/ci/c827d09423489fcdd840c670528a05573bd90278/
Here it is still missing that info.

review: Needs Fixing
Revision history for this message
Bryce Harrington (bryce) wrote :

I've updated patch 0010 with the DEP3.

Note there is also a patch from an old SRU by Karl included, that I forgot to mention. The DEP3 for it looks reasonably complete, and part of it's SRU already landed but worth doublechecking.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

10 and the fix of Karl LGTM now.
Thanks!

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks, pushed and uploaded to proposed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index a565b3a..4c1d72e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,36 @@
1logwatch (7.4.3+git20161207-2ubuntu1.2) bionic; urgency=medium
2
3 [ Bryce Harrington ]
4 * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
5 dhcpd: Ignore lease age under threshold messages
6 (LP: #1578001)
7 * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
8 audit: Treat Denial-Errors same as Denied.
9 (LP: #1577948)
10 * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
11 audit: Apparmor DENIED entries don't always include parent=N.
12 (LP: #1577948)
13 * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
14 zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
15 These are not installed by default in Ubuntu's logwatch packaging.
16 (LP: #1890749)
17 * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
18 postfix: Handle backwards-compatible mode.
19 (LP: #1583705)
20 * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
21 postfix: Ignore Resolved loghost to 127.0.0.1.
22 (LP: #1583705)
23 * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
24 Use $PATH to determine location of zpool and zfs.
25 (LP: #1880211)
26
27 [ Karl Stenerud ]
28 * d/p/ssh-ignore-disconnected.patch:
29 sshd: ignore disconnected from user USER
30 (LP: #1644057)
31
32 -- Bryce Harrington <bryce@canonical.com> Thu, 03 Sep 2020 04:21:53 +0000
33
1logwatch (7.4.3+git20161207-2ubuntu1.1) bionic; urgency=medium34logwatch (7.4.3+git20161207-2ubuntu1.1) bionic; urgency=medium
235
3 * Add d/patches/ignore-ras-correctable-errors.patch to fix false36 * Add d/patches/ignore-ras-correctable-errors.patch to fix false
diff --git a/debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch b/debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch
4new file mode 10064437new file mode 100644
index 0000000..0afcc6d
--- /dev/null
+++ b/debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch
@@ -0,0 +1,34 @@
1From 01136a8b3e14a58660db6cc39138d3e40a852737 Mon Sep 17 00:00:00 2001
2From: bjorn <bjorn1@users.sourceforge.net>
3Date: Sat, 6 Jun 2020 18:03:32 -0700
4Subject: [PATCH] [zz-zfs] Use $PATH to determine location of zpool and zfs.
5 Reported by Paride Legovini, and previously by Stephen Sewell.
6
7Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
8---
9 scripts/services/zz-zfs | 4 ++--
10 1 file changed, 2 insertions(+), 2 deletions(-)
11
12Origin: upstream, https://sourceforge.net/p/logwatch/git/ci/01136a8b3e14a58660db6cc39138d3e40a852737
13Bug: https://sourceforge.net/p/logwatch/bugs/83
14Ubuntu-Bug: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1880211
15Last-Updated: 2020-09-08
16
17diff --git a/scripts/services/zz-zfs b/scripts/services/zz-zfs
18index 2234403..95eff2c 100644
19--- a/scripts/services/zz-zfs
20+++ b/scripts/services/zz-zfs
21@@ -52,8 +52,8 @@ if ($ENV{'LOGWATCH_ONLY_HOSTNAME'} && ($logwatch_hostname ne $host)) {
22 exit 0;
23 }
24
25-my $pathto_zpool = $ENV{'pathto_zpool'} || '/usr/sbin/zpool';
26-my $pathto_zfs = $ENV{'pathto_zfs'} || '/usr/sbin/zfs';
27+my $pathto_zpool = $ENV{'pathto_zpool'} || 'zpool';
28+my $pathto_zfs = $ENV{'pathto_zfs'} || 'zfs';
29 my $summary_only = $ENV{'summary_only'} || ($detail < 5);
30 my $detail_only = $ENV{'detail_only'} || 0;
31
32--
332.25.1
34
diff --git a/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch b/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch
0new file mode 10064435new file mode 100644
index 0000000..3060a0b
--- /dev/null
+++ b/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch
@@ -0,0 +1,42 @@
1From 6373191438fb8f4699aaeb8c53aaf7abcd4d8999 Mon Sep 17 00:00:00 2001
2From: Bryce Harrington <bryce@canonical.com>
3Date: Wed, 19 Aug 2020 03:29:42 +0000
4Subject: [PATCH 01/10] postfix: Ignore Resolved loghost to 127.0.0.1
5
6Ref: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
7Signed-off-by: Bryce Harrington <bryce@canonical.com>
8---
9 scripts/services/postfix | 5 +++--
10 1 file changed, 3 insertions(+), 2 deletions(-)
11
12Origin: vendor
13Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
14Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
15Last-Updated: 2020-08-20
16
17diff --git a/scripts/services/postfix b/scripts/services/postfix
18index b5cb2ec..6550e3d 100644
19--- a/scripts/services/postfix
20+++ b/scripts/services/postfix
21@@ -2286,7 +2286,7 @@ sub postfix_postgrey($) {
22 #TDpg unrecognized request type: ''
23 #TDpg rm /var/spool/postfix/postgrey/log.0000000002
24 #TDpg 2007/01/25-14:48:00 Pid_file already exists for running process (4775)... aborting at line 232 in file /usr/lib/perl5/vendor_perl/5.8.7/Net/Server.pm
25-
26+ #TDpg Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
27
28 $line =~ /^cleaning / or
29 $line =~ /^delayed / or
30@@ -2301,7 +2301,8 @@ sub postfix_postgrey($) {
31 # unanchored last
32 $line =~ /Pid_file already exists/ or
33 $line =~ /postgrey .* starting!/ or
34- $line =~ /Server closing!/
35+ $line =~ /Server closing!/ or
36+ $line =~ /Resolved .*localhost.*IPv4/
37 );
38
39 my ($action,$reason,$delay,$host,$ip,$sender,$recip);
40--
412.27.0
42
diff --git a/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch b/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch
0new file mode 10064443new file mode 100644
index 0000000..f4261e3
--- /dev/null
+++ b/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch
@@ -0,0 +1,74 @@
1From 44848e3237ddbdc593a938b543f897117049bb36 Mon Sep 17 00:00:00 2001
2From: Bryce Harrington <bryce@canonical.com>
3Date: Wed, 19 Aug 2020 04:01:24 +0000
4Subject: [PATCH 02/10] postfix: Handle backwards-compatible mode
5
6Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
7Signed-off-by: Bryce Harrington <bryce@canonical.com>
8---
9 scripts/services/postfix | 23 +++++++++++++++++++++++
10 1 file changed, 23 insertions(+)
11
12Origin: vendor
13Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705
14Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
15Last-Updated: 2020-08-20
16
17diff --git a/scripts/services/postfix b/scripts/services/postfix
18index 6550e3d..253401c 100644
19--- a/scripts/services/postfix
20+++ b/scripts/services/postfix
21@@ -2609,6 +2609,7 @@ sub postfix_fatal;
22 sub postfix_error;
23 sub postfix_warning;
24 sub postfix_script;
25+sub backwards_compatible;
26 sub postfix_postsuper;
27 sub process_delivery_attempt;
28 sub cleanhostreply;
29@@ -2815,6 +2816,9 @@ sys 0m3.005s
30 if ($p1 =~ /^panic: +(.*)$/) { postfix_panic($1); next; }
31 if ($p1 =~ /^error: +(.*)$/) { postfix_error($1); next; }
32
33+ # Backwards compatibility mode
34+ if ($p1 =~ /compati/i) { backwards_compatible($p1); next; } # backwards-compatible default settings
35+
36 # output by all services that use table lookups - process before specific messages
37 if ($p1 =~ /(?:lookup )?table (?:[^ ]+ )?has changed -- (?:restarting|exiting)$/) {
38 #TD table hash:/var/mailman/data/virtual-mailman(0,lock|fold_fix) has changed -- restarting
39@@ -4806,6 +4810,22 @@ sub postfix_script($) {
40 }
41 }
42
43+# Handles postfix backwards compatibility mode lines
44+#
45+sub backwards_compatible($) {
46+ my $line = shift;
47+
48+ if ($line =~ /^Postfix is running with backwards-compatible default settings/o) {
49+ $Totals{'backwardscompatible'}++;
50+ }
51+ elsif ($line =~ /^See http.*COMPATIBILITY_README.html for details/o) {
52+ $Totals{'backwardscompatible'}++;
53+ }
54+ elsif ($line =~ /^To disable backwards compatibility use.*/o) {
55+ $Totals{'backwardscompatible'}++;
56+ }
57+}
58+
59 # Clean up a server's reply, to give some uniformity to reports
60 #
61 sub cleanhostreply($ $ $ $) {
62@@ -5213,6 +5233,9 @@ sub build_sect_table() {
63 add_section ($S, 'postfixwaiting', 0, 'd', 'Postfix waiting to terminate');
64 end_section_group ($S, 'postfixstate');
65
66+ begin_section_group ($S, 'backwardscompatible', "\n");
67+ add_section ($S, 'backwardscompatible', 1, 'd', 'Running in backwards compatibile mode');
68+ end_section_group ($S, 'backwardscompatible');
69
70 if ($Opts{'debug'} & Logreporters::D_SECT) {
71 print "\tSection table\n";
72--
732.27.0
74
diff --git a/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch b/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch
0new file mode 10064475new file mode 100644
index 0000000..67ebf81
--- /dev/null
+++ b/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch
@@ -0,0 +1,52 @@
1From 488a232634c1d383f4ec356d776b4ee292e48b0a Mon Sep 17 00:00:00 2001
2From: Bryce Harrington <bryce@canonical.com>
3Date: Wed, 19 Aug 2020 04:39:22 +0000
4Subject: [PATCH 04/10] zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo
5 are missing
6
7Neither of these perl modules are installed by default with a logwatch
8installation, by intention, so the missing module warnings are
9inappropriate. These modules only provide a minor amount of detail when
10installed, and their information is volatile which can trigger false
11test failures in some cases.
12
13Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890749
14Signed-off-by: Bryce Harrington <bryce@canonical.com>
15---
16 scripts/services/zz-sys | 8 ++++----
17 1 file changed, 4 insertions(+), 4 deletions(-)
18
19Origin: vendor
20Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890749
21Forwarded: no
22Last-Updated: 2020-08-20
23
24diff --git a/scripts/services/zz-sys b/scripts/services/zz-sys
25index 39f94ce..6bbf3fe 100644
26--- a/scripts/services/zz-sys
27+++ b/scripts/services/zz-sys
28@@ -35,8 +35,8 @@
29
30 eval "require Sys::CPU";
31 if ($@) {
32- print STDERR "No Sys::CPU module installed. To install, execute the command:\n";
33- print STDERR " perl -MCPAN -e 'install Sys::CPU' \n\n";
34+ # Sys::CPU (and Sys::MemInfo) are intentionally not installed on Ubuntu.
35+ # Silently skip this if not present.
36 } else {
37 import Sys::CPU;
38 print " CPU: " . Sys::CPU::cpu_count() . " " . Sys::CPU::cpu_type() . " at " . Sys::CPU::cpu_clock() . "MHz\n";
39@@ -52,8 +52,8 @@ print " Release: $OStitle $release\n";
40
41 eval "require Sys::MemInfo";
42 if ($@) {
43- print STDERR "No Sys::MemInfo module installed. To install, execute the command:\n";
44- print STDERR " perl -MCPAN -e 'install Sys::MemInfo' \n\n";
45+ # Sys::CPU (and Sys::MemInfo) are intentionally not installed on Ubuntu.
46+ # Silently skip this if not present.
47 } else {
48 import Sys::MemInfo qw(totalmem freemem totalswap freeswap);
49 my $swapused = &totalswap - &freeswap;
50--
512.27.0
52
diff --git a/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch b/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch
0new file mode 10064453new file mode 100644
index 0000000..cacf79e
--- /dev/null
+++ b/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch
@@ -0,0 +1,28 @@
1From: Bryce Harrington <bryce@canonical.com>
2Date: Thu, 20 Aug 2020 04:56:08 +0000
3Subject: [PATCH 07/10] audit: Apparmor DENIED entries don't always include
4 parent=N
5
6Ref: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948
7Signed-off-by: Bryce Harrington <bryce@canonical.com>
8---
9 scripts/services/audit | 1 +
10 1 file changed, 1 insertion(+)
11
12Origin: vendor
13Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948
14Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
15Last-Updated: 2020-08-20
16
17diff --git a/scripts/services/audit b/scripts/services/audit
18index b12f710..46e300e 100644
19--- a/scripts/services/audit
20+++ b/scripts/services/audit
21@@ -134,6 +134,7 @@ while ($ThisLine = <STDIN>) {
22 } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" parent=\d+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
23 # type=1400 audit(1314853822.672:33649): apparmor="DENIED" operation="mknod" parent=27250 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/share/wordpress/1114140474e5f13bea68a4.tmp" pid=27289 comm="apache2" requested_mask="c" denied_mask="c" fsuid=33 ouid=33
24 # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
25+ # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s)
26 $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++;
27 } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) {
28 # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12"
diff --git a/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch b/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch
0new file mode 10064429new file mode 100644
index 0000000..1d322d2
--- /dev/null
+++ b/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch
@@ -0,0 +1,28 @@
1From: Bryce Harrington <bryce@bryceharrington.org>
2Date: Tue, 25 Aug 2020 18:02:43 -0300
3Subject: audit: Treat Denial Errors same as Denied
4
5Ubuntu Security says, "I think this would be more useful as DENIED, as
6that's how we discuss these line events elsewhere."
7---
8 scripts/services/audit | 3 +++
9 1 file changed, 3 insertions(+)
10
11Origin: vendor, https://sourceforge.net/p/logwatch/git/ci/c827d09423489fcdd840c670528a05573bd90278/
12Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948
13Last-Updated: 2020-08-25
14
15diff --git a/scripts/services/audit b/scripts/services/audit
16index 46e300e..a590c5e 100644
17--- a/scripts/services/audit
18+++ b/scripts/services/audit
19@@ -136,6 +136,9 @@ while ($ThisLine = <STDIN>) {
20 # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
21 # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s)
22 $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++;
23+ } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" info="([^"]+)" error=-*[0-9]+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) {
24+ # type=1400 audit(1597690743.153:8073): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-open-iscsi-review-mp389234-groovy_</var/snap/lxd/common/lxd>" name="/run/" pid=1694826 comm="mount" flags="rw, nosuid, nodev, remount": 1 Time(s)
25+ $denials{$1.' '.$4.' ('.$3.' via '.$5 .': '.$2. ')'}++;
26 } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) {
27 # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12"
28 # type=1400 audit(1369627891.522:447576): apparmor="ALLOWED" operation="capable" parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" pid=3733 comm="dovecot" capability=5 capname="kill"
diff --git a/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch b/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch
0new file mode 10064429new file mode 100644
index 0000000..d73695a
--- /dev/null
+++ b/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch
@@ -0,0 +1,32 @@
1From b5ba9adac18b8b964f1bc8532ef6b9809656777c Mon Sep 17 00:00:00 2001
2From: Bryce Harrington <bryce@canonical.com>
3Date: Thu, 20 Aug 2020 22:53:30 +0000
4Subject: [PATCH 10/10] dhcpd: Ignore lease age under threshold messages
5
6Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578001
7Signed-off-by: Bryce Harrington <bryce@canonical.com>
8---
9 scripts/services/dhcpd | 2 ++
10 1 file changed, 2 insertions(+)
11
12Origin: vendor
13Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578001
14Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/
15Last-Updated: 2020-08-20
16
17diff --git a/scripts/services/dhcpd b/scripts/services/dhcpd
18index 98e7fa7..87312f7 100644
19--- a/scripts/services/dhcpd
20+++ b/scripts/services/dhcpd
21@@ -119,6 +119,8 @@ while (my $line = <STDIN>) {
22 ($line =~ /^of the dhcpd.conf file\./)
23 ) {
24 # Do nothing
25+ } elsif ($line =~ /lease age \d+ \(secs\) under \d+% threshold, reply with unaltered, existing lease/) {
26+ # Do nothing
27
28 } elsif ($line =~ s/^exiting./DHCP server exiting./) {
29 $data{'Generic error'}{$line}++;
30--
312.27.0
32
diff --git a/debian/patches/series b/debian/patches/series
index 35fbd8b..c4a4ac6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,4 +8,12 @@
80008-postfix-Fix-unaligned-output.patch80008-postfix-Fix-unaligned-output.patch
90009-Revert-Changed-encoding-to-UTF-8-as-suggested-by-G-r.patch90009-Revert-Changed-encoding-to-UTF-8-as-suggested-by-G-r.patch
1010
11ssh-ignore-disconnected.patch
11ignore-ras-correctable-errors.patch12ignore-ras-correctable-errors.patch
130010-00-debspecific-disable-su-reporting-in-secure.diff.patch
140011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch
150012-postfix-Handle-backwards-compatible-mode.patch
160014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch
170017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch
180018-audit-Treat-Denial-Errors-same-as-Denied.patch
190020-dhcpd-Ignore-lease-age-under-threshold-messages.patch
diff --git a/debian/patches/ssh-ignore-disconnected.patch b/debian/patches/ssh-ignore-disconnected.patch
12new file mode 10064420new file mode 100644
index 0000000..ed1c0c3
--- /dev/null
+++ b/debian/patches/ssh-ignore-disconnected.patch
@@ -0,0 +1,23 @@
1Description: [sshd] ignore disconnected from user USER
2Author: Karl Stenerud <karl.stenerud@canonical.com>
3Origin: https://sourceforge.net/u/jsoref/logwatch/ci/f8aae45768d5ddf01e55b86afa9af90757530089/
4Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855539
5Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1644057
6Applied-Upstream: https://sourceforge.net/u/jsoref/logwatch/ci/f8aae45768d5ddf01e55b86afa9af90757530089/
7Last-Update: 2018-08-31
8---
9This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
10diff --git a/scripts/services/sshd b/scripts/services/sshd
11index a7edb41..5ff18dd 100755
12--- a/scripts/services/sshd
13+++ b/scripts/services/sshd
14@@ -297,7 +297,8 @@ while (defined(my $ThisLine = <STDIN>)) {
15 ($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
16 ($ThisLine =~ /Found matching \w+ key:/ ) or
17 ($ThisLine =~ /User child is on pid \d/ ) or
18- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
19+ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or
20+ ($ThisLine =~ /Disconnected from (?:user \S+ |)[\da-fA-F.:]* port \d*/ )
21 ) {
22 # Ignore these
23 } elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {

Subscribers

People subscribed via source and target branches