logcheck_1.3.4~bpo50+1_powerpc.changes is NEW
(new) logcheck-database_1.3.4~bpo50+1_all.deb optional admin
database of system log rules for the use of log checkers
This database is part of the Logcheck package, but might be used by others.
It brings a database of regular expressions for matching system log entries
after various criteria.
(new) logcheck_1.3.4~bpo50+1.dsc optional admin
(new) logcheck_1.3.4~bpo50+1.tar.gz optional admin
(new) logcheck_1.3.4~bpo50+1_all.deb optional admin
mails anomalies in the system logfiles to the administrator
Logcheck helps spot problems and security violations in your logfiles
automatically and will send the results to you in e-mail.
.
Logcheck was part of the Abacus Project of security tools, but this
version has been rewritten.
(new) logtail_1.3.4~bpo50+1_all.deb optional admin
Print log file lines that have not been read (deprecated)
This program will read in a standard text file and create an
offset marker when it reads the end. The offset marker is read
the next time logtail is run and the text file pointer is moved
to the offset location. This allows logtail to read in the next
lines of data following the marker. This is good for marking log
files for automatic log file checkers to monitor system events.
.
The package also provides logtail2, which better deals with rotated log
files: If logtail2 finds that the inode of the file was changed, it assumes
that the log has been rotated, and tries to find the file it was rotated to
using heuristic plugins. If it finds the file, it will print the remainder of
the file starting at the offset saved to the offset file. If a file with the
correct inode was not found, logtail2 will only print the new file in its
entirety before writing a new offset file.
Changes: logcheck (1.3.4~bpo50+1) lenny-backports; urgency=low
.
* Rebuild for lenny-backports.
.
logcheck (1.3.4) unstable; urgency=low
.
[ Hannes von Haugwitz ]
* ignore.d.workstation/ifplugd
- ignore link beat detection
* ignore.d.server/smartd
- added rule to match completed self-test
- added rules to match more self-test messages
* Added some rules for wpasupplicant (closes: #544084)
* ignore.d.server/su, violations.ignore.d/logcheck-su
- adjusted su rules to also match /dev/ prefix (closes: #551340)
* Added rule for apcupsd (closes: #535976)
.
[ Frédéric Brière ]
* Adjusted various kernel SCSI rules for removable media
* Added USB kernel rules for USB_ANNOUNCE_NEW_DEVICES
* Merged USB "new device" and "reset device" rules
* Ignore "UDP: bad checksum" and "UDP: short packet" kernel messages
* Corrected xdm pam_session rules (closes: #508335)
* Updated acpid "client has disconnected" rule
* Updated libpam-mount "realpath of X is Y" rule
* Added libpam-mount "Command successful" rule
* Adjusted ssh "Authentication failure" rule for "invalid user"
* Updated cron-apt "Fetched" rule to match new time formats
(closes: #531596)
* Updated cron-apt rules to match all possible sizes and lengths
* Replaced bashisms with POSIX equivalents (closes: #508546)
* Depend on rsyslog by default (closes: #526911)
* Dropped (now useless) ownership/permissions fixes on /var/lock/logcheck
* ignore.d.server/openvpn: (closes: #499323)
- match pathless ifconfig/route
- match '.' and '_' in interface names
- added "authentication succeeded' rule
* ignore.d.server/dhcp:
- interface names can have underscore in them (closes: #518422)
- merged "Wrote X to leases file" rules, and added new ones
(closes: #526116)
* ignore.d.server/scponly: (closes: #506333)
- added missing process name before PID
- added the exhaustive list of commands allowed by scponly
* Added rule for ext3 writeback data mode (closes: #542273)
* ignore.d.server/dovecot:
- replaced the (incomplete) method list with a wildcard (closes: #530591)
- added I/O stats at the end of "Logged out" (closes: #538696)
- added "discarded duplicate forward" and optional spacing to deliver
rule (closes: #510889)
* ignore.d.server/openvpn:
- recognize some more options for PUSH_REPLY (closes: #511353)
* ignore.d.server/postfix: (closes: #529367)
- allow optional port number after "setting up TLS connection"
- recognize "Trusted TLS connection established"
* ignore.d.server/postfix:
- allow <> as MAIL FROM in various messages
- removing wildcard "reject: (RCPT|MAIL)" rule
* ignore.d.server/innd:
- added "no_read"/"no_post" rule (closes: #533487)
* ignore.d.server/bind:
- added various connection failure resolver messages (closes: #536071)
* ignore.d.workstation/kernel:
- adjusted sd "hardware sectors" rule for 2.6.28 (closes: #542390)
- further adjusted that rule for 2.6.31-rc1
* logtail/logtail2 no longer ignore -o when called with only one argument
(closes: #453309)
* Deleting obsolete conffiles in logcheck-database.preinst
- ignore.d.server/lpr, replaced by lpr
- ignore.d.server/ntp, replaced by ntp
- ignore.d.server/sendmail, also in sendmail-base (closes: #542265)
- deleting all the conffiles dropped over the years (closes: #453519)
* Quote most variables and commands in logcheck
* Allow filenames with spaces in logcheck.logfiles (closes: #319169)
* ignore.d.server/smartd:
- Replaced hardcoded controller list with generic pattern (closes: #555828)
.
[ Gerfried Fuchs ]
* Upload to unstable.
* Bump to Standards-Version 3.8.3.
.
logcheck (1.3.3) unstable; urgency=low
.
Upload to unstable.
.
[ Hanspeter Kunz ]
* ignore.d.server/spamd:
- enhanced rule to ignore "Tell: Setting local Removing remote" messages
- enhanced rule to ignore bayes database locking failures
* ignore.d.server/dovecot
- merged the two rules on aborted logins (thereby matching more cases)
- ignore more authentication failure messages
- ignore even more authentication failure messages
- ignore ldap authentiation failure messages
* ignore.d.server/postfix
- ignore more undeliverable mail messages (unknown in virtual alias table)
* ignore.d.server/ssh
- ignore pam_unix(sshd:auth) user unknown messages
* Bumped debhelper compatibility level to 7
* Use dh_prep instead of dh_clean -k
* Specify licence as GPLv2 (instead of unversioned GPL)
* Fixed typo in logtail.NEWS
* Bumped Standards-Version to 3.8.2; no changes necessary
.
[ martin f. krafft ]
* Special-case lockfile error message in case logcheck is still running. Now
logcheck differentiates between another process still running and some
other problem with obtaining the lock.
* ignore.d.server/postfix:
- clean up "connect to" failure messages.
* Remove lock directory, which logcheck recreates at runtime.
.
logcheck (1.3.2) experimental; urgency=low
.
[ Gerfried Fuchs ]
* Remove amavisd-new conflict, the file name conflict is long gone.
* Remove unused-override entries (the complete logcheck-database file, in
fact)
* Fixed referenced detectrotate path in logtail2 manpage.
* Escape [ in kernel timestamp rules, noticed by Michael Tautschnig, thanks!
(closes: #498613)
* Apply patch from Jari Aalto for fixing package description paragraph
ordering by importence, thanks (closes: #499415)
* Supress cron session closed messages too, thanks to Ferenc Wagner for
noticing (closes: #499393)
* Match for sshd:session additional to ssh:session, noticed by Ferenc Wágner
(closes: #499561)
* ignore.d.server/nagios, violations.ignore.d/logcheck-nagios: also support
nagios3 as string in the log lines (closes: #514335).
.
[ martin f. krafft ]
* ignore.d.server/postfix:
- ignore milter rejection messages.
.
[ Hanspeter Kunz ]
* ignore.d.server/dovecot:
- deleted redudant rule for deliver
- enhanced deliver rule to allow pretty much anything as msgid
- allow missing ")" in deliver rule
- ignore managesieve logins and disconnects
* ignore.d.server/postfix:
- generalize rule for ETRN rejections (allow brackets)
- IPv6-ification of milter-discard rule
- added optional "orig_to" to one of "postfix/smtp status=sent" rules
where it was missing
- ignore another TLS library problem
(SSL3_READ_BYTES:reason(1000):s3_pkt.c:1057:SSL alert number 0)
- ignore "too many errors after DATA (0 bytes)"
.
logcheck (1.3.1) experimental; urgency=low
.
* Removed ignore.d.server/no-ip, which clashes with the no-ip package, which
has been superseeded anyway.
* ignore.d.server/openvpn:
- fix the regexps that added support for @ characters in the client CN
(see #493066).
* ignore.d.server/postfix:
- expect more IPv6 addresses in filters.
* ignore.d.server/ssh:
- ignore bad username warnings.
.
logcheck (1.3.0) experimental; urgency=low
.
* Formalise the dropping of violations.d/logcheck. Please see
/usr/share/doc/logcheck-database/NEWS.Debian.gz for more information
(closes: #471072).
.
* Remove most messages from cracking.d/logcheck and split up the remaining
ones into separate files.
.
* Add Auto-Submitted header to outgoing mails (closes: #489172).
.
* Thanks to Hanspeter Kunz for all his patches.
.
* ignore.d.server/dovecot:
- ignore connection closed messages.
- ignore auth failure messages whe ruser and rip are known.
- ignore forwards and to cope with missing >'s at the end of long msgids.
- ignore closed connection messages also when connection is reset by peer.
* ignore.d.server/postfix:
- fix most regexps to support IPv6 addresses.
- allow port 587 in regexps whereever port 25 is used.
- ignore messages about untrusted cert issuers that have any of &(), in
their name.
- ignore "NOQUEUE: milter-reject" messages.
- enhanced "TLS library problem" rule to also ignore "bad
certificate" errors.
- added rule to ignore "SSL23_GET_CLIENT_HELLO:unknown protocol"
messages.
- ignore new message format for lacking subject CN in peer cert.
- ignore getting too many errors after END-OF-MESSAGE, not only after four
letter SMTP commands.
- ignore milter-reject messages after RCPT which include the recipient.
- ignore multiple PIX workaround messages.
- ignore anvil connection rate statistics for unknown DNS hosts.
- ignore all data related to untrusted certificate issuers.
- ignore connection concurrency limit warnings for service submission too.
* ignore.d.server/ssh:
- ignore authentication failures with new PAM format.
* ignore.d.server/kernel:
- ignore unsupported function warnings from PnPBIOS
- ignore whitespace before timestamp in newer kernels (closes: #494740).
* ignore.d.server/no-ip:
- ignore message when IP was already set to the current IP.
* ignore.d.server/ntp:
- allow hyphen in interface names in listen messages.
* ignore.d.server/pdns:
- ignore parsing errors for packages of arbitrary size.
- ignore errors due to invalid qdomains causing servfails.
* ignore.d.server/ikiwiki:
- ignore error when "do" parameter has not been passed to CGI.
* ignore.d.server/openvpn:
- ignore messages about clients reconnecting and dropping previous active
connections.
- ignore restarts due to fatal TLS errors.
- ignore replay-window backtrack warnings.
- ignore connection reset messages with negative status (?) numbers.
- do not require TUN devices to be named tun-*.
- also ignore client CNs with @ (closes: #493066).
* ignore.d.server/proftpd:
- ignore when proftpd barfs all over syslog when a passive transfer
failed.
* ignore.d.server/spamd:
- expect shortcircuit status in scan messages; thanks to Marc Sherman
(closes: #474239).
* ignore.d.server/upsd:
- ignore client connection messages (closes: #495923).
.
* violations.d/su:
- match both, user-root and user:root styles (closes: #491694).
.
* Rulefiles are now installed with mode 644; the directories are still moe
700, so the files are not publicly readable (unless the admin hardlinks
them elsewhere).
Override entries for your package:
Announcing to backports-changes@lists.backports.org
Your package contains new components which requires manual editing of
the override file. It is ok otherwise, so please be patient. New
packages are usually added to the override file about once a week.
You may have gotten the distribution wrong. You'll get warnings above
if files already exist in other distributions.
t in other distributions.
Reply to: