lp:ubuntu/intrepid-proposed/logcheck

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

17. By Martin Pitt on 2008-11-17

rulefiles/linux/ignore.d.server/smbd_audit: Fix unescaped "|" which caused
logcheck to ignore all logs in "server" or "workstation" configs. Fix
backported from 1.2.67. (LP: #297771)

16. By madduck on 2008-06-26

* Re-added mailx as dependency, which is a virtual package. Lintian
  misguided me. Sorry (closes: #488102).
* Upgrade to Standards-Version 3.8.0, which requires no other changes.

15. By madduck on 2008-06-24

* violations.ignore.d/logcheck-postfix:
  - fixed filters for certificate messages that changed in postfix 2.5.
* ignore.d.server/postfix:
  - ignore connection messages for anonymous TLS connections; thanks to
    Justin Larue (closes: #486440).
  - ignore hostname verification due to DNS name not found; thanks to
    Justin Larue (closes: #486440).
  - do not report connection failures due to timeouts.
* ignore.d.server/maradns:
  - ignore messages related to resolvconf integration.
* ignore.d.server/dovecot:
  - ignore aborted logins with 0 authentication attempts, e.g. due to
    nagios; thanks to René Hertell (closes: #487208).
* ignore.d.server/cron-apt:
  - ignore harmless messages about state and space usage prediction; thanks
    to Daniel Hahler (closes: #484546).
* ignore.d.server/spamd:
  - ignore child state K; thanks to Ross Boylan (closes: #484328).
* ignore.d.server/ssh:
  - ignore host-based auth logins; thanks to Tilman Koschnick
    (closes: #483214)
* ignore.d.server/imapproxy:
  - ignore failures to read from client socket (closes: #482523).
* ignore.d.server/courier:
  - update rules to include port information; thanks to Antoine Pardignon
    (closes: #446310).
  - ignore couriertcpd messages; thanks to Andrew Gallagher
    (closes: #451118).
* ignore.d.server/smbd_audit:
  - ignore smbd audit log entries (closes: #452879).
* ignore.d.server/acpid:
  - follow recent modifications in acpid log output; thanks to Arno Renevier
    (closes: #450660).
* ignore.d.server/otrs:
  - ignore OTRS CGI notices (closes: #450697).
* ignore.d.server/openvpn:
  - ignore messages about dropped packets due to bad source addresses (out
    of connection messages).
  - ignore messages about packets with wrong encapsulated lengths, which are
    mostly portscanners, or hosts connecting to openvpn on ports like 443.
* ignore.d.server/schroot:
  - ignore operational schroot messages for logins and running commands.
* ignore.d.server/dhcp:
  - ignore DHCPACKs that have no hardware address (Windows).
* fix wording in header.txt (closes: #472937).
* change obsolete mailx dependency to bsd-mailx.

14. By maximilian attems on 2008-06-04

[ martin f. krafft ]
* Fix spelling error in configuration file; thanks to Frans "I am bored"
  Pop (closes: #445537).

* Remove version from cron dependency to allow e.g. bcron-run to satisfy the
  requirement.
* Clean up accidental duplication in Makefile; hardcoded /usr/sbin is now
  $(BINDIR) (Ed Santiago)

* ignore.d.server/postfix:
  - ignore Postfix bad address syntax errors from postfix/error
    (closes: #464896) (Russ Allbery)
  - ignore additional "(0 bytes)" on lost connnections (closes: #470102)
    (Russ Allbery)

* ignore.d.server/spamd
  - deal with socket connections by e.g. evolution (closes: #448510, #473619).

* ignore.d.workstation/kernel
  - also ignore loading of R300 microcode (closes: #474606).

* ignore.d.server/spamd
  - fix spamd processing message pattern when msgid is unknown; thanks to
    Michal Čihař for the patch (closes: #471936).

* ignore.d.server/bind
  - Fix up rules to match when views are in use; thanks Shawn Heisey
    (closes: #477932).

* ignore.d.server/dkim-filter
  - ignore warnings about bad signature data; thanks to Clint Adams
    (closes: #478334).

* Set permissions on /var/lib/logcheck to 0770 to prevent disclosure of
  information (see #481347).

* If nail is not installed and MAILASATTACH is set, fall back to regular
  method (closes: #479278).

[ maximilian attems ]
* Clean up linux/violations.d/logcheck, all the "Attack" rules look
  pretty much dubious. Nobody should serisouly run rshd or rlogind.
* control: s/XS-Vcs/Vcs/ git lines are official.
* Add myself to Uploaders.
* debian/rules, debian/logcheck-database.linda-overrides: Nuke old
  dup overrides, lintian rules.

[ Frédéric Brière ]
* ignore.d.server/bind:
  - moved "[bind] query $FOO denied" rule to violations.ignore.d
    (closes: #443881).
  - added bind's "AXFR ended" rule alongside "AXFR started"
    (closes: #445046).
  - added "adding an RR"/"deleting rrset" bind rules for dynamic DNS.
  - added "connection reset" rule for bind.
  - added "journal file does not exist" rule for bind.

* ignore.d.server/sasl2-bin:
  - added DB_NOTFOUND and "user not found" rules for sasl2-bin.

* ignore.d.workstation/kernel:
  - ignore bttv PLL messages
  - ignore (un)register messages from zaurus module (closes: #444096).

* ignore.d.server/ddclient:
  - added two basic rules for ddclient (closes: #444097).

* ignore.d.server/telnetd:
  - added basic rules for telnetd (closes: #444100).

* ignore.d.server/ssh:
  - ignore "Nasty PTR record" messages from openssh (closes: #445074).

* violations.ignore.d/logcheck-ssh:
  - adjused ssh "Failed password" rule to allow omitting "illegal/invalid
    user" (closes: #445072).
  - updated ssh "reverse mapping" rule to include IP address
    (closes: #445073).

* ignore.d.server/tftpd:
  - added tftpd "serving file from ..." rule (closes: #445069).

* ignore.d.server/dspam:
  - corrected illegal regex in ignore.d.server/dspam.

* violations.ignore.d/logcheck-sudo:
  - ignore PAM session messages triggered by sudo.

* ignore.d.server/postfix:
  - Postfix considers that "-" can be part of a numeric hostname.

* violations.ignore.d/logcheck-postfix:
  - allow any error message following "SASL authentication failure" in
    postfix.

* ignore.d.server/libpam-mount:
  - added libpam-mount rule "realpath of volume $FOO is $BAR".

* ignore.d.server/proftpd:
  - adapted rules for SystemLog syntax.
  - added "FTP login|session timed out" rule.
  - added "Incorrect password" proftpd rule.
  - adjusted proftpd rules to catch unresolved IPv6 hosts.
  - added "@" to proftpd "no such user" rules, to catch <email address hidden>.
  - adjusted proftpd "Data connection closed" rule to allow arbitrary
    usernames.

* ignore.d.server/openvpn:
  - added "Re-using pre-shared static key" openvpn rule.
  - re-enabled :port portion of "UDPv4 link" openvpn rule.

* ignore.d.workstation/bluetooth-alsa
  - adding rules for headsetd (bluetooth-alsa).

* ignore.d.server/dhcp
  - Adding dhcp rules for DNS updates by ddns_remove_a()
    (closes: #459875, #472368)
  - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE.

[ Gerfried Fuchs ]
* Bumped Standards-Version to 3.7.3, no further changes required anymore.
* Added Homepage source control field.
* debian/logtail.NEWS: Fix date format in trailer lines.
* Updated my email address in debian/control and debian/copyright.

13. By madduck on 2007-09-30

Conflict with amavisd-new (<< 1:2.5.2-1), since amavisd-new now maintains
its own filters. Thus, remove them from this package.

12. By madduck on 2007-09-04

* Provide $TMP and allow the administrator to specify an alternate location
  to store temporary files; thanks to Micah Anderson for the patch
  (closes: #412201).

* ignore.d.server/logcheck:
  - Apply filter rules for new PAM log format; thanks to Aaron M. Ucko
    (closes: #440123).

* ignore.d.server/rsync:
  - Ignore runtime rsyncd messages; patch by Justin Pryzby (closes: #440181)

* violations.ignore.d/logcheck-postfix:
  - ignore temporary DNS lookup failures when checking for sender MX.
  - also ignore defer notices smtp gets after the DATA command.
  - ignore some rejections when $smtpd_delay_reject=no is set; thanks to
    Justin Pryzby (closes: #425642, #426736).

* ignore.d.server/postfix:
  - ignore TLS library receiving SSLv3 alert 10, since it's just a broken
    client connecting.
  - ignore when libc6 warns about in-addr.arpa request being answered with
    a CNAME, which is not correct, but people do it and it works regardless.
  - ignore when smtpd tells us its discarding EHLO keywords
    ($smtpd_discard_ehlo_keyword*).
  - ignore SASL authentication failures due to empty passwords.
  - ignore AV system overload warnings by milter-reject.

* ignore.d.server/spamd, violations.ignore.d/logcheck-spamd:
  - ignore spamcop failure and success messages.
  - do not ignore child state K, which indicates kill and might be
    a problem; thanks Frans Pop (closes: #436439).
  - update check result rule in violations.ignore.d.

* ignore.d.server/pdns:
  - ignore messages about invalid packet sizes received from other machines.
  - ignore launch message after TCP nameserver was cycled.

* ignore.d.server/hylafax:
  - ignore MODEM messages by FaxQueuer; thanks Remi Letot (closes: #425035).

* ignore.d.server/bind
  - ignore view queries; thanks Justin Pryzby (closes: #428629).

11. By madduck on 2007-05-05

* Thanks to Eric Evans and Russ Allbery for their contributions.

* ignore.d.server/dovecot:
  - ignore additional, non-conventional comment to msgid on deliver message.

* ignore.d.server/openvpn:
  - ignore messages related to tls-verify script.
  - hide informational messages related to UDP.
  - allow free-form tun names.
  - handle multiple routes.
  - ignore stuff related to tls-auth
  - ignore ping-restart process respawn.

* ignore.d.server/postfix:
  - updated an anvil stats pattern to match the submission service name in
    addition to port 587, (closes: #418449). Thanks Michael Shuler.
  - ignore more timeout and connection refused messages (closes: #404852).
  - allow more logging information in connection failure messages.
  - allow any message ID for cleanup; there are too many possibilities.
  - make the DSN optional in remote accept messages.
  - ignore numeric hostname and DNS lookup failures.
  - ignore invalid octet count errors from trivial-rewrite.
  - Postfix 2.4.0 now logs as error some of the deferral messages
    formerly logged as qmgr.
  - Fix typo in "while performing the HELO handshake" message.
  - ignore all warnings about malformed domain names in resource data of
    MX/CNAME records.
  - ignore warnings about numeric hostnames by valid_hostname.
  - ignore notice about generated sender delivery status notification.
  - filter certificate warnings for smtp and smtpd.
  - ignore warnings about timed out conversations.
  - filter out qmgr undeliverable warnings.
  - do not hardcode column names for mysql query; thanks Andreas Beckmann.

* violations.ignore.d/logcheck-postfix:
  - smtpd_peer_init is optional before DNS failure messages.
  - allow conn_use information in smtp failure messages.
  - add another variation on remote message acceptance.
  - allow more message IDs in cleanup log messages.
  - Ignore qmgr message expiration messages.

* violations.ignore.d/logcheck-ssh:
  - ignore host/address mismatch messages from TCP wrappers.

* ignore.d.server/ssh:
  - also ignore backslashes in invalid/illegal user names.

* ignore.d.server/thttpd:
  - ignore stats messages.

* ignore.d.server/spamd:
  - ignore checking notice when there is no message-id ("unknown"); thanks
    Fabian Fagerholm (closes: #421913).

* ignore.d.server/teapop:
  - ignore messages by POP3 server; thanks to Stephan Windmüller
    (closes: #421768)

* ignore.d.server/snort:
  - ignore empty log lines; thanks to Johan Walles (closes: #413262).

* ignore.d.*/kernel, violations.ignore.d/logcheck-kernel:
  - allow kernel timestamps (CONFIG_PRINTK_TIME); thanks to Samuel Thibault
    (closes: #416971).

* Updated pt_BR debconf translation; thanks to Andr�� Lu��s Lopes
  (closes: #421525).

10. By madduck on 2007-02-28

* Actually install README.backports.gz to /usr/share/doc/logcheck
  (closes: #411021).

* Make sure the logcheck group actually exists. Thanks, Jordi.

* violations.ignore.d/logcheck-passwd:
  - ignore PAM warnings on authentication failures.

* violations.ignore.d/logcheck-saslauthd:\
  - ignore PAM warnings on authentication failures.

* ignore.d.server/saned:
  - ignore some more error messages.

* ignore.d.server/hplip:
  - ignore some more error messages.

* violations.d/logcheck:
  - elevate messages matching /violations/i.

* violations.ignore.d/logcheck-proftpd:
  - ignore warning about attempted root logins.

* ignore.d.server/ssh:
  - ignore @ in names of nonexistent accounts.

* ignore.d.server/kernel:
  - ignore more initialisation messages from SCSI subsystem.

* ignore.d.workstation/kernel:
  - ignore keyboard connection messages.

* violations.ignore.d/logcheck-postfix:
  - ignore sender verification rejects after MAIL (in case they are not
    delayed).
  - ignore RBL rejects after successful reverse DNS resolution.
  - allow extra information after message-id.
  - ignore certificate verification failures due to invalid CA certs.
  - ignore reject due to sender address verification against virtual table.

* ignore.d.server/postfix:
  - more policyd-weight rules by Armin Berres (closes: #410416).
  - ignore messages related to RBL DNS lookup errors.
  - ignore messages on successful delivery to Sendmail.
  - improve filters for messages relating to deferred mail.

* ignore.d.server/spamd:
  - ignore init messages with scores in SQL (closes: #411111).

* ignore.d.server/mldonkey-server:
  - ignore BER decode errors.

* ignore.d.server/dovecot:
  - ignore disconnection due to IDLE.
  - ignore connection message to db by auth-worker; thanks to Guillaume
    Rischard.

* ignore.d.server/gnu-imap4d:
  - first set of rules to ignore basic messages.

* debconf translation updates:
  - Portuguese by Pedro Ribeiro (closes: #410734).

9. By madduck on 2006-11-17

* medium urgency to increase the chance of making etch as per agreement with
  Steve Langasek, release manager. Rationale: arch-indep and only new
  regexps in this version.

* violations.d/kernel: added to elevate messages about media errors.
* violations.ignore.d/kernel: ignore some non-critical messages by device
  drivers, such as USB stuff.
* violations.ignore.d/kernel: ignore if AGP fails to initialise on Matrox
  cards.
* ignore.d.server/kernel: ignore message about device-mapper loading.
* ignore.d.server/kernel: ignore startup banners by tun/tap driver.
* ignore.d.server/kernel: ignore startup configuration printout by sk98lin.
* ignore.d.server/kernel: ignore startup banner by skge driver.
* ignore.d.server/kernel: ignore startup messages by ipmi driver.
* ignore.d.server/kernel: ignore iptables bandwidth messages generated by
  webmin bandwidth module/shorewall (closes: #397580).
* ignore.d.server/kernel: remove filter for iptables log messages for UDP
  packets, which aren't generated by default.
* ignore.d.server/kernel: ignore message about missing disc in drive.
* ignore.d.workstation/kernel: ignore messages related to pmount and USB
  hotplugged storage devices.
* ignore.d.workstation/kernel: ignore intel8x0 (soundcard) initialisation
  messages.
* ignore.d.workstation/kernel: ignore more messages related to USB hotplug.
* ignore.d.workstation/kernel: ignore message about DRM loading and
  initializing.
* ignore.d.{workstation,server}/kernel: moved several messages to server
  class as they also apply to servers.

* violations.ignore.d/logcheck-su: ignore redundant message about
  authentication failure, which provides no additional information.

* violations.ignore.d/logcheck-cron-apt: ignore redundant summary error
  message about index files that failed to download.

* ignore.d.server/logcheck: ignore pam_unix opened and closed sessions with
  empty progname (gconf mainly).

* ignore.d.server/pdns: added more filters to silence recent versions of
  pdns (except for startup/shutdown).
* ignore.d.server/pdns: also hide IPv6-related messages and messages related
  to syncing of new slave zones.

* ignore.d.server/anacron: also ignore messages with exit status.

* violations.ignore.d/logcheck-ssh: ignore authentication error messages by
  pam_unix: if there's no user name, the attempt is pathetically harmless
  anyway; if there's a username, sshd logs another message with more
  information.
* ignore.d.server/ssh: ignore listening notices for all ports, not just 22.

* ignore.d.server/ppp: filtering messages about connections to pppd.

* violations.ignore.d/logcheck-bluez-utils: ignore non-critical failure
  messages about connections that failed.
* ignore.d.server/bluez-utils: added to filter dund connection messages.
* ignore.d.workstation/bluez-utils: add filters to ignore device connection
  and disconnection, as well as startup/shutdown.

* violations.ignore.d/postfix: ignore unsupported SSL cert purpose.
* violations.ignore.d/postfix: ignore messages related to amavisd-new
  banning attachments.
* ignore.d.server/postfix: filtering message when smtp client is greylisted.
* ignore.d.server/postfix: ignore redundant message about reload by
  postfix-script as master also logs.
* ignore.d.server/postfix: ignore errors about virtual users not found.
* ignore.d.server/postfix, violations.ignore.d: ignoring more messages about
  rejects the admin does not care about;
  thanks to Russ Allbery (closes: #397097).
* */*postfix: also ignore [-_$] in local part of message-id; thanks to
  Alexander Gerasiov (closes: #398163).
* ignore.d.server/postfix: ignore messages about changed hash tables.
* ignore.d.server/postfix: ignore summary messages when postsuper deleted
  queue entries.

* ignore.d.{workstation,server}/mldonkey: moved to server category and added
  some additional rules for informational status messages.

* ignore.d.server/dhclient: filtering send_packet messages which are purely
  informational or redundant without any extra info.
* ignore.d.server/dhcp: updated for latest BOOTP messages.
* ignore.d.server/dhcp: fixed to filter requests for unknown leases.

* ignore.d.server/hplip: added to filter information messages from
  hpiod/hpijs/hpssd.

* ignore.d.server/xinetd: ignore messages about conf files read and services
  removed, as well as startup banner.

* ignore.d.server/saned: ignore most messages.

* ignore.d.server/squid: ignore messages resulting from clients firing
  unsupported request methods at the server, which may happen in situations
  where transparent proxying is in use. GNUTELLA is one offendant.
* ignore.d.server/squid: ignore some messages generated by squid 2.6 in
  transparent mode.
* ignore.d.server/squid: ignore messages about closed client connections due
  to lifetime timeout.

* ignore.d.server/proftpd: support IPv6 addresses with UseReverseDNS off;
  thanks to Gregor Hermens (closes: 397466).
* ignore.d.server/proftpd: ignore messages by new version of proftpd about
  aborted transfers and chrooting to the root directory.
* ignore.d.server/proftpd: ignore message about failure to bind to IPv6
  sockets if protocol is not available, as IPv6 cannot be turned off it
  seems (see http://bugs.proftpd.org/show_bug.cgi?id=2817).

* ignore.d.server/amandad: ignore messages with resolved hostnames instead
  of IPs; thanks to Jan Evert van Grootheest (closes: #396407).

* ignore.d.server/courier: cleanup to match some more messages reported by
  Enrique Garcia (closes: #395265).

* [TODO] ignore.d.server/dovecot: cleanup of dovecot filters to match some
  more operational messages reported by Stefan Schlesinger (closesNOTYET:
  #396760).

* ignore.d.server/smartd, violations.d/smartd: ignore messages about
  temperature changes except those that report reaching new maximum values;
  escalate those reporting the reaching of critical limits to security
  events.

* ignore.d.server/ntp: ignore debug messages from signal_no_reset.
* ignore.d.server/ntp: ignore messages about which port ntpd bound to.

* ignore.d.server/maradns: added initial set of filters for maradns.

* ignore.d.server/cpufreqd: added filters for startup messages about
  unconfigured/missing plugins.

* Added README.backports.
* Now recommends logcheck-database of at least the current verson (>=
  instead of =).

8. By madduck on 2006-11-02

* chgrp the entire /etc/logcheck tree to group logcheck if it exists during
  logcheck-database's configuration (closes: #391665).
* ignore.d.server/cron-apt: also ignore Get messages with dots in the
  component name (local repos).
* ignore.d.server/postfix, violations.ignore.d/logcheck-postfix: ignore
  redundant messages about missing maildirs (closes: #354821).
* ignore.d.server/ppp: ignore messages about modem hangups due to remote
  connection drops. You're not going to see these anyway if pppd does your
  connection, and there will be plenty other messages alerting you to the
  lack of connectivity.
* ignore.d.server/dhcp: ignore message about leased addresses which respond
  to ping requests.
* ignore.d.workstation/mldonkey: added file to ignore pretty much
  everything.