lp:ubuntu/gutsy-updates/logcheck

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

13. By Daniel Hahler on 2007-10-19

* Picked bugfixes from 1.6.62:
  - make dependency on logtail versioned (>= 1.2.59; closes: #443134).
  - apply patch by Marc Haber to fix logtail2 when there are no archived logs
    found (LP: #149641)
* Modify Maintainer value to match the DebianMaintainerField
  specification.

12. By madduck on 2007-09-04

* Provide $TMP and allow the administrator to specify an alternate location
  to store temporary files; thanks to Micah Anderson for the patch
  (closes: #412201).

* ignore.d.server/logcheck:
  - Apply filter rules for new PAM log format; thanks to Aaron M. Ucko
    (closes: #440123).

* ignore.d.server/rsync:
  - Ignore runtime rsyncd messages; patch by Justin Pryzby (closes: #440181)

* violations.ignore.d/logcheck-postfix:
  - ignore temporary DNS lookup failures when checking for sender MX.
  - also ignore defer notices smtp gets after the DATA command.
  - ignore some rejections when $smtpd_delay_reject=no is set; thanks to
    Justin Pryzby (closes: #425642, #426736).

* ignore.d.server/postfix:
  - ignore TLS library receiving SSLv3 alert 10, since it's just a broken
    client connecting.
  - ignore when libc6 warns about in-addr.arpa request being answered with
    a CNAME, which is not correct, but people do it and it works regardless.
  - ignore when smtpd tells us its discarding EHLO keywords
    ($smtpd_discard_ehlo_keyword*).
  - ignore SASL authentication failures due to empty passwords.
  - ignore AV system overload warnings by milter-reject.

* ignore.d.server/spamd, violations.ignore.d/logcheck-spamd:
  - ignore spamcop failure and success messages.
  - do not ignore child state K, which indicates kill and might be
    a problem; thanks Frans Pop (closes: #436439).
  - update check result rule in violations.ignore.d.

* ignore.d.server/pdns:
  - ignore messages about invalid packet sizes received from other machines.
  - ignore launch message after TCP nameserver was cycled.

* ignore.d.server/hylafax:
  - ignore MODEM messages by FaxQueuer; thanks Remi Letot (closes: #425035).

* ignore.d.server/bind
  - ignore view queries; thanks Justin Pryzby (closes: #428629).

11. By madduck on 2007-05-05

* Thanks to Eric Evans and Russ Allbery for their contributions.

* ignore.d.server/dovecot:
  - ignore additional, non-conventional comment to msgid on deliver message.

* ignore.d.server/openvpn:
  - ignore messages related to tls-verify script.
  - hide informational messages related to UDP.
  - allow free-form tun names.
  - handle multiple routes.
  - ignore stuff related to tls-auth
  - ignore ping-restart process respawn.

* ignore.d.server/postfix:
  - updated an anvil stats pattern to match the submission service name in
    addition to port 587, (closes: #418449). Thanks Michael Shuler.
  - ignore more timeout and connection refused messages (closes: #404852).
  - allow more logging information in connection failure messages.
  - allow any message ID for cleanup; there are too many possibilities.
  - make the DSN optional in remote accept messages.
  - ignore numeric hostname and DNS lookup failures.
  - ignore invalid octet count errors from trivial-rewrite.
  - Postfix 2.4.0 now logs as error some of the deferral messages
    formerly logged as qmgr.
  - Fix typo in "while performing the HELO handshake" message.
  - ignore all warnings about malformed domain names in resource data of
    MX/CNAME records.
  - ignore warnings about numeric hostnames by valid_hostname.
  - ignore notice about generated sender delivery status notification.
  - filter certificate warnings for smtp and smtpd.
  - ignore warnings about timed out conversations.
  - filter out qmgr undeliverable warnings.
  - do not hardcode column names for mysql query; thanks Andreas Beckmann.

* violations.ignore.d/logcheck-postfix:
  - smtpd_peer_init is optional before DNS failure messages.
  - allow conn_use information in smtp failure messages.
  - add another variation on remote message acceptance.
  - allow more message IDs in cleanup log messages.
  - Ignore qmgr message expiration messages.

* violations.ignore.d/logcheck-ssh:
  - ignore host/address mismatch messages from TCP wrappers.

* ignore.d.server/ssh:
  - also ignore backslashes in invalid/illegal user names.

* ignore.d.server/thttpd:
  - ignore stats messages.

* ignore.d.server/spamd:
  - ignore checking notice when there is no message-id ("unknown"); thanks
    Fabian Fagerholm (closes: #421913).

* ignore.d.server/teapop:
  - ignore messages by POP3 server; thanks to Stephan Windmüller
    (closes: #421768)

* ignore.d.server/snort:
  - ignore empty log lines; thanks to Johan Walles (closes: #413262).

* ignore.d.*/kernel, violations.ignore.d/logcheck-kernel:
  - allow kernel timestamps (CONFIG_PRINTK_TIME); thanks to Samuel Thibault
    (closes: #416971).

* Updated pt_BR debconf translation; thanks to Andr�� Lu��s Lopes
  (closes: #421525).

10. By madduck on 2007-02-28

* Actually install README.backports.gz to /usr/share/doc/logcheck
  (closes: #411021).

* Make sure the logcheck group actually exists. Thanks, Jordi.

* violations.ignore.d/logcheck-passwd:
  - ignore PAM warnings on authentication failures.

* violations.ignore.d/logcheck-saslauthd:\
  - ignore PAM warnings on authentication failures.

* ignore.d.server/saned:
  - ignore some more error messages.

* ignore.d.server/hplip:
  - ignore some more error messages.

* violations.d/logcheck:
  - elevate messages matching /violations/i.

* violations.ignore.d/logcheck-proftpd:
  - ignore warning about attempted root logins.

* ignore.d.server/ssh:
  - ignore @ in names of nonexistent accounts.

* ignore.d.server/kernel:
  - ignore more initialisation messages from SCSI subsystem.

* ignore.d.workstation/kernel:
  - ignore keyboard connection messages.

* violations.ignore.d/logcheck-postfix:
  - ignore sender verification rejects after MAIL (in case they are not
    delayed).
  - ignore RBL rejects after successful reverse DNS resolution.
  - allow extra information after message-id.
  - ignore certificate verification failures due to invalid CA certs.
  - ignore reject due to sender address verification against virtual table.

* ignore.d.server/postfix:
  - more policyd-weight rules by Armin Berres (closes: #410416).
  - ignore messages related to RBL DNS lookup errors.
  - ignore messages on successful delivery to Sendmail.
  - improve filters for messages relating to deferred mail.

* ignore.d.server/spamd:
  - ignore init messages with scores in SQL (closes: #411111).

* ignore.d.server/mldonkey-server:
  - ignore BER decode errors.

* ignore.d.server/dovecot:
  - ignore disconnection due to IDLE.
  - ignore connection message to db by auth-worker; thanks to Guillaume
    Rischard.

* ignore.d.server/gnu-imap4d:
  - first set of rules to ignore basic messages.

* debconf translation updates:
  - Portuguese by Pedro Ribeiro (closes: #410734).

9. By madduck on 2006-11-17

* medium urgency to increase the chance of making etch as per agreement with
  Steve Langasek, release manager. Rationale: arch-indep and only new
  regexps in this version.

* violations.d/kernel: added to elevate messages about media errors.
* violations.ignore.d/kernel: ignore some non-critical messages by device
  drivers, such as USB stuff.
* violations.ignore.d/kernel: ignore if AGP fails to initialise on Matrox
  cards.
* ignore.d.server/kernel: ignore message about device-mapper loading.
* ignore.d.server/kernel: ignore startup banners by tun/tap driver.
* ignore.d.server/kernel: ignore startup configuration printout by sk98lin.
* ignore.d.server/kernel: ignore startup banner by skge driver.
* ignore.d.server/kernel: ignore startup messages by ipmi driver.
* ignore.d.server/kernel: ignore iptables bandwidth messages generated by
  webmin bandwidth module/shorewall (closes: #397580).
* ignore.d.server/kernel: remove filter for iptables log messages for UDP
  packets, which aren't generated by default.
* ignore.d.server/kernel: ignore message about missing disc in drive.
* ignore.d.workstation/kernel: ignore messages related to pmount and USB
  hotplugged storage devices.
* ignore.d.workstation/kernel: ignore intel8x0 (soundcard) initialisation
  messages.
* ignore.d.workstation/kernel: ignore more messages related to USB hotplug.
* ignore.d.workstation/kernel: ignore message about DRM loading and
  initializing.
* ignore.d.{workstation,server}/kernel: moved several messages to server
  class as they also apply to servers.

* violations.ignore.d/logcheck-su: ignore redundant message about
  authentication failure, which provides no additional information.

* violations.ignore.d/logcheck-cron-apt: ignore redundant summary error
  message about index files that failed to download.

* ignore.d.server/logcheck: ignore pam_unix opened and closed sessions with
  empty progname (gconf mainly).

* ignore.d.server/pdns: added more filters to silence recent versions of
  pdns (except for startup/shutdown).
* ignore.d.server/pdns: also hide IPv6-related messages and messages related
  to syncing of new slave zones.

* ignore.d.server/anacron: also ignore messages with exit status.

* violations.ignore.d/logcheck-ssh: ignore authentication error messages by
  pam_unix: if there's no user name, the attempt is pathetically harmless
  anyway; if there's a username, sshd logs another message with more
  information.
* ignore.d.server/ssh: ignore listening notices for all ports, not just 22.

* ignore.d.server/ppp: filtering messages about connections to pppd.

* violations.ignore.d/logcheck-bluez-utils: ignore non-critical failure
  messages about connections that failed.
* ignore.d.server/bluez-utils: added to filter dund connection messages.
* ignore.d.workstation/bluez-utils: add filters to ignore device connection
  and disconnection, as well as startup/shutdown.

* violations.ignore.d/postfix: ignore unsupported SSL cert purpose.
* violations.ignore.d/postfix: ignore messages related to amavisd-new
  banning attachments.
* ignore.d.server/postfix: filtering message when smtp client is greylisted.
* ignore.d.server/postfix: ignore redundant message about reload by
  postfix-script as master also logs.
* ignore.d.server/postfix: ignore errors about virtual users not found.
* ignore.d.server/postfix, violations.ignore.d: ignoring more messages about
  rejects the admin does not care about;
  thanks to Russ Allbery (closes: #397097).
* */*postfix: also ignore [-_$] in local part of message-id; thanks to
  Alexander Gerasiov (closes: #398163).
* ignore.d.server/postfix: ignore messages about changed hash tables.
* ignore.d.server/postfix: ignore summary messages when postsuper deleted
  queue entries.

* ignore.d.{workstation,server}/mldonkey: moved to server category and added
  some additional rules for informational status messages.

* ignore.d.server/dhclient: filtering send_packet messages which are purely
  informational or redundant without any extra info.
* ignore.d.server/dhcp: updated for latest BOOTP messages.
* ignore.d.server/dhcp: fixed to filter requests for unknown leases.

* ignore.d.server/hplip: added to filter information messages from
  hpiod/hpijs/hpssd.

* ignore.d.server/xinetd: ignore messages about conf files read and services
  removed, as well as startup banner.

* ignore.d.server/saned: ignore most messages.

* ignore.d.server/squid: ignore messages resulting from clients firing
  unsupported request methods at the server, which may happen in situations
  where transparent proxying is in use. GNUTELLA is one offendant.
* ignore.d.server/squid: ignore some messages generated by squid 2.6 in
  transparent mode.
* ignore.d.server/squid: ignore messages about closed client connections due
  to lifetime timeout.

* ignore.d.server/proftpd: support IPv6 addresses with UseReverseDNS off;
  thanks to Gregor Hermens (closes: 397466).
* ignore.d.server/proftpd: ignore messages by new version of proftpd about
  aborted transfers and chrooting to the root directory.
* ignore.d.server/proftpd: ignore message about failure to bind to IPv6
  sockets if protocol is not available, as IPv6 cannot be turned off it
  seems (see http://bugs.proftpd.org/show_bug.cgi?id=2817).

* ignore.d.server/amandad: ignore messages with resolved hostnames instead
  of IPs; thanks to Jan Evert van Grootheest (closes: #396407).

* ignore.d.server/courier: cleanup to match some more messages reported by
  Enrique Garcia (closes: #395265).

* [TODO] ignore.d.server/dovecot: cleanup of dovecot filters to match some
  more operational messages reported by Stefan Schlesinger (closesNOTYET:
  #396760).

* ignore.d.server/smartd, violations.d/smartd: ignore messages about
  temperature changes except those that report reaching new maximum values;
  escalate those reporting the reaching of critical limits to security
  events.

* ignore.d.server/ntp: ignore debug messages from signal_no_reset.
* ignore.d.server/ntp: ignore messages about which port ntpd bound to.

* ignore.d.server/maradns: added initial set of filters for maradns.

* ignore.d.server/cpufreqd: added filters for startup messages about
  unconfigured/missing plugins.

* Added README.backports.
* Now recommends logcheck-database of at least the current verson (>=
  instead of =).

8. By madduck on 2006-11-02

* chgrp the entire /etc/logcheck tree to group logcheck if it exists during
  logcheck-database's configuration (closes: #391665).
* ignore.d.server/cron-apt: also ignore Get messages with dots in the
  component name (local repos).
* ignore.d.server/postfix, violations.ignore.d/logcheck-postfix: ignore
  redundant messages about missing maildirs (closes: #354821).
* ignore.d.server/ppp: ignore messages about modem hangups due to remote
  connection drops. You're not going to see these anyway if pppd does your
  connection, and there will be plenty other messages alerting you to the
  lack of connectivity.
* ignore.d.server/dhcp: ignore message about leased addresses which respond
  to ping requests.
* ignore.d.workstation/mldonkey: added file to ignore pretty much
  everything.

7. By madduck on 2006-07-09

* ignore.d.server/ssh: fixed regression related to "Did not receive
  identification string" warning. Sorry about that (closes: #377276).
* ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: extended the regexp
  matching usernames to anything non-whitespace in filters about nonexistent
  users -- today someone tried to log in as '!@#$%^&*()_+' here!
* ignore.d.server/pdns: ignoring warnings about overly large packets, or
  packates otherwise of the wrong size.
* ignore.d.server/cron-apt: fixing rules wrt sarge and cleaning up.
* ignore.d.server/dovecot: fixing filter for dovecot 1.0 logins by removing
  the space at the end of the line. Gargh!
* We're now maintaining logcheck in SVN. See README.Debian file (which also
  received other minor updates).

6. By Todd Troxell on 2006-07-06

[ Todd Troxell ]
* Increment version

[ Jamie Penman-Smithson ]
* ignore.d.server/smartd: Add rule to match normal temperature changes.
* violations.ignore.d/logcheck-sudo: Ignore invocation of sudoedit too.
  Thanks to Jan Braun <email address hidden>. (Closes: #360120)
* ignore.d.server/dhcp: Match new DHCP log format with IPv6 addresses.
  (Closes: #369603)
* violations.ignore.d/logcheck-ssh: Match new log format in openssh
  4.3. (Closes: #369497)
* ignore.d.server/oidentd: Match IPv6 addresses too. Thanks to
  Elmar Hoffmann <email address hidden> for the patch. (Closes: #369294)
* ignore.d.server/oidentd: Remove superfluous rule for connections from
  localhost.
* ignore.d.server/pdns: Ignore 'Refreshed n records' messages.
  (Closes: #369263)
* ignore.d.server/smartd: Minor change to rule for "Temperature changed"
  messages.
* ignore.d.server/xinetd: Add the first rules for xinetd.
* ignore.d.server/smartd: Merge two rules for self-test messages into one.
  (Closes: #368878)
* ignore.d.server/saslauthd: Add rule to suppress 'client step' messages.
  (Closes: #368652)
* violations.ignore.d/logcheck-postfix: Update rules for postgrey.
  (Closes: #368318)
* violations.ignore.d/logcheck-postfix: Add rule to suppress smtpd '554
  Access denied' messages. (Closes: #368313)
* ignore.d.server/postfix: Fix rule to really match 'read timeout' messages.
  (Closes: #367781)
* ignore.d.server/spamd: Merge in rules from the spamassassin package.
  (Closes: #366364)
* Minor changes to usage summary and explanation of FQDN option.
  (Closes: #365565)
* ignore.d.server/dkfilter: Minor fix to rules for dkfilter.out.
  Match 'wrong sender domain' messages from dkfilter.out.
* ignore.d.workstation/anacron: Move to ignore.d.server. (Closes: #368900)

[ maximilian attems ]
* ignore.d.server/dovecot: Add rule for aborted logins.
* ignore.d.workstation/kdm: Ignore kdm-greeter logline.
* ignore.d.server/nagios: Improve existing rules, add newer for service
  flapping and ping logging.
* ignore.d.server/sympa: Add impressive ruleset on common ml operations.
* ignore.d.server/stunnel: New rules.
* ignore.d.server/squid: Add 2 rules for cachemgr.
* ignore.d.server/rsync: Add 2 rules for common rsyncd failures.
* ignore.d.server/rsnapshot: Add 2 rules for casual rsnapshort warnings.
* ignore.d.server/proftpd: Add 3 rules about usual ftpd operations.
* ignore.d.server/ntp: Ignore to many recvbufs.
  Thanks to all the above rules to Peter Palfrader <email address hidden>.
* ignore.d.workstation/kernel: Add rules to reduce noise on swsusp.
* debian/logcheck.postinst: Remove old check against woody version
  removing /var/cache/logcheck.
* debian/logcheck-database.preinst, debian/logcheck-database.postinst:
  Remove checks against old woody symlinkfarm.
* debian/logtail.preinst: Remove old dpkg-divert handling.
* debian/control: Remove useless versioned depends on debianutils and
  po-debconf. Versions are satisfied on Sarge.
* debian/control: Conform to policy 3.7.2 without changes.
* ignore.d.server/dhcp: Properly escape dots.

[ Gerfried Fuchs ]
* debian/control: move debhelper dependency to Build-Depends due to policy
  requirements.

[ martin f. krafft ]
* ignore.d.server/cron: added rules to ignore begin/end of crontab
  edits (closes: #356681).
* ignore.d.server/cron: added crontab-specific lines from
  ignore.d.workstation/cron (and removed them there).
* ignore.d.*/cron-apt: moved cron-apt rules from workstation to server.
* ignore.d.server/dhclient: even 3.0 sleeps when no lease in persistent
  database.
* ignore.d.workstation/dovecot: Added/updated dovecot 1.0 rules.
* ignore.d.server/kernel: added rules to ignore martian, ll header, and
  icmpv6_send warnings.
* ignore.d.server/pdns: added many rules for standard pdns operational
  messages.
* violations.ignore.d/logcheck-pdns: ignore denied AXFR requests.
* ignore.d.server/postfix: ignoring cleanup header_checks REPLACE messages
  (closes: #376489).
* ignore.d.server/postfix: extending rule for "too many errors" to cover all
  SMTP commands (closes: #376472).
* ignore.d.server/postfix: ignoring dNSNames complaints (closes: #376469,
  and parts of 369487).
* ignore.d.server/postfix: ignoring bounce message about sender non-delivery
  notification.
* violations.ignore.d/logcheck-postfix: ignore invalid SASL logins, PAM
  will complain with more details (closes: #369487).
* violations.ignore.d/logcheck-postfix: ignore HELO access check rejections
  (closes: #376968).
* ignore.d.[ws]*/ppp: adding/updating rules to ignore informational
  messages.
* ignore.d.server/proftpd: adding ANON command to successful login rule and
  noticing that the other rule of the bug has already been fixed
  (closes: #372541).
* ignore.d.server/proftpd: ignoring logins with unknown users.
* ignore.d.workstation/proftpd: ignore reaching maximum number of login
  attempts.
* ignore.d.server/smartd: don't be so selective about temperature filtering
  (closes: #355085).
* ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: ignore usage
  and prefailure attribute changes given that smartd will send separate mail
  when things go bad anyway.
* ignore.d.server/spamd: fixing several of the spamd rules wrt email
  addresses, and added new rules for newer spamd versions.
* ignore.d.[ws]*/squid: moved messages about server stop/start/reconfigure
  to workstation, and those about unchanged cache dir sizes to server.
* ignore.d.*/squid: folded in some filters for operational messages and
  updated squidGuard spawn message to include all eventHelper messages.
* ignore.d.server/ssh: ignore messages about missing shadow information
  for NOUSER (when there was a NULL user passed in the SSH protocol).
* ignore.d.server/ssh: make sure that we never get bothered by scans again
  (closes: #376461, #354820, #376474).
* ignore.d.server/ssh: ignore SSH disconnects (closes: #376464).
* ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: ignore login
  attempts for nonexistent accounts (closes: #376462).
* src/logcheck: if called as root, now echoes the options back to the user
  for easier cut-n-paste.
* debian/control: recommend logcheck-database instead of depending on it
  (closes: #376739).

5. By Scott James Remnant (Canonical) on 2006-04-20

Create /var/lock/logcheck if necessary; we can do this in the main
code because /var/lock is +t.

4. By Todd Troxell on 2005-10-22

[ maximilian attems ]
* Add dccproc timeout rule.
* Only source the conffile if we can read it. Should enable logcheck runs
  directly out of the logcheck source.
* Default to send mail to local root otherwise messages go to Nirvana.
* Check if conffile with list of logfiles is readable.
* Fallback to read syslog if no logfile is provided.
* Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751)
* Add rule for recent nfs mountd messages.
  Thanks to toby cabot <email address hidden>. (Closes: #325800)
* Move imap file to server level, not appropriate for paranoid.
* Add imap ignore rule for moved bytes, seems pretty normal imap usage.
  Thanks to toby cabot <email address hidden>. (Closes: #325801)
* Add rule for Postponed keyboard-interactive ssh logins.
* Update some usb rules for usb-storage and phone devices. (Closes: #324347)
* Update horde3 rules the identifier can be changed by the user to any char.
  Thanks to Martin Lohmeier <email address hidden> (Closes: #324613)
* Add imp4 rule for successful logins. Thanks to
  Martin Lohmeier <email address hidden> (Closes: #324615)
* Bumped standards to 3.6.2.
* Fix exim4 rule for more modern tls string.
* logcheck.8 fix add full path to README.logcheck-database.gz.
  (Closes: #328632)

[ Jamie Penman-Smithson ]
* Add the first rules for mon. Thanks to Robbert Muller <email address hidden>.
  (Closes: #324451)
* Modify dovecot rules to match ipv6 addresses too. (Closes: #327088)
* Add first polypaudio rules in workstation to suppress module-alsa-sink.c
  messages. (Closes: #331282)
* Add first rules for tftpd, suppress 'connect' and 'get file' messages.
  (Closes: #333456)
* Fix dovecot rules to match the new format log messages in 1.0.
  (Closes: #332707, #333461)
* Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann
  <email address hidden> (Closes: #332807)
* Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar
  Hoffmann <email address hidden> (Closes: #333233)
* Update nagios rules to match host UNREACHABLE notification messages.
  (Closes: #325874)
* Add the first rules for popa3d. (Closes: #328251)
* Fix group permissions for /var/lock/logcheck on install or upgrade so
  logcheck can be executed by the logcheck group. (Closes: #330208)
* Add Swedish translation, thanks to Daniel Nylander <email address hidden>.
  (Closes: #334415)
* Fix anvil max rate rule to match statistics messages when postfix is bound
  to a specific IP. (Closes: #334342)
* Modify spamd rules to match log message format in 3.1. (Closes: #335021)

[ Todd Troxell ]
* Add check for lockfile-progs to aid non-debian installations.
* Set logcheck to remove cleanup trap if an error occours while getting
  lockfile. This will prevent many confusing error messages.
* Add error reporting on -o option
* Add IPv6 support to bind rules. Thanks Marco Nenciarin
  <email address hidden> (Closes: #327100)
* Add IPV6 support to postfix rules. Thanks Marco Nenciarin
  <email address hidden> (Closes: #327114)
* Add INSTALL documentation for manual/non-Debian installation.
* Add 5 receive rules for hylafax's FaxGetty.
* Call adduser without --home flag in postinst. (Closes: #312393)