logcheck (1.4.3) unstable; urgency=medium [ Andreas Beckmann ] * Add logcheck.preinst to update header.txt if it matches a version shipped in old debian releases (woody-jessie), this avoid dpkg complaining about a modified conffile for people who installed logcheck in jessie or earlier (Closes: #1039591). -- Mathias Gibbens Tue, 18 Jul 2023 10:54:10 +0000 logcheck (1.4.2) unstable; urgency=medium * More explicitly mention the default checking of the systemd journal (Closes: #1031786) * Apply multiarch hint for logtail package -- Mathias Gibbens Wed, 01 Mar 2023 22:49:39 +0000 logcheck (1.4.1) unstable; urgency=medium [ Mathias Gibbens ] * Convert d/copyright to a machine-readable format * Mark logcheck-database as Multi-Arch: foreign * Remove useless `check` target from Makefile * Add lintian overrides for debian-news-entry-has-unknown-version, since dh_installchangelogs now trims ancient entries * Don't install the root-level CHANGES file, as this confuses dh_installchangelogs into thinking that file is the package's changelog [ Richard Lewis ] * logcheck-database: - Update rules for: su, sudo (Closes: #1024673), and systemd (Closes: #988389, #808429), login * logcheck: - Enable checking of the systemd journal by default (Closes: #1025719) - Do not change permissions of files inside /etc/logcheck, only change the directory itself (and restore on purge) (Closes: #1025897) - Ensure reports are made if all ignore.d.* directories are empty - Improve output when '-d' option is given - Ensure version (as returned by 'logcheck -v') is always in sync with the package version - Fix shellcheck issues in the main logcheck script * logtail: remove d/logtail.prerm * Add autopkgtests (incorporating and replacing the previous test suite) and have them run on each commit to salsa.debian.org (Closes: #1025895) * Update or override lintian false-positives -- Mathias Gibbens Sat, 11 Feb 2023 16:04:40 +0000 logcheck (1.4.0) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster: - logcheck: Drop versioned constraint on logtail in Depends. - logtail: Drop versioned constraint on perl in Depends. - Remove 3 maintscript entries from 1 files. [ Hannes von Haugwitz ] * s/logcheck-test: add pipe support for --log-file [ Jose M Calhariz ] * d/control: Wrap around Depends field. * d/copyright: Update list of names and year. [ Mathias Gibbens ] * d/control: - Add myself to Uploaders - Bump Standards-Version to 4.6.2 (no changes needed) * d/copyright: Add myself * Update hardcoded (ugh!) version in src/logcheck [ Richard Lewis ] * Update rules to understand new ryslog 'high precision' timestamp format (Closes: #1023755) * Update rules to remove stray '\' characters. Thanks to Thomas Dorner (Closes: #1020827) -- Mathias Gibbens Thu, 22 Dec 2022 23:03:11 +0000 logcheck (1.3.24) unstable; urgency=medium * Bump Standards-Version to 4.6.0 no changes needed. * Thank you everyone and particular to Hannes von Haugwitz for maintaining this software (Closes: #981446). -- Jose M Calhariz Thu, 14 Jul 2022 21:09:03 +0100 logcheck (1.3.23) unstable; urgency=medium * v.i.d/logcheck-sudo: adjust 'session opened' rule to match uid, thanks to Marco d'Itri for the patch (closes: #985166) * v.i.d/logcheck-su: allow 'none' as pseudo terminal, thanks to Marco d'Itri for the patch -- Hannes von Haugwitz Thu, 01 Apr 2021 21:19:39 +0200 logcheck (1.3.22) unstable; urgency=medium * d/t/01-logcheck: use temporary log file -- Hannes von Haugwitz Mon, 01 Feb 2021 22:28:20 +0100 logcheck (1.3.21) unstable; urgency=medium [ Debian Janitor ] * Set debhelper-compat version in Build-Depends. * Fix day-of-week for changelog entries 1.2.23, 1.2.17, 1.1.1-7.3, 1.1.1-7. * Update standards version to 4.4.1, no changes needed. [ Simó Albert i Beltran ] * ignore.d.server/ssh: - match port - match more variants of 'Disconnected from' message - match 'Connection reset' message [ Ville Salomäki ] * v.i.d/logcheck-su, v.i.d/logcheck-sudo: allow '.' and '_' in usernames [Lee Maguire] * src/logcheck: support systemd journal as log source (closes: #876420) [ Hannes von Haugwitz ] * Switch to debhelper 13 * Update standards version to 4.5.1, no changes needed. * Update debian/copyright * Set Rules-Requires-Root to no * Add autopkgtest * Adjust rules for PAM open session messages to match new format * Update 'su' rules to match changed format (closes: #931770) * i.d.s/dnsmasq: allow '.' in interface names, thanks to Craig Small for the patch (closes: #732655) * i.d.s/openvpn: match 'VERIFY X509NAME OK' message (closes: #751292) * i.d.s/spamd: - match autolearn_force field - properly match IPv6 addresses thanks to Craig Small for the patch (closes: #755374) * i.d.s/postfix: match sasl_sender field (closes: #700851) * i.d.s/su, v.i.d/logcheck-su: - match 'su-l:session' - match '(to ) ' message * i.d.s/systemd-logind: new - match logind session messages * i.d.s/systemd: match some Succeeded/Finished messages * i.d.s/dhclient: adjust 'DHCPREQUEST' rule -- Hannes von Haugwitz Sun, 31 Jan 2021 23:01:29 +0100 logcheck (1.3.20) unstable; urgency=medium * Add MIMEENCODING option, default changed to let mime-construct choose an appropriate encoding, thanks to Anthony DeRobertis for the patch (closes: #860052) * src/logcheck: - fix -D option, thanks to Daniel Reichelt for the patch (closes: #877182) * docs/logcheck.sgml: - add missing dot, thanks to Vincas Dargis for the patch (closes: #859746) * Switch to debhelper 12 * Bump to Standards-Version 4.3.0 (no changes necessary) * Update debian/copyright * Remove inactive Uploaders (closes: #920183): - Eric Evans - Hanspeter Kunz - Marc Haber - martin f. krafft - maximilian attems - Todd Troxell Thanks for helping with the package. * ignore.d.server/postfix: match TLS 1.1 or later (closes: #913621) * ignore.d.server/dhclient: match short dhclient xids (closes: #872463) * ignore.d.server/openvpn: match TLS 1.1 or later (closes: #861950) * ignore.d.server/systemd: support milliseconds for timer messages (closes: #869415) * ignore.d.workstation/wpasupplicant: match interface in CTRL-EVENT-EAP messages (closes: #889116) -- Hannes von Haugwitz Fri, 01 Mar 2019 23:27:31 +0100 logcheck (1.3.19) unstable; urgency=medium * debian/control: - update Vcs-* fields to salsa.d.o - build-depend on debhelper (>= 11) - bump to Standards-Version 4.1.4 (no changes necessary) - update Maintainer field (closes: #899934) * debian/compat: - bump to dh compatibility level 11 * Remove references to alioth.debian.org * Update debian/README.Debian -- Hannes von Haugwitz Wed, 30 May 2018 23:59:13 +0200 logcheck (1.3.18) unstable; urgency=medium * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger for the patch (closes: #797512) * ignore.d.server/systemd: new - add some generic rules (closes: #783633) * debian/control: - add alternate dependency on cron-daemon, thanks to Felix Zielcke for the patch (closes: #786815) - use secure Vcs-* fields - bump to Standards-Version 3.9.8 (no changes necessary) * debian/copyright: update copyright year to 2017 * Remove obsolete debian/logcheck-database.postinst * Add support for logcheck.logfiles.d, thanks to Vincas Dargis for the initial patch (closes: #481353) * Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle for the patch * Remove references to 'logcheck.org' -- Hannes von Haugwitz Wed, 25 Jan 2017 22:08:04 +0100 logcheck (1.3.17) unstable; urgency=low [ Hannes von Haugwitz ] * debian/control: - dropped obsolete Replaces fields - removed 'deprecated' notice from logtail's short description - bumped to Standards-Version 3.9.6 (no changes necessary) * Migrated to dh7 style debian/rules file * debian/compat: - bumped to dh compatibility level 9 - updated copyright year to 2014 * debian/README.backports: removed (obsolete) * src/logcheck: - changed '#!/bin/bash' to '#!/usr/bin/env bash' - use '/run/lock/logcheck' instead of '/var/lock/logcheck' - set VERSION to the current version, thanks to Pascal Wittmann * ignore.d.workstation/wpasupplicant: - adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED' message (LP: #1325349) * ignore.d.server/dhcp: - adjust rule to match new URL (closes: #744205) * debian/copyright: - removed obsolete 'fork' notice * docs/README.Maintainer: - fixed typo (closes: #764336) * ignore.d.server/ssh: - match key fingerprint when using key exchange auth (closes: #743000) * ignore.d.server/dkim-filter: removed - package has been removed from debian [ Alberto Gonzalez Iniesta ] * ignore.d.workstation/kernel: - fixed reworded "Caching mode page" message, thanks to Hagen Fuchs for the patch (closes: #743378) -- Hannes von Haugwitz Fri, 24 Oct 2014 23:54:14 +0200 logcheck (1.3.16) unstable; urgency=low * ignore.d.server/ssh: - updated "subsystem request for sftp" rule (closes: #706085) * debian/control: - removed obsolete DM-Upload-Allowed field - build-depend on debhelper (>= 9) - bumped to Standards-Version 3.9.5 (no changes necessary) * ignore.d.server/smartd: - allow additional '[SAT]' field after controller pattern (closes: #653444) * ignore.d.server/exim4: - removed 'gluck.debian.org' specific rule (closes: #722312) * debian/logcheck-database.postinst, debian/logcheck.postinst: - applied patches by Loïc Minier (closes: #645588): - add logcheck alias on install not on upgrade - use [ -z ... ] rather than [ ! -n ... ] - fix indentation and whitespaces in postinsts - merge two tests into a single lt-nl comparison * ignore.d.server/cron-apt: - allow '-o quiet=1' in dist-upgrade rule (closes: #717247) * debian/logcheck-database.maintscript: added debian/logcheck-database.preinst: removed - use dpkg-maintscript-helper to remove obsolete config files - dropped handling of config files removed before squeeze release * ignore.d.server/puppetd: removed - rules are part of puppet-common package -- Hannes von Haugwitz Sun, 26 Jan 2014 17:43:32 +0100 logcheck (1.3.15) unstable; urgency=low [ Hannes von Haugwitz ] * ignore.d.server/dropbear: new - ignore successful logins (closes: #652148) * src/logcheck: - fixed broken '-t' option, thanks to Jon Daley (closes: #647622, LP: #1010431) * debian/control: - bumped to Standards-Version 3.9.3 (no changes necessary) - adjusted URLs of Vcs-* fields * debian/copyright: - updated copyright year to 2012 [ Frédéric Brière ] * ignore.d.server/postfix: - ignore "offered null AUTH mechanism list" - ignore "lost connection while receiving the initial server greeting" - fixed "lost connection while sending end of data" rule * ignore.d.server/proftpd: - ignore "authentication failure" even if ruser is provided * ignore.d.server/ssh: - ignore "PAM $n more authentication failures" - ignore "Too many authentication failures" - ignore "Closed due to user request." (closes: #647943) - ignore "Bye Bye" - ignore "Connection closed" - ignore yet one more variation of "invalid user" - updated "Postponed ..." rule with "[preauth]" suffix - updated "Postponed ..." rule with "invalid user" * ignore.d.workstation/libmtp-runtime: - ignore mtp-probe messages when plugging a non-MTP device * ignore.d.workstation/kernel: - ignore "No Caching mode page present" - ignore "usb-storage: Quirks match" - ignore "sensor detected" for various GSPCA webcams - updated FAT messages to new fat_msg() format - updated "new USB device" message to new usb_speed_string() format - updated bttv messages to new prefix -- Hannes von Haugwitz Sat, 30 Jun 2012 16:24:49 +0200 logcheck (1.3.14) unstable; urgency=low [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve logouts (closes: #637918) * ignore.d.server/postfix: - ignore (temporary) rejects messages when the sender domain is not found - ignore verify cache db cleanups [ Hannes von Haugwitz ] * src/logcheck: - added numeric timezone information to subject line - re-enabled globbing of logfile names (closes: #616103) * docs/README.logcheck-database: - mention logcheck-test in 'TESTING RULES' section * ignore.d.workstation/wpasupplicant: - match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message - allow WPA protocol in 'wpa_action: key_mgmt' message - ignore "mode=station" message - ignore "Trying to authenticate" message - allow '/run/sendsigs.omit.d' as location for pidfile (closes: #633030) * ignore.d.server/login: - adjusted rule to match serial terminals * ignore.d.workstation/kernel: - ignore "Spinning up disk" message - ignore 'cfg80211: Calling CRDA for country' message - ignore 'Monitor-Mwait' messages - ignore WLAN 'waiting for beacon' and 'beacon received' messages - allow 'device number' in '(new|reset) (low|full|high) speed USB' and 'USB disconnect' messages * ignore.d.server/cron-apt: - allow optional whitespace between value and unit, thanks to Gabor Kiss (closes: #609649) - allow optional architecture in "Get" message * ignore.d.server/dnsmasq: - allow '-' in interface name, thanks to Jan Evert van Grootheest (closes: #608256) * src/logcheck, etc/logcheck.conf: - added option to compress attachment with gzip * ignore.d.server/snmpd: - adjusted UDP rule to match new SNMP output format, thanks to Robert Naylor (closes: #613124) * docs/logcheck-test.1: - use 'logcheck-test' instead of 'logcheck' in the EXAMPLES * ignore.d.workstation/libpam-gnome-keyring: - adjusted rule to match messages without quotes (closes: #618411) * ignore.d.server/dhclient: - allow '-' in interface name (closes: #622942) * ignore.d.server/spamd: - adjusted 'child cleanup' rule to match new format, thanks to Enno Gröper (closes: #632471) * src/logcheck-test: - allow symbolic link as rule file * ignore.d.workstation/xlockmore: - applied patch by Libor Polčák: ignore local display * logcheck-database.preinst: - deleting ignore.d.server/webmin, package has been removed from debian * ignore.d.server/kernel: - ignore "kvm: emulating exchange as write" message - allow optional ". Opts: (null)" at the end of "mounted filesystem with (writeback|ordered) data mode" message * ignore.d.server/amavisd-new: - allow quarantine in "Passed SPAM" log line - allow subdirectories for quarantine messages and made Message-ID in "Passed BAD-HEADER" log lines optional, thanks to John Clements - allow compressed quarantine messages (closes: #639839) * debian/rules: - added build-indep and build-arch targets * debian/control: - bumped to Standards-Version 3.9.2 (no changes necessary) [ Gerfried Fuchs ] * Remove myself from uploaders. [ Jeremy L. Gaddis ] * ignore.d.server/postfix: - adjust postfix certificate fingerprint rule to match new output format, thanks to Loïc Minier (closes: #616616) * ignore.d.server/amavisd-new: - adjusted rule to match new output format, thanks to Adrian Lang (closes: #624197) * ignore.d.server/ssh: - add rule to ignore AllowGroups denial, thanks to Gerald Turner (closes: #637923) * ignore.d.server/dovecot: - adjusted rule to match IPv6 addresses, thanks to Gerald Turner (closes: #637916) * debian/copyright: - updated copyright year to 2011 - added myself as team member [ Frédéric Brière ] * violations.d/kernel: - ignore whitespace before timestamp * ignore.d.workstation/kernel: - allow '.' in input device name -- Hannes von Haugwitz Thu, 08 Sep 2011 15:32:22 +0200 logcheck (1.3.13) unstable; urgency=low * ignore.d.server/pure-ftpd: - fixed user name pattern in logout message, thanks to Simon Breuss (LP: #619119) * violations.ignore.d/logcheck-sudo: - match COMMAND=list and TTY=console, thanks to Michel Messerschmidt for the patch (closes: #593482) * ignore.d.server/amavisd-new: - applied changes by Christian Dröge (closes: #594605): - IPv6 support for IP addresses - allow PASSED SPAM in log - optional minus sign after "Hits:" - optional quarantine in log line - optional Message-ID -- Hannes von Haugwitz Fri, 03 Sep 2010 09:59:52 +0200 logcheck (1.3.12) unstable; urgency=low [ Hanspeter Kunz ] * ignore.d.server/dhcp: - generalized rule for "sending options to hosts" - ignore reading global configuration from an LDAP directory - allow dots in the DN (parsing of the DHCP configuration from LDAP dir) - ignore reading subnet configuration from an LDAP directory - ignore reading pool configuration from an LDAP directory [ Hannes von Haugwitz ] * ignore.d.workstation/kernel: - ignore 'cfg80211: Calling CRDA to update world regulatory domain' message - added rule to ignore 'No probe response from AP' message * ignore.d.workstation/wpasupplicant: - added some rules to ignore WLAN disconnections * ignore.d.server/amavisd-new: - match local mails in 'Passed CLEAN' message, thanks to Patrice Le Gurun (closes: #563348) [ Gerfried Fuchs ] * Re-integrating ignore.d.server/amavisd-new after a long time (closes: #583155) * Add Replaces: amavisd-new (<= 2:2.6.4-1) to logcheck-database for that. * Remove this file from the debian/logcheck-database.preinst OLD_CONFFILES list. -- Hannes von Haugwitz Tue, 10 Aug 2010 21:46:08 +0200 logcheck (1.3.11) unstable; urgency=low [ Hannes von Haugwitz ] * ignore.d.server/smartd: - ignore "scheduled Offline Immediate Test" (closes: #585802) * ignore.d.workstation/slim: new - ignore session opened/closed messages * debian/control: - bumped to Standards-Version 3.9.1 (no changes necessary) - depend on default-mta instead of exim4 * ignore.d.workstation/wpasupplicant: - match 5660 MHz in 'Trying to associate' message * ignore.d.server/libpam-krb5: new - ignore successful kerberos authentication, thanks to Russ Allbery (closes: #588285) * violations.ignore.d/logcheck-sudo: - ignore successful kerberos authentication, thanks to Michel Messerschmidt (see: #588285) * logcheck-database.preinst: - deleting ignore.d.workstation/xscreensaver, rule is covered by i.d.s/libpam-krb5 - deleting ignore.d.server/cracklib, rules maintained in cracklib-runtime * ignore.d.workstation/login: - removed successful krb auth rule, rule is covered by i.d.s/libpam-krb5 * violations.ignore.d/logcheck-su: - ignore successful kerberos authentication * ignore.d.server/smartd - ignore 'state read' and 'state written' messages * debian/copyright: - updated copyright year to 2010 - added Marc, Hanspeter and myself as team members * ignore.d.server/dhclient: - allow '-' in version string [ martin f. krafft ] * ignore.d.server/postfix: - patch from Mathias Krause to address changes in policy-weightd log message format. * ignore.d.server/ssh: - messages about invalid users can contain zero-length usernames. * ignore.d.server/postfix: - ignore delay notification log entries (closes: #589981). [ Hanspeter Kunz ] * ignore.d.server/dhcp: - ignore messages about LDAP lookups of host entries - ignore messages on sending options to hosts (as a result of LDAP lookups) - ignore more balancing/balanced pool messages - Found dhcpHWAddress: LDAP entries may contain underscores and dashes - removed rule to "ignore messages about leased addresses which respond to to ping requests" because this is probably caused by a misconfiguration - ignore messages on xid-mismatches - ignore messages on establishing a (TLS) connection to the LDAP server - ignore successful logins to the LDAP server - ignore successful parsing of the DHCP configuration from an LDAP directory * ignore.d.server/postfix: - ignore another TLS library problem (SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379) * ignore.d.server/dovecot: - sieve: allow empty recipient address - sieve: make "added by" optional -- Hannes von Haugwitz Thu, 29 Jul 2010 08:37:19 +0200 logcheck (1.3.10) unstable; urgency=low * logcheck-database.preinst: - deleting ignore.d.server/ntop, also in ntop (closes: #584824, #584849) -- Hannes von Haugwitz Mon, 07 Jun 2010 08:51:02 +0200 logcheck (1.3.9) unstable; urgency=low [ Hannes von Haugwitz ] * ignore.d.workstation/kernel: - adjusted rule to ignore more "usb-storage" messages - made 'AP ' optional in "wlan" message * src/logcheck-test: - fixed spelling error * debian/control: - added DM-Upload-Allowed field * ignore.d.workstation/wpasupplicant: - match more frequencies in 'Trying to associate' message * ignore.d.server/bind: - added rules to match bind's new syslog line format - adjusted rule to also match 'network unreachable' error, thanks to Bob Proulx (closes: #582060) * ignore.d.workstation/laptop-mode-tools: new - added rule for some laptop-mode info messages [ Hanspeter Kunz ] * ignore.d.server/dovecot: - sieve: msgids might be followed by "(added by ...)" [ martin f. krafft ] * ignore.d.server/postfix: - fix rule to match greylisting notices. * ignore.d.server/ntop: - ignore warnings about truncated packets. * ignore.d.server/schroot: - ignore new-style PAM session notices. * ignore.d.server/pdns: - update rules to match informational messages about incoming AXFR transfers, as well as sqlite3 connections. * ignore.d.server/asterisk: - ignore unknown attribute warnings/messages by rc_avpair_new. * ignore.d.server/git-daemon: - ignore warnings on access to nonexistent git repository. * ignore.d.server/kernel: - ignore message about kernel logging (proc) being stopped. -- Hannes von Haugwitz Thu, 03 Jun 2010 16:04:19 +0200 logcheck (1.3.8) unstable; urgency=low [ Hannes von Haugwitz ] * src/logcheck-test: - removed useless trap signal 16 * ignore.d.workstation/wpasupplicant: - allow '_' in id_str of CTRL-EVENT-CONNECTED message - added rules for wpa_action messages * ignore.d.workstation/kernel: - "Mode Sense" is hexadecimal, not just decimal - ignore "usb-storage" message * ignore.d.server/kernel: - ignore "using internal journal" message - adjusted rule to match EXT3-fs and writeback data mode * ignore.d.server/bind: - added rule to ignore "success resolving" messages * ignore.d.server/nfs: - allow '_', '-' and '.' in mount path, thanks to G. T. Laycock (closes: #575378) * ignore.d.server/nagios: - allow '>=' in "SERVICE FLAPPING ALERT" message - added rule to ignore "HOST FLAPPING ALERT" message * src/logcheck: - look for {header,footer}.txt in $RULEDIR, thanks to Kerstin Puschke - cd to $STATEDIR before cleaning up temp dir, thanks to Kerstin Puschke - fixed stream redirection of hostname command, thanks to Bob Proulx (see #574858) * ignore.d.server/dnsmasq: - adjusted rule to also match '-dhcp' suffix in dhcp subsystem messages, thanks to Michał Sawicz * Switch to dpkg-source 3.0 (native) format [ Gerfried Fuchs ] * debian/logcheck.NEWS, debian/logtail.NEWS: - removed asterisk from entries * docs/logcheck-test.1, docs/logtail.8, docs/logtail2.8: - escaped dashes that really mean dashes [ Hanspeter Kunz ] * ignore.d.server/dovecot: - ignore more failed and aborted logins - msgid's may contain colons - ignore discarded vacation responses (bulk, auto-submited, duplicates) - ignore duplicate forwards - ignore more "Connection closed" messages - ignore "Too many invalid IMAP commands" - ignore more "Connection closed" messages (MANAGESIEVE) - ignore aborted authentications * ignore.d.server/postfix: - ignore disconnects during EHLO (and not only HELO) handshakes - merged 5 similar "lost connection" rules into one * ignore.d.server/kernel: ignore imklog startup messages -- Hannes von Haugwitz Wed, 14 Apr 2010 13:43:17 +0200 logcheck (1.3.7) unstable; urgency=low [ Hannes von Haugwitz ] * Added src/logcheck-test and docs/logcheck-test.1 * ignore.d.server/wu-ftpd: - adjusted rule to match optional pid (closes: #570207) * src/logcheck: - use 7bit encoding for sending mail * ignore.d.workstation/kernel: - added rules for inserted and removed SD cards * ignore.d.server/mountd: new - added rule for authenticated mount/unmount requests, thanks to Paweł Hajdan, Jr. (closes: #567842) * docs/logcheck.sgml: clarify that "server" rules are included in "workstation" level * ignore.d.server/klogind: new - added rule for "connect from" message * ignore.d.server/login: - added rule for root logins on pseudo terminals * ignore.d.server/bind: - added rules for "received notify for zone" and "zone is up to date" message * Makefile: - added an empty "all" make target, thanks to Paweł Hajdan, Jr. (closes: #567150) - renamed BINDIR to SBINDIR - added logtail2 script to "clean" make target * ignore.d.server/ssh: - added rule for "disconnected by user" message (closes: #567317) * ignore.d.workstation/ifplugd: - added rule for "client: OK" message * debian/control: - bumped to Standards-Version 3.8.4 (no changes necessary) - added ${misc:Depends} to logtail Depends [ Hanspeter Kunz ] * ignore.d.server/dovecot: - added an optional prefix "dovecot: " to the deliver rule - added rule to ignore various sieve messages (stored mail, forwards, vacation replies and discards) [ Frédéric Brière ] * ignore.d.server/kernel: - added IPv6 support to "Treason uncloaked!" rule (closes: #546004) - added "Peer unexpectedly shrunk window" alternate rule - allow '-' in usbcore interface driver names (e.g. snd-usb-audio) * ignore.d.workstation/kernel: - added UDF-fs "readonly partition" and "Mounting volume" rules - usbhid no longer prints the source filename in its messages - allow ':' and arbitrary paths for input devices - adjusted "USB HID" rule to match generic devices - adjusted "USB HID" rule for newer kernels - adjusted agpgart rules for newer kernels -- Hannes von Haugwitz Fri, 19 Feb 2010 07:16:32 +0100 logcheck (1.3.6) unstable; urgency=low [ Hannes von Haugwitz ] * ignore.d.paranoid/sysklogd: - more specific matching of upstream version and optional distribution revision, thanks to Caspar Clemens Mierau (closes: #566200) * ignore.d.paranoid/cron: - make /usr/sbin/ optional in pathnames of cron, thanks to Matthias Andree (closes: #566198) * ignore.d.server/dhclient: - adjusted rules to match optional ip address, thanks to David Pashley (closes: #552222) * debian/header.txt: - fixed incorrect spelling, thanks to Michael Lustfield (closes: #566197) * Use mime-construct to send mail (closes: #542781, #564693) * etc/logcheck.conf: - added hint for suggested package * Removed obsolete files in violations.ignore.d/ (closes: #566107) * ignore.d.workstation/wpasupplicant: - adjusted rule to also match LEAP method - allow empty id_str in CTRL-EVENT-CONNECTED message * Added rules for dhcpcd, thanks to Paweł Hajdan, Jr. (closes: #564702) * ignore.d.server/nagios: - removed rule for nrpe * Added rule for libpam-gnome-keyring, thanks to Jerome Wittmann (closes: #565774) * ignore.d.workstation/kernel: - extended the rules for WLAN authentication and association * Added rules for successful non-root login to text console. * ignore.d.server/kernel: - ignore ext4 mount message * ignore.d.server/login - adjusted login rule to also match /dev/ prefix - added rule to match newgrp messages, thanks to Martin Mazur (closes: #545318) * ignore.d.workstation/ifplugd - added rules for ifplugd.action script execution * ignore.d.workstation/ppp - adjusted rule for successful CHAP authentication * Added myself to the Uploaders field. -- Hannes von Haugwitz Tue, 26 Jan 2010 22:01:39 +0100 logcheck (1.3.5) unstable; urgency=low [ Hannes von Haugwitz ] * Added rule for fcron * ignore.d.server/nagios - ignore harmless "CURRENT (HOST|SERVICE) STATE" messages * ignore.d.workstation/kernel - ignore "set mode" message from DRM - added some rules for WLAN authentication and association - ignore "thinkpad_acpi: EC reports that Thermal Table has changed" message * Added nslcd rule for ldap server connection * ignore.d.server/cron-apt - ignore disk space freed message, thanks to Tim Small (closes: #557087) - tiny regex code change * Deleting obsolete conffiles in logcheck-database.preinst - ignore.d.server/oidentd, also in oidentd (closes: #544686, #560428) * ignore.d.server/dhclient - adjusted rule to match new web address * ignore.d.workstation/xdm - ignore successful kerberos authentication * Added xscreensaver rule for successful kerberos authentication -- martin f. krafft Wed, 30 Dec 2009 08:10:08 +0100 logcheck (1.3.4) unstable; urgency=low [ Hannes von Haugwitz ] * ignore.d.workstation/ifplugd - ignore link beat detection * ignore.d.server/smartd - added rule to match completed self-test - added rules to match more self-test messages * Added some rules for wpasupplicant (closes: #544084) * ignore.d.server/su, violations.ignore.d/logcheck-su - adjusted su rules to also match /dev/ prefix (closes: #551340) * Added rule for apcupsd (closes: #535976) [ Frédéric Brière ] * Adjusted various kernel SCSI rules for removable media * Added USB kernel rules for USB_ANNOUNCE_NEW_DEVICES * Merged USB "new device" and "reset device" rules * Ignore "UDP: bad checksum" and "UDP: short packet" kernel messages * Corrected xdm pam_session rules (closes: #508335) * Updated acpid "client has disconnected" rule * Updated libpam-mount "realpath of X is Y" rule * Added libpam-mount "Command successful" rule * Adjusted ssh "Authentication failure" rule for "invalid user" * Updated cron-apt "Fetched" rule to match new time formats (closes: #531596) * Updated cron-apt rules to match all possible sizes and lengths * Replaced bashisms with POSIX equivalents (closes: #508546) * Depend on rsyslog by default (closes: #526911) * Dropped (now useless) ownership/permissions fixes on /var/lock/logcheck * ignore.d.server/openvpn: (closes: #499323) - match pathless ifconfig/route - match '.' and '_' in interface names - added "authentication succeeded' rule * ignore.d.server/dhcp: - interface names can have underscore in them (closes: #518422) - merged "Wrote X to leases file" rules, and added new ones (closes: #526116) * ignore.d.server/scponly: (closes: #506333) - added missing process name before PID - added the exhaustive list of commands allowed by scponly * Added rule for ext3 writeback data mode (closes: #542273) * ignore.d.server/dovecot: - replaced the (incomplete) method list with a wildcard (closes: #530591) - added I/O stats at the end of "Logged out" (closes: #538696) - added "discarded duplicate forward" and optional spacing to deliver rule (closes: #510889) * ignore.d.server/openvpn: - recognize some more options for PUSH_REPLY (closes: #511353) * ignore.d.server/postfix: (closes: #529367) - allow optional port number after "setting up TLS connection" - recognize "Trusted TLS connection established" * ignore.d.server/postfix: - allow <> as MAIL FROM in various messages - removing wildcard "reject: (RCPT|MAIL)" rule * ignore.d.server/innd: - added "no_read"/"no_post" rule (closes: #533487) * ignore.d.server/bind: - added various connection failure resolver messages (closes: #536071) * ignore.d.workstation/kernel: - adjusted sd "hardware sectors" rule for 2.6.28 (closes: #542390) - further adjusted that rule for 2.6.31-rc1 * logtail/logtail2 no longer ignore -o when called with only one argument (closes: #453309) * Deleting obsolete conffiles in logcheck-database.preinst - ignore.d.server/lpr, replaced by lpr - ignore.d.server/ntp, replaced by ntp - ignore.d.server/sendmail, also in sendmail-base (closes: #542265) - deleting all the conffiles dropped over the years (closes: #453519) * Quote most variables and commands in logcheck * Allow filenames with spaces in logcheck.logfiles (closes: #319169) * ignore.d.server/smartd: - Replaced hardcoded controller list with generic pattern (closes: #555828) [ Gerfried Fuchs ] * Upload to unstable. * Bump to Standards-Version 3.8.3. -- Gerfried Fuchs Mon, 07 Dec 2009 18:06:40 +0100 logcheck (1.3.3) unstable; urgency=low Upload to unstable. [ Hanspeter Kunz ] * ignore.d.server/spamd: - enhanced rule to ignore "Tell: Setting local Removing remote" messages - enhanced rule to ignore bayes database locking failures * ignore.d.server/dovecot - merged the two rules on aborted logins (thereby matching more cases) - ignore more authentication failure messages - ignore even more authentication failure messages - ignore ldap authentiation failure messages * ignore.d.server/postfix - ignore more undeliverable mail messages (unknown in virtual alias table) * ignore.d.server/ssh - ignore pam_unix(sshd:auth) user unknown messages * Bumped debhelper compatibility level to 7 * Use dh_prep instead of dh_clean -k * Specify licence as GPLv2 (instead of unversioned GPL) * Fixed typo in logtail.NEWS * Bumped Standards-Version to 3.8.2; no changes necessary [ martin f. krafft ] * Special-case lockfile error message in case logcheck is still running. Now logcheck differentiates between another process still running and some other problem with obtaining the lock. * ignore.d.server/postfix: - clean up "connect to" failure messages. * Remove lock directory, which logcheck recreates at runtime. -- martin f. krafft Tue, 11 Aug 2009 10:33:03 +0200 logcheck (1.3.2) experimental; urgency=low [ Gerfried Fuchs ] * Remove amavisd-new conflict, the file name conflict is long gone. * Remove unused-override entries (the complete logcheck-database file, in fact) * Fixed referenced detectrotate path in logtail2 manpage. * Escape [ in kernel timestamp rules, noticed by Michael Tautschnig, thanks! (closes: #498613) * Apply patch from Jari Aalto for fixing package description paragraph ordering by importence, thanks (closes: #499415) * Supress cron session closed messages too, thanks to Ferenc Wagner for noticing (closes: #499393) * Match for sshd:session additional to ssh:session, noticed by Ferenc Wágner (closes: #499561) * ignore.d.server/nagios, violations.ignore.d/logcheck-nagios: also support nagios3 as string in the log lines (closes: #514335). [ martin f. krafft ] * ignore.d.server/postfix: - ignore milter rejection messages. [ Hanspeter Kunz ] * ignore.d.server/dovecot: - deleted redudant rule for deliver - enhanced deliver rule to allow pretty much anything as msgid - allow missing ")" in deliver rule - ignore managesieve logins and disconnects * ignore.d.server/postfix: - generalize rule for ETRN rejections (allow brackets) - IPv6-ification of milter-discard rule - added optional "orig_to" to one of "postfix/smtp status=sent" rules where it was missing - ignore another TLS library problem (SSL3_READ_BYTES:reason(1000):s3_pkt.c:1057:SSL alert number 0) - ignore "too many errors after DATA (0 bytes)" -- Hanspeter Kunz Mon, 15 Jun 2009 06:33:34 +0100 logcheck (1.3.1) experimental; urgency=low * Removed ignore.d.server/no-ip, which clashes with the no-ip package, which has been superseeded anyway. * ignore.d.server/openvpn: - fix the regexps that added support for @ characters in the client CN (see #493066). * ignore.d.server/postfix: - expect more IPv6 addresses in filters. * ignore.d.server/ssh: - ignore bad username warnings. -- martin f. krafft Sun, 31 Aug 2008 20:31:51 +0100 logcheck (1.3.0) experimental; urgency=low * Formalise the dropping of violations.d/logcheck. Please see /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information (closes: #471072). * Remove most messages from cracking.d/logcheck and split up the remaining ones into separate files. * Add Auto-Submitted header to outgoing mails (closes: #489172). * Thanks to Hanspeter Kunz for all his patches. * ignore.d.server/dovecot: - ignore connection closed messages. - ignore auth failure messages whe ruser and rip are known. - ignore forwards and to cope with missing >'s at the end of long msgids. - ignore closed connection messages also when connection is reset by peer. * ignore.d.server/postfix: - fix most regexps to support IPv6 addresses. - allow port 587 in regexps whereever port 25 is used. - ignore messages about untrusted cert issuers that have any of &(), in their name. - ignore "NOQUEUE: milter-reject" messages. - enhanced "TLS library problem" rule to also ignore "bad certificate" errors. - added rule to ignore "SSL23_GET_CLIENT_HELLO:unknown protocol" messages. - ignore new message format for lacking subject CN in peer cert. - ignore getting too many errors after END-OF-MESSAGE, not only after four letter SMTP commands. - ignore milter-reject messages after RCPT which include the recipient. - ignore multiple PIX workaround messages. - ignore anvil connection rate statistics for unknown DNS hosts. - ignore all data related to untrusted certificate issuers. - ignore connection concurrency limit warnings for service submission too. * ignore.d.server/ssh: - ignore authentication failures with new PAM format. * ignore.d.server/kernel: - ignore unsupported function warnings from PnPBIOS - ignore whitespace before timestamp in newer kernels (closes: #494740). * ignore.d.server/no-ip: - ignore message when IP was already set to the current IP. * ignore.d.server/ntp: - allow hyphen in interface names in listen messages. * ignore.d.server/pdns: - ignore parsing errors for packages of arbitrary size. - ignore errors due to invalid qdomains causing servfails. * ignore.d.server/ikiwiki: - ignore error when "do" parameter has not been passed to CGI. * ignore.d.server/openvpn: - ignore messages about clients reconnecting and dropping previous active connections. - ignore restarts due to fatal TLS errors. - ignore replay-window backtrack warnings. - ignore connection reset messages with negative status (?) numbers. - do not require TUN devices to be named tun-*. - also ignore client CNs with @ (closes: #493066). * ignore.d.server/proftpd: - ignore when proftpd barfs all over syslog when a passive transfer failed. * ignore.d.server/spamd: - expect shortcircuit status in scan messages; thanks to Marc Sherman (closes: #474239). * ignore.d.server/upsd: - ignore client connection messages (closes: #495923). * violations.d/su: - match both, user-root and user:root styles (closes: #491694). * Rulefiles are now installed with mode 644; the directories are still moe 700, so the files are not publicly readable (unless the admin hardlinks them elsewhere). -- martin f. krafft Sun, 31 Aug 2008 20:12:08 +0100 logcheck (1.2.67) unstable; urgency=low [ Gerfried Fuchs ] * fix ignore.d.server/smbd_audit which had an unescaped | resulting in everything ignored (closes: #489009). As this hasn't transitioned yet to testing no urgency bump. * Added README.source, more or less a plain copy from -- Gerfried Fuchs Fri, 04 Jul 2008 10:38:07 +0200 logcheck (1.2.66) unstable; urgency=low * Re-added mailx as dependency, which is a virtual package. Lintian misguided me. Sorry (closes: #488102). * Upgrade to Standards-Version 3.8.0, which requires no other changes. -- martin f. krafft Thu, 26 Jun 2008 15:49:15 +0200 logcheck (1.2.65) unstable; urgency=low * violations.ignore.d/logcheck-postfix: - fixed filters for certificate messages that changed in postfix 2.5. * ignore.d.server/postfix: - ignore connection messages for anonymous TLS connections; thanks to Justin Larue (closes: #486440). - ignore hostname verification due to DNS name not found; thanks to Justin Larue (closes: #486440). - do not report connection failures due to timeouts. * ignore.d.server/maradns: - ignore messages related to resolvconf integration. * ignore.d.server/dovecot: - ignore aborted logins with 0 authentication attempts, e.g. due to nagios; thanks to René Hertell (closes: #487208). * ignore.d.server/cron-apt: - ignore harmless messages about state and space usage prediction; thanks to Daniel Hahler (closes: #484546). * ignore.d.server/spamd: - ignore child state K; thanks to Ross Boylan (closes: #484328). * ignore.d.server/ssh: - ignore host-based auth logins; thanks to Tilman Koschnick (closes: #483214) * ignore.d.server/imapproxy: - ignore failures to read from client socket (closes: #482523). * ignore.d.server/courier: - update rules to include port information; thanks to Antoine Pardignon (closes: #446310). - ignore couriertcpd messages; thanks to Andrew Gallagher (closes: #451118). * ignore.d.server/smbd_audit: - ignore smbd audit log entries (closes: #452879). * ignore.d.server/acpid: - follow recent modifications in acpid log output; thanks to Arno Renevier (closes: #450660). * ignore.d.server/otrs: - ignore OTRS CGI notices (closes: #450697). * ignore.d.server/openvpn: - ignore messages about dropped packets due to bad source addresses (out of connection messages). - ignore messages about packets with wrong encapsulated lengths, which are mostly portscanners, or hosts connecting to openvpn on ports like 443. * ignore.d.server/schroot: - ignore operational schroot messages for logins and running commands. * ignore.d.server/dhcp: - ignore DHCPACKs that have no hardware address (Windows). * fix wording in header.txt (closes: #472937). * change obsolete mailx dependency to bsd-mailx. -- martin f. krafft Tue, 24 Jun 2008 18:56:26 +0100 logcheck (1.2.64) unstable; urgency=low [ martin f. krafft ] * Fix spelling error in configuration file; thanks to Frans "I am bored" Pop (closes: #445537). * Remove version from cron dependency to allow e.g. bcron-run to satisfy the requirement. * Clean up accidental duplication in Makefile; hardcoded /usr/sbin is now $(BINDIR) (Ed Santiago) * ignore.d.server/postfix: - ignore Postfix bad address syntax errors from postfix/error (closes: #464896) (Russ Allbery) - ignore additional "(0 bytes)" on lost connnections (closes: #470102) (Russ Allbery) * ignore.d.server/spamd - deal with socket connections by e.g. evolution (closes: #448510, #473619). * ignore.d.workstation/kernel - also ignore loading of R300 microcode (closes: #474606). * ignore.d.server/spamd - fix spamd processing message pattern when msgid is unknown; thanks to Michal Čihař for the patch (closes: #471936). * ignore.d.server/bind - Fix up rules to match when views are in use; thanks Shawn Heisey (closes: #477932). * ignore.d.server/dkim-filter - ignore warnings about bad signature data; thanks to Clint Adams (closes: #478334). * Set permissions on /var/lib/logcheck to 0770 to prevent disclosure of information (see #481347). * If nail is not installed and MAILASATTACH is set, fall back to regular method (closes: #479278). [ maximilian attems ] * Clean up linux/violations.d/logcheck, all the "Attack" rules look pretty much dubious. Nobody should serisouly run rshd or rlogind. * control: s/XS-Vcs/Vcs/ git lines are official. * Add myself to Uploaders. * debian/rules, debian/logcheck-database.linda-overrides: Nuke old dup overrides, lintian rules. [ Frédéric Brière ] * ignore.d.server/bind: - moved "[bind] query $FOO denied" rule to violations.ignore.d (closes: #443881). - added bind's "AXFR ended" rule alongside "AXFR started" (closes: #445046). - added "adding an RR"/"deleting rrset" bind rules for dynamic DNS. - added "connection reset" rule for bind. - added "journal file does not exist" rule for bind. * ignore.d.server/sasl2-bin: - added DB_NOTFOUND and "user not found" rules for sasl2-bin. * ignore.d.workstation/kernel: - ignore bttv PLL messages - ignore (un)register messages from zaurus module (closes: #444096). * ignore.d.server/ddclient: - added two basic rules for ddclient (closes: #444097). * ignore.d.server/telnetd: - added basic rules for telnetd (closes: #444100). * ignore.d.server/ssh: - ignore "Nasty PTR record" messages from openssh (closes: #445074). * violations.ignore.d/logcheck-ssh: - adjused ssh "Failed password" rule to allow omitting "illegal/invalid user" (closes: #445072). - updated ssh "reverse mapping" rule to include IP address (closes: #445073). * ignore.d.server/tftpd: - added tftpd "serving file from ..." rule (closes: #445069). * ignore.d.server/dspam: - corrected illegal regex in ignore.d.server/dspam. * violations.ignore.d/logcheck-sudo: - ignore PAM session messages triggered by sudo. * ignore.d.server/postfix: - Postfix considers that "-" can be part of a numeric hostname. * violations.ignore.d/logcheck-postfix: - allow any error message following "SASL authentication failure" in postfix. * ignore.d.server/libpam-mount: - added libpam-mount rule "realpath of volume $FOO is $BAR". * ignore.d.server/proftpd: - adapted rules for SystemLog syntax. - added "FTP login|session timed out" rule. - added "Incorrect password" proftpd rule. - adjusted proftpd rules to catch unresolved IPv6 hosts. - added "@" to proftpd "no such user" rules, to catch anonymous@foo.bar. - adjusted proftpd "Data connection closed" rule to allow arbitrary usernames. * ignore.d.server/openvpn: - added "Re-using pre-shared static key" openvpn rule. - re-enabled :port portion of "UDPv4 link" openvpn rule. * ignore.d.workstation/bluetooth-alsa - adding rules for headsetd (bluetooth-alsa). * ignore.d.server/dhcp - Adding dhcp rules for DNS updates by ddns_remove_a() (closes: #459875, #472368) - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. [ Gerfried Fuchs ] * Bumped Standards-Version to 3.7.3, no further changes required anymore. * Added Homepage source control field. * debian/logtail.NEWS: Fix date format in trailer lines. * Updated my email address in debian/control and debian/copyright. -- maximilian attems Wed, 04 Jun 2008 00:34:38 +0200 logcheck (1.2.63) unstable; urgency=low * Conflict with amavisd-new (<< 1:2.5.2-1), since amavisd-new now maintains its own filters. Thus, remove them from this package. -- martin f. krafft Sun, 30 Sep 2007 15:57:43 +0100 logcheck (1.2.62) unstable; urgency=low * remove ignore.d.server/thttpd because thttpd package provides a better version (closes: #441504). * apply patch by Marc Haber to fix logtail2 when there are no archived logs found (closes: #441388). * apply patch by Rolan Kruggel which allos logcheck to be configured to attach log output, rather than inlining it (closes: #402739). * make dependency on logtail versioned (>= 1.2.59; closes: #443134). * violations.ignore.d/logcheck-postfix: - ignore rejections due to improper SMTP command pipelining. - fix filter for milter AV system overload. - ignoring warning about milter blocking mail to suspicious recipient addresses. - duplicate some filters from ignore.d.server/postfix for when servers use "hacker words" which cause logcheck to escalate to violations. * ignore.d.server/postfix: - ignore milter-discard messages after END-OF-MESSAGE. - ignore smtp client failures due to lost connections with relays. - ignore smtp client failures due to lost connections during later commands. - patch from Justin Pryzby to support postfix check_helo_(mx|ns)_access (closes: #443185). - ignore Postfix lost connection messages w/o IP address, patch by Russ Allbery. * ignore.d.server/rsync: - patch from Justin Pryzby to update rules for 2.6.9 (closes: #443178). * ignore.d.server/dovecot: - ignore notice about dovecot fixing index files. * ignore.d.server/incron: - ignore some startup messages - ignore messages about table reloading - ignore messages about command execution. * ignore.d.server/dhclient: - ignore message about option answers being larger than buffers. * ignore.d.server/acpid: - ignore basic messages from acpid; thanks to Hanspeter Kunz for the patch (closes: #443171). * ignore.d.server/bind: Thanks to Frédéric Brière for the following patches: - ignore messages about notify without SOA (closes: #443869) - ignore messages about denied queries (closes: #443886). - ignore all messages about unexpected RCODEs (closes: #443908). -- martin f. krafft Mon, 24 Sep 2007 23:47:10 +0100 logcheck (1.2.61) unstable; urgency=low * Provide $TMP and allow the administrator to specify an alternate location to store temporary files; thanks to Micah Anderson for the patch (closes: #412201). * ignore.d.server/logcheck: - Apply filter rules for new PAM log format; thanks to Aaron M. Ucko (closes: #440123). * ignore.d.server/rsync: - Ignore runtime rsyncd messages; patch by Justin Pryzby (closes: #440181) * violations.ignore.d/logcheck-postfix: - ignore temporary DNS lookup failures when checking for sender MX. - also ignore defer notices smtp gets after the DATA command. - ignore some rejections when $smtpd_delay_reject=no is set; thanks to Justin Pryzby (closes: #425642, #426736). * ignore.d.server/postfix: - ignore TLS library receiving SSLv3 alert 10, since it's just a broken client connecting. - ignore when libc6 warns about in-addr.arpa request being answered with a CNAME, which is not correct, but people do it and it works regardless. - ignore when smtpd tells us its discarding EHLO keywords ($smtpd_discard_ehlo_keyword*). - ignore SASL authentication failures due to empty passwords. - ignore AV system overload warnings by milter-reject. * ignore.d.server/spamd, violations.ignore.d/logcheck-spamd: - ignore spamcop failure and success messages. - do not ignore child state K, which indicates kill and might be a problem; thanks Frans Pop (closes: #436439). - update check result rule in violations.ignore.d. * ignore.d.server/pdns: - ignore messages about invalid packet sizes received from other machines. - ignore launch message after TCP nameserver was cycled. * ignore.d.server/hylafax: - ignore MODEM messages by FaxQueuer; thanks Remi Letot (closes: #425035). * ignore.d.server/bind - ignore view queries; thanks Justin Pryzby (closes: #428629). -- martin f. krafft Tue, 04 Sep 2007 19:38:31 +0200 logcheck (1.2.60) unstable; urgency=low [ maximilian attems ] * logcheck-database.config, logcheck-database.postinst, logcheck-database.preinst, logcheck.postinst, logcheck-database.templates: Kill code for upgrades from version earlier then Sarge, no debconf. Thus remove ancient po files. * debian/control: No debconf no debconf-updatepo need anymore. * debian/control: Drop versioned dep of presarge grep. [ martin f. krafft ] * Thanks to Frédéric Brière for his bug reports and patches. * violations.ignore.d/logcheck-postfix: - ignore milter-reject virus rejection notices. - ignore temporary milter failures (due to clamav-milter socket timeouts). - fix authentication failure messages related to SASL (closes: #437886). - ignore ETRN rejection warnings (closes: #437882). - ignore SOFTBOUNCE defers. * ignore.d.server/postfix: - ignore warnings about not being able to resolve (sender) MX hosts. - ignore timeouts on clamav-milter socket. - ignore warnings about MX hosts without valid A/address records (closes: #437896). - ignore lost connection message in stage with two words (e.g. MAIL FROM). - ignore timeout messages after all kinds of SMTP commands, incl. UNKNOWN. - ignore pickup messages. - do not require unknown_*_domain filters to include "valid_hostname" (closes: #437752). - ignore recipient verification check success messages. - ignore timeouts also after END-OF-MESSAGE. - ignore timeouts while sending XFORWARD name/address. - ignore peer cert verification warnings when OU is missing. - ignore timeout during EHLO handshake. * ignore.d.server/spamd: - ignore more runtime, informational messages. - handle trailing space (closes: #429886). - ignore successful pyzor report notifications. - ignore failures to report to SpamCop. - ignore reporting failures when there are no reporters. * violations.ignore.d/logcheck-spamd: - ignore informational messages about razor agent initialisation/registration * ignore.d.server/dovecot: - ignore disconnected messages without a username. - ignore disconnected messages during IMAP commands, other than IDLE. - ignore deliver messages with crm114 sfid attached. * ignore.d.server/amavisd-new: - ignore message ids with sfid trailer (crm114 adds this). - also ignore passing of BAD-HEADER diagnosed messages. - fix hit scoring regexp (closes: #435438). * ignore.d.server/squid: - ignore DNS failure messages. * ignore.d.server/pdns: - ignore warning about zero-sized packet from remote. * ignore.d.server/bind, violations.ignore.d/logcheck-bind: - also ignore unresolved RCODE 15 in warning messages (closes: #437891). * violations.ignore.d/logcheck-bind: - ignore allow-query-related rejections (closes: #437756). * violations.ignore.d/logcheck-proftpd: - deal with IPv6 addresses (closes: #437753). * ignore.d.server/puppetd: - add filter for informational puppetd rules by Sebastian Himberger; thanks! (closes: #437478). * ignore.d.server/cron-apt: - ignore messages from autoclean (closes: #437748). * ignore.d.server/stunnel: - make stunnel pid optional (closes: #428429). -- martin f. krafft Thu, 23 Aug 2007 12:21:31 +0200 logcheck (1.2.59) UNRELEASED; urgency=low [ Marc Haber ] * add logtail2 (closes: #435443): * now handles log rotation internally (with a plugin scheme). * can deal with rotated logfiles (closes: #336265). * supports logrotate's dateext rotation. * the previous logtail is deprecated and may be removed in the future. * Add myself to uploaders. Thanks for allowing me to join. -- Marc Haber Tue, 07 Aug 2007 14:39:49 +0200 logcheck (1.2.58) unstable; urgency=low * ignore.d.server/procmail: ignore write errors from procmail. * Add Russian debconf translation by Yuri Kozlov (closes: #434231). -- martin f. krafft Sat, 04 Aug 2007 18:02:00 +0200 logcheck (1.2.57) unstable; urgency=low * Change configuration to send mail output to logcheck@localhost (which is aliased to root) by default. * ignore.d.server/teapop: - ignore reverse DNS errors and dropped connections, thanks to Stephan Windmüller. * ignore.d.server/squid: - ignore extension method registrations for MERGE, MKACTIVITY, CHECKOUT. * ignore.d.server/openvpn: - more filters for informational, day-to-day messages we don't need to see. * ignore.d.server/postfix: - ignore warnings about concurrent connection limit exceeded. - ignore info about sender delivery status notification. * ignore.d.server/kernel: - ignore registration messages by cdc_ether network devices. - ignore st load message. - patch by Remi Letot to ignore capi messages; thanks (closes: #422621). - update rule to filter more usb-storage plugin messages - ignore HIDP initialisation message. - ignore registration messages of new interface drivers. * ignore.d.workstation/kernel: - USB IDs are hexadecimal, not just decimal. - ignore DRM initialisation messages by R200 chipsets. * violations.ignore.d/kernel: - ignore test WP failure on usb-storage connection. * ignore.d.server/ntp: - ignore kernel time sync status change. * ignore.d.server/spamd: - add rules to ignore messages related to --allow-tell - add (temporary) rules for messages generated by razor2 until the maintainer adds them (I hope) (closes: #410997). - beefed up the regexp to match more names in virtual setups. * ignore.d.server/samba: - ignore messages by PAM_smbpass. * ignore.d.server/mldonkey-server: - ignore messages about resource loading when ANSI locale is used. * ignore.d.server/cron: - ignore crontab entries even if helper is referenced by absolute path; thanks to Marc Sherman for the patch (closes: #422618, #422884). * ignore.d.server/amavisd-new, violations.ignore.d/logcheck-amavisd-new: - start taking over the package's file by implementing proper rules. * ignore.d.server/ikiwiki: - first version of ikiwiki filters, hides rebuilds. * ignore.d.server/ssh: - ignore more characters in invalid/illegal usernames. - ignore SSH-1.0-SSH_Version_Mapper scans. * ignore.d.server/bluez-utils: - ignore startup and connection messages. * ignore.d.server/amavisd-new: - update rules to handle corner cases, when multiple addresses are used, among other things. * ignore.d.server/dovecot: - ignore disconnection due to too many invalid commands and inactivity after user login too. * Made dependency on logtail unversioned. * Patch for log-summary-ssh by Justin Pryzby to ignore messages related to invalid users as well as illegal ones (closes: #422525). * debian/control: switch to using source:Version instead of Source-Version; thanks lintian. * debian/rules: don't fail clean target when no Makefile is present; thanks lintian (it does not actually matter here). -- martin f. krafft Mon, 23 Jul 2007 10:51:52 +0200 logcheck (1.2.56) unstable; urgency=low * Thanks to Eric Evans and Russ Allbery for their contributions. * ignore.d.server/dovecot: - ignore additional, non-conventional comment to msgid on deliver message. * ignore.d.server/openvpn: - ignore messages related to tls-verify script. - hide informational messages related to UDP. - allow free-form tun names. - handle multiple routes. - ignore stuff related to tls-auth - ignore ping-restart process respawn. * ignore.d.server/postfix: - updated an anvil stats pattern to match the submission service name in addition to port 587, (closes: #418449). Thanks Michael Shuler. - ignore more timeout and connection refused messages (closes: #404852). - allow more logging information in connection failure messages. - allow any message ID for cleanup; there are too many possibilities. - make the DSN optional in remote accept messages. - ignore numeric hostname and DNS lookup failures. - ignore invalid octet count errors from trivial-rewrite. - Postfix 2.4.0 now logs as error some of the deferral messages formerly logged as qmgr. - Fix typo in "while performing the HELO handshake" message. - ignore all warnings about malformed domain names in resource data of MX/CNAME records. - ignore warnings about numeric hostnames by valid_hostname. - ignore notice about generated sender delivery status notification. - filter certificate warnings for smtp and smtpd. - ignore warnings about timed out conversations. - filter out qmgr undeliverable warnings. - do not hardcode column names for mysql query; thanks Andreas Beckmann. * violations.ignore.d/logcheck-postfix: - smtpd_peer_init is optional before DNS failure messages. - allow conn_use information in smtp failure messages. - add another variation on remote message acceptance. - allow more message IDs in cleanup log messages. - Ignore qmgr message expiration messages. * violations.ignore.d/logcheck-ssh: - ignore host/address mismatch messages from TCP wrappers. * ignore.d.server/ssh: - also ignore backslashes in invalid/illegal user names. * ignore.d.server/thttpd: - ignore stats messages. * ignore.d.server/spamd: - ignore checking notice when there is no message-id ("unknown"); thanks Fabian Fagerholm (closes: #421913). * ignore.d.server/teapop: - ignore messages by POP3 server; thanks to Stephan Windmüller (closes: #421768) * ignore.d.server/snort: - ignore empty log lines; thanks to Johan Walles (closes: #413262). * ignore.d.*/kernel, violations.ignore.d/logcheck-kernel: - allow kernel timestamps (CONFIG_PRINTK_TIME); thanks to Samuel Thibault (closes: #416971). * Updated pt_BR debconf translation; thanks to Andr�� Lu��s Lopes (closes: #421525). -- martin f. krafft Sat, 05 May 2007 16:01:16 +0200 logcheck (1.2.55) unstable; urgency=low * Actually install README.backports.gz to /usr/share/doc/logcheck (closes: #411021). * Make sure the logcheck group actually exists. Thanks, Jordi. * violations.ignore.d/logcheck-passwd: - ignore PAM warnings on authentication failures. * violations.ignore.d/logcheck-saslauthd:\ - ignore PAM warnings on authentication failures. * ignore.d.server/saned: - ignore some more error messages. * ignore.d.server/hplip: - ignore some more error messages. * violations.d/logcheck: - elevate messages matching /violations/i. * violations.ignore.d/logcheck-proftpd: - ignore warning about attempted root logins. * ignore.d.server/ssh: - ignore @ in names of nonexistent accounts. * ignore.d.server/kernel: - ignore more initialisation messages from SCSI subsystem. * ignore.d.workstation/kernel: - ignore keyboard connection messages. * violations.ignore.d/logcheck-postfix: - ignore sender verification rejects after MAIL (in case they are not delayed). - ignore RBL rejects after successful reverse DNS resolution. - allow extra information after message-id. - ignore certificate verification failures due to invalid CA certs. - ignore reject due to sender address verification against virtual table. * ignore.d.server/postfix: - more policyd-weight rules by Armin Berres (closes: #410416). - ignore messages related to RBL DNS lookup errors. - ignore messages on successful delivery to Sendmail. - improve filters for messages relating to deferred mail. * ignore.d.server/spamd: - ignore init messages with scores in SQL (closes: #411111). * ignore.d.server/mldonkey-server: - ignore BER decode errors. * ignore.d.server/dovecot: - ignore disconnection due to IDLE. - ignore connection message to db by auth-worker; thanks to Guillaume Rischard. * ignore.d.server/gnu-imap4d: - first set of rules to ignore basic messages. * debconf translation updates: - Portuguese by Pedro Ribeiro (closes: #410734). -- martin f. krafft Wed, 28 Feb 2007 12:35:06 +0100 logcheck (1.2.54) unstable; urgency=low * ignore.d.server/dovecot: also ignore local logins, which are "secured", not "TLS". Thanks to Marco Nenciarini for the patch (closes: #407642). * ignore.d.workstation/kernel: ignore all kinds of input devices, not just Logitech mice; thanks to Dave Vehrs for the patch (closes: #407087). * ignore.d.server/kernel: patch by Elmar Hoffmann to filter messages by 3ware driver (closes: #408764). * ignore.d.server/postfix: make anvil filter rules ipv6 compliant. * violations.ignore.d/logcheck-postfix: ignore deferred messages after rewriting the address (orig_to in use). * violations.ignore.d/logcheck-postfix: ignore plain informational messages even if they contain some of the violations.d/logcheck words. * ignore.d.server/postfix: ignore messages about successful deliveries to IMail servers (and possibly others; closes: #407777). * ignore.d.server/postfix: patch by Armin Berres to filter information messages from postfix+mysql (closes: #408444). * ignore.d.server/postfix: patch by Armin Berres to filter policyd-weight messages (closes: #408700). * ignore.d.server/postfix: ignore messages about numeric MX results by smtpd as well. * violations.ignore.d/logcheck-postfix: ignore lmtp message when content filter muted DSN. * ignore.d.server/postfix: ignore message due to timeout receiving the initial server greeting. * ignore.d.server/openvpn: ignore messages related to client-side routes and client-config-dir. * ignore.d.server/openvpn, violations.ignore.d/logcheck-openvpn: fix up a bunch of the rules for various stages of the connections. * ignore.d.server/ssh: ignore messages about invalid users even with '" characters in the usernames. * ignore.d.server/ssh: ignore messages related to Allow/DenyUsers (closes: #407009). * violations.ignore.d/logcheck-ssh: ignore more PAM authentication failure messages. * ignore.d.server/courier, violations.ignore.d/loghceck-courier: ignore SSL/TLS connection errors for all components. * ignore.d.workstation/logcheck, ignore.d.server/cracklib: moved cracklib rules to server level (closes: #408557). * ignore.d.server/epmd: ignore information output from erlang-base daemon epmd; thanks Armin Berres for the patch (closes: #408559). * ignore.d.server/spamd: improve rules for corner cases, thanks to Armin Berres for his help. * violations.d/smartd: no longer elevate temperature messages as smartd does that already (closes: #407734). * ignore.d.server/smartd: ignore raw values in attribute change messages; thanks to Elmar Hoffmann (closes: #408890). * ignore.d.server/smartd: honour exclamation mark for max value in attribute change value; thanks to Elmar Hoffmann (closes: #408901). * ignore.d.server/squid: ignore vary store marker object mismatches. * Added Galician debconf translation by Jacobo Tarrio (closes: #408123). * Updated Czech debconf translation; thanks Miroslav Kure (closes: #407830). -- martin f. krafft Tue, 30 Jan 2007 15:26:22 +0000 logcheck (1.2.53) unstable; urgency=low * violations.ignore.d/logcheck-postfix: ignore entries for messages bounced/deferred by the LDA. * ignore.d.server/postfix: ignore network_biopair_interop messages about read errors. * ignore.d.server/postfix: ignore bounce messages on bad address syntax. * ignore.d.server/postfix: ignore lost connection warnings during HELO handshake. * ignore.d.server/postfix: more tolerance on message-ids. * violations.ignore.d/logcheck-postfix, ignore.d.server/postfix: ignore messages related to checks done by the cleanup daemon. * violations.ignore.d/logcheck-postfix: more extended DSN matches contributed by Jefferson Cowart; thanks (closes: #405786)! * violations.ignore.d/logcheck-postfix: fix greylisting defer message for zero-sized senders (<>). * violations.ignore.d/logcheck-postfix: fix greylisting defer filter for new-style messages. * violations.ignore.d/logcheck-postfix: ignore messages about deliverable messages (sender address verification). * violations.ignore.d/logcheck-postfix: ignore cleanup status messages which have been elevated to violations due to matches between domain names and violation filters (e.g. vrfy.org). * violations.ignore.d/logcheck-ssh: ignore ssh_msg_recv messages which are escalated to violations. * ignore.d.server/dcc: ignore message about sleep after failure. * ignore.d.server/kernel: ignore libata load message. * ignore.d.server/kernel: ignore several meesages related to hard disks. * ignore.d.{server,workstation}/kernel: ignore more messages related to removable disks and their filesystems. * ignore.d.server/kernel: ignore messages from bridge subsystem. * ignore.d.server/pdns: ignore message about . zone refreshes. * ignore.d.server/spamd: ignore logger and server pid info messages. * ignore.d.server/dovecot: ignore disconnection messages after login too. * violation.ignore.d/ssh: ignore messages about illegal users with IPs reverse resolved too. * ignore.d.server/squid: handle messages about unsupported messages with any type (related to mldonkey) in a hackish way, due to locale mismatches (see #350206). * violations.ignore.d/logcheck-sudo: properly ignore invocations of sudoedit. * ignore.d.server/openvpn, violations.ignore.d/logcheck-openvpn: also honour "openvpn" as process name, which seems to be used by clients; thanks to Vincent Danjean for being persistent (closes: #406179). * ignore.d.server/openvpn: ignore messages with IP address of peers of newly established connections. * ignore.d.server/dhclient: updated to new style for informational messages. * ignore.d.server/saned: also ignore access granted messages for other usernames. * logcheck now chdir()s to /var/lib/logcheck before cleanup of the temporary directory. This should hopefully fix some of the "Check temporary directory" messages. * Modified the system account Gecos name to "logcheck system account". * Check for existence of home directory of the system account. If it points to a non-existing directory, change it to /var/lib/logcheck. Also ignore the corresponding log entry by usermod. -- martin f. krafft Tue, 16 Jan 2007 07:13:32 +0100 logcheck (1.2.52) unstable; urgency=low * ignore.d.server/dovecot: cleanup of dovecot filters to match some more operational messages reported by Stefan Schlesinger (closes: #396760). * ignore.d.server/dovecot: ignore delivery notification log messages by deliver MDA. * ignore.d.server/dovecot: amend for new log format. * ignore.d.server/dovecot: ignore messages about disconnection because of disconnection (sic). * ignore.d.workstation/kernel: also ignore lack of UDF partition. * ignore.d.server/proftpd: small correction wrt IPv6 addresses (closes: #397466). * ignore.d.server/proftpd: ignore reaching of max login attempts limit). * ignore.d.server/postfix, violations.ignore.d/logcheck-postfix: ignore more new-style messages with extended DSNs (closes: #404422). * ignore.d.server/postfix: ignore cleanup msgs withempty msgid (closes: #400986). * ignore.d.server/watchdog: first couple of filters added. * ignore.d.server/netconsole: first couple of filters added. * ignore.d.server/cron-apt: ignore + in package names. * ignore.d.server/dhcp: fixed to filter requests for unknown leases. * ignore.d.server/dhcp: hide message about duplicate lease. * ignore.d.server/ssh: ignoring message about corrupted input MAC. * ignore.d.server/ssh: ignoring message about bad packet length. * ignore.d.server/ssh: ignoring message about bad protocol identification. * ignore.d.server/ssh: ignore messages about missing auth information. * ignore.d.server/ssh: support filtering gssapi-keyex messages; thanks to Russ Allbery (closes: #400426). * ignore.d.server/ssh: allow dashes in hostnames of refused connect messages; thanks to Russ Allbery (closes: #400813). * violations.ignore.d/logcheck-ssh: ignore ssh hosts.allow warnings (closes: #400714). * ignore.d.server/dcc: ignore message about which DCC servers are used. * ignore.d.server/openvpn: ignoring more operational messages. * ignore.d.server/snort: added ruleset by Jason Martens (closes: #403758). * ignore.d.server/courier: fix bogus rule, thanks to Michael Tautschnig (closes: #400350). * ignore.d.server/rsync: ignore rule about file list built; thanks to Russ Albery (closes: #400425). * ignore.d.server/lpr: ignore restart message; thanks to Russ Albery (closes: #400427). * ignore.d.server/nagios: fix filters; thanks to Esteban Cerutti (closes: #401717). * ignore.d.server/slapd: ignore slapcat init message; thanks to Dirk Prösdorf (closes: #400432). * Added Spanish debconf translation by Javier Fernández-Sanguino (closes: #402204). * Do not source debconf confmodule in preinst as it's not needed. * Assign a real name to the logcheck system user, unless the real name GECOS field is not empty (closes: #402800). Also ignore the message generated by chfn. -- martin f. krafft Thu, 28 Dec 2006 12:32:00 +0100 logcheck (1.2.51) unstable; urgency=medium * medium urgency to increase the chance of making etch as per agreement with Steve Langasek, release manager. Rationale: arch-indep and only new regexps in this version. * violations.d/kernel: added to elevate messages about media errors. * violations.ignore.d/kernel: ignore some non-critical messages by device drivers, such as USB stuff. * violations.ignore.d/kernel: ignore if AGP fails to initialise on Matrox cards. * ignore.d.server/kernel: ignore message about device-mapper loading. * ignore.d.server/kernel: ignore startup banners by tun/tap driver. * ignore.d.server/kernel: ignore startup configuration printout by sk98lin. * ignore.d.server/kernel: ignore startup banner by skge driver. * ignore.d.server/kernel: ignore startup messages by ipmi driver. * ignore.d.server/kernel: ignore iptables bandwidth messages generated by webmin bandwidth module/shorewall (closes: #397580). * ignore.d.server/kernel: remove filter for iptables log messages for UDP packets, which aren't generated by default. * ignore.d.server/kernel: ignore message about missing disc in drive. * ignore.d.workstation/kernel: ignore messages related to pmount and USB hotplugged storage devices. * ignore.d.workstation/kernel: ignore intel8x0 (soundcard) initialisation messages. * ignore.d.workstation/kernel: ignore more messages related to USB hotplug. * ignore.d.workstation/kernel: ignore message about DRM loading and initializing. * ignore.d.{workstation,server}/kernel: moved several messages to server class as they also apply to servers. * violations.ignore.d/logcheck-su: ignore redundant message about authentication failure, which provides no additional information. * violations.ignore.d/logcheck-cron-apt: ignore redundant summary error message about index files that failed to download. * ignore.d.server/logcheck: ignore pam_unix opened and closed sessions with empty progname (gconf mainly). * ignore.d.server/pdns: added more filters to silence recent versions of pdns (except for startup/shutdown). * ignore.d.server/pdns: also hide IPv6-related messages and messages related to syncing of new slave zones. * ignore.d.server/anacron: also ignore messages with exit status. * violations.ignore.d/logcheck-ssh: ignore authentication error messages by pam_unix: if there's no user name, the attempt is pathetically harmless anyway; if there's a username, sshd logs another message with more information. * ignore.d.server/ssh: ignore listening notices for all ports, not just 22. * ignore.d.server/ppp: filtering messages about connections to pppd. * violations.ignore.d/logcheck-bluez-utils: ignore non-critical failure messages about connections that failed. * ignore.d.server/bluez-utils: added to filter dund connection messages. * ignore.d.workstation/bluez-utils: add filters to ignore device connection and disconnection, as well as startup/shutdown. * violations.ignore.d/postfix: ignore unsupported SSL cert purpose. * violations.ignore.d/postfix: ignore messages related to amavisd-new banning attachments. * ignore.d.server/postfix: filtering message when smtp client is greylisted. * ignore.d.server/postfix: ignore redundant message about reload by postfix-script as master also logs. * ignore.d.server/postfix: ignore errors about virtual users not found. * ignore.d.server/postfix, violations.ignore.d: ignoring more messages about rejects the admin does not care about; thanks to Russ Allbery (closes: #397097). * */*postfix: also ignore [-_$] in local part of message-id; thanks to Alexander Gerasiov (closes: #398163). * ignore.d.server/postfix: ignore messages about changed hash tables. * ignore.d.server/postfix: ignore summary messages when postsuper deleted queue entries. * ignore.d.{workstation,server}/mldonkey: moved to server category and added some additional rules for informational status messages. * ignore.d.server/dhclient: filtering send_packet messages which are purely informational or redundant without any extra info. * ignore.d.server/dhcp: updated for latest BOOTP messages. * ignore.d.server/dhcp: fixed to filter requests for unknown leases. * ignore.d.server/hplip: added to filter information messages from hpiod/hpijs/hpssd. * ignore.d.server/xinetd: ignore messages about conf files read and services removed, as well as startup banner. * ignore.d.server/saned: ignore most messages. * ignore.d.server/squid: ignore messages resulting from clients firing unsupported request methods at the server, which may happen in situations where transparent proxying is in use. GNUTELLA is one offendant. * ignore.d.server/squid: ignore some messages generated by squid 2.6 in transparent mode. * ignore.d.server/squid: ignore messages about closed client connections due to lifetime timeout. * ignore.d.server/proftpd: support IPv6 addresses with UseReverseDNS off; thanks to Gregor Hermens (closes: 397466). * ignore.d.server/proftpd: ignore messages by new version of proftpd about aborted transfers and chrooting to the root directory. * ignore.d.server/proftpd: ignore message about failure to bind to IPv6 sockets if protocol is not available, as IPv6 cannot be turned off it seems (see http://bugs.proftpd.org/show_bug.cgi?id=2817). * ignore.d.server/amandad: ignore messages with resolved hostnames instead of IPs; thanks to Jan Evert van Grootheest (closes: #396407). * ignore.d.server/courier: cleanup to match some more messages reported by Enrique Garcia (closes: #395265). * [TODO] ignore.d.server/dovecot: cleanup of dovecot filters to match some more operational messages reported by Stefan Schlesinger (closesNOTYET: #396760). * ignore.d.server/smartd, violations.d/smartd: ignore messages about temperature changes except those that report reaching new maximum values; escalate those reporting the reaching of critical limits to security events. * ignore.d.server/ntp: ignore debug messages from signal_no_reset. * ignore.d.server/ntp: ignore messages about which port ntpd bound to. * ignore.d.server/maradns: added initial set of filters for maradns. * ignore.d.server/cpufreqd: added filters for startup messages about unconfigured/missing plugins. * Added README.backports. * Now recommends logcheck-database of at least the current verson (>= instead of =). -- martin f. krafft Fri, 17 Nov 2006 18:36:32 +0100 logcheck (1.2.50) unstable; urgency=low * chgrp the entire /etc/logcheck tree to group logcheck if it exists during logcheck-database's configuration (closes: #391665). * ignore.d.server/cron-apt: also ignore Get messages with dots in the component name (local repos). * ignore.d.server/postfix, violations.ignore.d/logcheck-postfix: ignore redundant messages about missing maildirs (closes: #354821). * ignore.d.server/ppp: ignore messages about modem hangups due to remote connection drops. You're not going to see these anyway if pppd does your connection, and there will be plenty other messages alerting you to the lack of connectivity. * ignore.d.server/dhcp: ignore message about leased addresses which respond to ping requests. * ignore.d.workstation/mldonkey: added file to ignore pretty much everything. -- martin f. krafft Thu, 2 Nov 2006 22:47:48 +0100 logcheck (1.2.49) unstable; urgency=low * Add note about read permissions on log files to the error ourput generated by logcheck in case of problems (closes: #382858). * Safer adding of logcheck alias to /etc/aliases; now does *not* remove the alias on remove/purge anymore since mail may still arrive at a later point (closes: #392637). * ignore.d.server/kernel: also ignore outgoing iptables log entries (closes: #377381). * ignore.d.server/kernel: ignore TCP treason uncloaked messages since the kernel apparently knows how to handle them anyway and we're really not a NIDS. * violations.ignore.d/logcheck-postfix: fixed rule to filter generic bounces by the smtp client. * violations.ignore.d/logcheck-postfix: allow messages about network_biopair_interop failures to report negative num_read counts. * violations.ignore.d/logcheck-postfix: ignore generic 554 messages during CONNECT; thanks to Martin Lohmeier (closes: #373174). * violations.ignore.d/logcheck-postfix: updated filter for generic smtp status messages to postfix 2.3 (closes: #376533). * violations.ignore.d/logcheck-postfix: also filter rejections even if rcpt is not yet known; thanks to Micah Anderson (closes: #382442). * violations.ignore.d/logcheck-postfix: do not ever report security warnings about mail which has been sent (closes: #382440). * ignore.d.server/postfix: ignore messages about missing issuer certificates. * ignore.d.server/postfix: handle LMTP submissions from localhost; thanks to Marco Nenciarini (closes: #389047). * ignore.d.server/postfix: ignore lost connections after any SMTP command; thanks to Micah Anderson (closes: #387000). * ignore.d.server/postfix: ignore warning about non-SMTP commands. * ignore.d.server/postfix: ignore warning about lost connections after initial server greeting. * ignore.d.server/postfix: ignore warning about lost connections any type of upper case SMTP command. * ignore.d.server/postfix: again ignore warning about failed SASL auth. * ignore.d.server/postfix: also ignore bare port 25 in log messages; thanks to Bernd Zeimetz (closes: #385001). * ignore.d.server/postfix-policyd: added rules by Bernd Zeimetz (closes: #387008). * ignore.d.server/saslauthd, violations-ignore.d/logcheck-saslauthd: ignore messages about unknown users or invalid passwords (closes: #369486). * ignore.d.server/spamd, violations.ignore.d/logcheck-spamd: update rule to ignore checking messages (closes: #382805). * ignore.d.server/spamc: ignore warning about max message size limitation. * ignore.d.server/imapproxy: allow usernames with @ (closes: #373190). * ignore.d.server/dovecot: properly handle IPv6 addresses (closes: #327088). * ignore.d.server/dovecot: ignore more messages about inactivity disonnects. * ignore.d.server/dovecot: ignore PAM auth messages about unknown users. * ignore.d.server/innd: ignoring new message about flushing messages by send-uucp; thanks to Thomas Parmelan (closes: #387272). * ignore.d.server/courier,squid: fix rules with space after the $ line-end mark. * ignore.d.server/squid: ignore message about oversized URLs. * ignore.d.server/squid: ignore informational aioSync messages; thanks to Elmar Hoffmann (closes: #385982). * ignore.d.server/squid: ignore warning about missing PTR record. * violations.ignore.d/logcheck-nagios, ignore.d.server/nagios: extended rules to support nagios2; thanks to Cyril Chaboisseau (closes: #355364). * violations.ignore.d/logcheck-bind: ignoring messages for unexpected RCODEs; thanks to Ingo Theiss (closes: #378333). * ignore.d.server/dhcp: ignore messages about NAK due to portable client from other network requesting old lease. * violations.d/smartd: elevate messages about uncorrectable and unreadable sectors (closes: #392679). * ignore.d.server/smartd: ignore messages smartd generates when sending warning mail; thanks to Elmar Hoffmann (closes: #393938). * */*smartd: now filters all smartd attribute changes except for temperature changes to values higher than and equal to 55, and changes to the attributes Reallocated_Sector_Ct, Current_Pending_Sector, Offline_Uncorrectable, and UDMA_CRC_Error_Count. See /usr/share/doc/logcheck-database/NEWS.Debian.gz . * ignore.d.server/cron-apt: ignore regular messages about downgrades; they are not going to take place anyway, and an error message is emitted nevertheless. * ignore.d.server/cron-apt: handle situations when fetching takes minutes. * ignore.d.server/proftpd: ignore messages about login access limited. -- martin f. krafft Wed, 18 Oct 2006 22:11:06 +0200 logcheck (1.2.48) unstable; urgency=low [ maximilian attems ] * ignore.d.server/postfix: Fix cleanup rule and remove duplicate. Thanks Paul Aurich (closes: 378976) * Updated debconf translations: - fr.po thanks Michel Grentzinger (closes: 379215) - nl.po thanks Frans Pop (closes: 377605) - it.po thanks Luca Monducci (closes: 377874) * violations.ignore.d/logcheck-ssh, violations.ignore.d/logcheck-postfix: Move to postfix rules to the later. (closes: 377139) * ignore.d.server/courier: Ignore authdaemon ldap reconnections. Thanks Tilman Koschnick for the patch (closes: 372286). * ignore.d.server/sa-exim: Add 2 rules for sa-exim. Thanks Ross Boylan (closes: 359787). * ignore.d.workstation/kernel: Add more rules for swsusp. * ignore.d.workstation/kernel: Ignore loop module loading. * Add catalan debconf translation (closes: 379131) - Thanks for ca.po to Jordà Polo * ignore.d.workstation/kernel: Ignore oprofile loading. * ignore.d.workstation/kernel: Ignore removable device plugging. * ignore.d.server/dhclient: Ignore recorded leas output and bound renewal. * violations.ignore.d/logcheck-login: Ignore successful root logins on tty's. * ignore.d.workstation/ifplugd: Ignore link beat loose. * ignore.d.workstation/kernel: detto. * debian/logcheck-database.postinst: Make logcheck-database piuparts clean, on upgrade. Remove moved configfiles if they are unchanged. Thanks Lars Wirzenius for report (closes: #355701). * Remove old useless logcheck/changes low priority debconf template. * Remove logcheck/install-note as logcheck.conf is self explantory. (closes: 377618) Thanks Thomas Huriaux . * Move logcheck/changes retroactively to logcheck.News. Thus cleanup logcheck.control, no debconf left (closes: #388924). * logcheck-database.config fix bashism. [ martin f. krafft ] * moved po-debconf build-dep to arch-dependent list due to clean target. * removed logcheck debconf files, only logcheck-database has debconf. * ignore.d.server/pdns: ignore failure to get SOA serial from supermasters that send wrong notifies. * ignore.d.server/cron-apt: fixed several rules for corner cases. * ignore.d.server/postfix: added rule for server greeting timeout. * ignore.d.server/postfix: also add msgid status messages by cleanup daemon. * ignore.d.server/proftpd: fixed rule to ignore unknown user logins. * ignore.d.server/spamd: fixed rule for config location message. * ignore.d.server/ssh: duplicate possible breakin messages from violations.ignore.d. * ignore.d.server/ssh: duplicate invalid user messages from violations.ignore.d, and also cater for zero-length usernames. * ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: revert to reporting drastic changes in attributes. * ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: now works with almost arbitrary disk names. * ignore.d.server/kernel: partially undo link status message filter, now only filters up messages, not the down ones. By nature of the link status, the messages will come in pairs or not at all anyway. * ignore.d.server/dovecot: ignoring inactivity logouts. * ignore.d.server/pdns: ignoring message about new superslave zones. * ignore.d.server/spamd: correcting typo in SIGCHLD cleanup rule. * ignore.d.server/ssh: ignoring ssh_msg_recv failure messages. * ignore.d.server/pdns: ignore messages about not being authoritative for just about anything. * ignore.d.server/cron-apt: fixed rule to properly treat lines with packages whose names have dots (closes: #381983). * Do not remove the logcheck user on purge as it may still own files (closes: #383243). * Updated nl debconf translation, thanks to Frans Pop (closes: #386768). * Added patches by Elmar Hoffman to ignore power on time usage attribute and messages about self-tests. -- martin f. krafft Sun, 8 Oct 2006 17:15:43 +0200 logcheck (1.2.47) unstable; urgency=low * ignore.d.server/pdns: minor corrections to better ignore notifies -- I think pdns 1.9.20 introduced a new format. * ignore.d.server/dovecot: minor correction to ignore SSL parameter regeneration. * ignore.d.server/cron-apt: ignore echo of update line, permit distribution names with a hyphen ("sarge-backports"), allow ~ in versions, and ignore the summary message about failed fetching of index files. * violations.ignore.d/logcheck-ssh: ignoring "Connection reset by peer" messages. * violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN" messages (with the hyphen) when it's a clear fake (IP maps to A, which does not map to IP). * violations.ignore.d/logcheck-ssh: ignore logins as invalid user which have a 'none' method. * ignore.d.server/postfix: improved filters for postfix 2.3 lmtp connections. * violations.ignore.d/logcheck-proftpd: ignoring extra PAM messages for failed logins. * violations.ignore.d/logcheck-proftpd: ignoring denied and failed logins due to limit specification. * ignore.d.server/kernel: ignore interface link status changes. If they are important, we would not be able to get mail about them anyway. * ignore.d.workstation/kernel: ignore messages about unknown keys pressed. This information is interesting, but by the time logcheck delivers the mail, no user will remember which key s/he pressed. * Added further lintian and linda overrides (non-standard-dir-perm). * Updated debconf translations: - Vietnamese, thanks to Clytie Siddall! - Swedish, thanks to Daniel Nylander! - German, thanks to maximilian attems! - Japanese, thanks to Hideki Yamane! -- martin f. krafft Tue, 18 Jul 2006 07:24:18 +0200 logcheck (1.2.46) unstable; urgency=low * ignore.d.server/ssh: fixed regression related to "Did not receive identification string" warning. Sorry about that (closes: #377276). * ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: extended the regexp matching usernames to anything non-whitespace in filters about nonexistent users -- today someone tried to log in as '!@#$%^&*()_+' here! * ignore.d.server/pdns: ignoring warnings about overly large packets, or packates otherwise of the wrong size. * ignore.d.server/cron-apt: fixing rules wrt sarge and cleaning up. * ignore.d.server/dovecot: fixing filter for dovecot 1.0 logins by removing the space at the end of the line. Gargh! * We're now maintaining logcheck in SVN. See README.Debian file (which also received other minor updates). -- martin f. krafft Sun, 9 Jul 2006 15:04:49 +0200 logcheck (1.2.45) unstable; urgency=low [ Todd Troxell ] * Increment version [ Jamie Penman-Smithson ] * ignore.d.server/smartd: Add rule to match normal temperature changes. * violations.ignore.d/logcheck-sudo: Ignore invocation of sudoedit too. Thanks to Jan Braun . (Closes: #360120) * ignore.d.server/dhcp: Match new DHCP log format with IPv6 addresses. (Closes: #369603) * violations.ignore.d/logcheck-ssh: Match new log format in openssh 4.3. (Closes: #369497) * ignore.d.server/oidentd: Match IPv6 addresses too. Thanks to Elmar Hoffmann for the patch. (Closes: #369294) * ignore.d.server/oidentd: Remove superfluous rule for connections from localhost. * ignore.d.server/pdns: Ignore 'Refreshed n records' messages. (Closes: #369263) * ignore.d.server/smartd: Minor change to rule for "Temperature changed" messages. * ignore.d.server/xinetd: Add the first rules for xinetd. * ignore.d.server/smartd: Merge two rules for self-test messages into one. (Closes: #368878) * ignore.d.server/saslauthd: Add rule to suppress 'client step' messages. (Closes: #368652) * violations.ignore.d/logcheck-postfix: Update rules for postgrey. (Closes: #368318) * violations.ignore.d/logcheck-postfix: Add rule to suppress smtpd '554 Access denied' messages. (Closes: #368313) * ignore.d.server/postfix: Fix rule to really match 'read timeout' messages. (Closes: #367781) * ignore.d.server/spamd: Merge in rules from the spamassassin package. (Closes: #366364) * Minor changes to usage summary and explanation of FQDN option. (Closes: #365565) * ignore.d.server/dkfilter: Minor fix to rules for dkfilter.out. Match 'wrong sender domain' messages from dkfilter.out. * ignore.d.workstation/anacron: Move to ignore.d.server. (Closes: #368900) [ maximilian attems ] * ignore.d.server/dovecot: Add rule for aborted logins. * ignore.d.workstation/kdm: Ignore kdm-greeter logline. * ignore.d.server/nagios: Improve existing rules, add newer for service flapping and ping logging. * ignore.d.server/sympa: Add impressive ruleset on common ml operations. * ignore.d.server/stunnel: New rules. * ignore.d.server/squid: Add 2 rules for cachemgr. * ignore.d.server/rsync: Add 2 rules for common rsyncd failures. * ignore.d.server/rsnapshot: Add 2 rules for casual rsnapshort warnings. * ignore.d.server/proftpd: Add 3 rules about usual ftpd operations. * ignore.d.server/ntp: Ignore to many recvbufs. Thanks to all the above rules to Peter Palfrader . * ignore.d.workstation/kernel: Add rules to reduce noise on swsusp. * debian/logcheck.postinst: Remove old check against woody version removing /var/cache/logcheck. * debian/logcheck-database.preinst, debian/logcheck-database.postinst: Remove checks against old woody symlinkfarm. * debian/logtail.preinst: Remove old dpkg-divert handling. * debian/control: Remove useless versioned depends on debianutils and po-debconf. Versions are satisfied on Sarge. * debian/control: Conform to policy 3.7.2 without changes. * ignore.d.server/dhcp: Properly escape dots. [ Gerfried Fuchs ] * debian/control: move debhelper dependency to Build-Depends due to policy requirements. [ martin f. krafft ] * ignore.d.server/cron: added rules to ignore begin/end of crontab edits (closes: #356681). * ignore.d.server/cron: added crontab-specific lines from ignore.d.workstation/cron (and removed them there). * ignore.d.*/cron-apt: moved cron-apt rules from workstation to server. * ignore.d.server/dhclient: even 3.0 sleeps when no lease in persistent database. * ignore.d.workstation/dovecot: Added/updated dovecot 1.0 rules. * ignore.d.server/kernel: added rules to ignore martian, ll header, and icmpv6_send warnings. * ignore.d.server/pdns: added many rules for standard pdns operational messages. * violations.ignore.d/logcheck-pdns: ignore denied AXFR requests. * ignore.d.server/postfix: ignoring cleanup header_checks REPLACE messages (closes: #376489). * ignore.d.server/postfix: extending rule for "too many errors" to cover all SMTP commands (closes: #376472). * ignore.d.server/postfix: ignoring dNSNames complaints (closes: #376469, and parts of 369487). * ignore.d.server/postfix: ignoring bounce message about sender non-delivery notification. * violations.ignore.d/logcheck-postfix: ignore invalid SASL logins, PAM will complain with more details (closes: #369487). * violations.ignore.d/logcheck-postfix: ignore HELO access check rejections (closes: #376968). * ignore.d.[ws]*/ppp: adding/updating rules to ignore informational messages. * ignore.d.server/proftpd: adding ANON command to successful login rule and noticing that the other rule of the bug has already been fixed (closes: #372541). * ignore.d.server/proftpd: ignoring logins with unknown users. * ignore.d.workstation/proftpd: ignore reaching maximum number of login attempts. * ignore.d.server/smartd: don't be so selective about temperature filtering (closes: #355085). * ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: ignore usage and prefailure attribute changes given that smartd will send separate mail when things go bad anyway. * ignore.d.server/spamd: fixing several of the spamd rules wrt email addresses, and added new rules for newer spamd versions. * ignore.d.[ws]*/squid: moved messages about server stop/start/reconfigure to workstation, and those about unchanged cache dir sizes to server. * ignore.d.*/squid: folded in some filters for operational messages and updated squidGuard spawn message to include all eventHelper messages. * ignore.d.server/ssh: ignore messages about missing shadow information for NOUSER (when there was a NULL user passed in the SSH protocol). * ignore.d.server/ssh: make sure that we never get bothered by scans again (closes: #376461, #354820, #376474). * ignore.d.server/ssh: ignore SSH disconnects (closes: #376464). * ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: ignore login attempts for nonexistent accounts (closes: #376462). * src/logcheck: if called as root, now echoes the options back to the user for easier cut-n-paste. * debian/control: recommend logcheck-database instead of depending on it (closes: #376739). -- Todd Troxell Thu, 6 Jul 2006 06:13:19 -0500 logcheck (1.2.44) unstable; urgency=low [ Jamie Penman-Smithson ] * Add kernel rules for 'Device not ready' and 'BIOS EDD' messages. (Closes: #353510) * Update postfix rules to match new log format in 2.2. * Modify exim4 rules to match messages with multiple recipients. (Closes: #359878) [ maximilian attems ] * debian/logcheck.postrm, debian/logcheck.postinst: Don't hide errors in postinst. * src/logcheck: $SENDMAILTO escape it properly so that multiple senders can be specified. * src/logcheck: Make shure we always have an $LOCKFILEDIR as Ubuntu purges lock dir on startup. Thanks Dave Love for the patch. (closes: #357039) * debian/logcheck.postinst: 755 is fine as permissions for $LOCKFILEDIR. * ignore.d.server/ntp: Catch negative corrections too - thanks to Robert Edmonds . (closes: #355649) * ignore.d.server/smartd: Ignore smartd temperature messages within the normal operating range between 5-50 degrees C - thanks to Adam Porter for the patch. (closes: #355085) * it.po: Add Italian debconf translation. Thanks to Luca Monducci . (closes: #356737) * ignore.d.server/postfix: Ignore noise buffer length postfix logline - thanks to Karl Chen for the patch. (closes: #356754) * ignore.d.server/kernel: Ignore ECP dmesg logline. (closes: #355092) * ignore.d.server/dhclient: Fix typo, add rule match. * ignore.d.server/popa3d: Take into account multiple messages. Thanks Robbert Kouprie for the patch. (closes: #363336) * ignore.d.workstation/kernel: Add various kernel rules. (Closes: #353815) [ Todd Troxell ] * Switch back to using run-parts as it created confusion for users with files like #rulefile# and .rulefile.swp in their tree. (closes: #353793) -- Todd Troxell Sat, 29 Apr 2006 22:48:35 +0200 logcheck (1.2.43a) unstable; urgency=low * Bugfix release. Unconditionalize chgrp -R of /etc/logceck as our new logfile-unreadability tests revealed some unreadable rule files upon upgrade. * This release also includes changes I forgot to include in the previous release, listed in the prior changelog entry. -- Todd Troxell Sun, 19 Feb 2006 08:32:20 -0500 logcheck (1.2.43) unstable; urgency=low [ maximilian attems ] * Add exim4 rule for defered messages. * Fix ssh rule for valid session. * Add some kernel rules for some sony device. [ Todd Troxell ] * Correct hylafax receive rule. * Add /var/lib/logcheck to INSTALL, Thanks to Jonathan Adamczewski * Add check to see if logcheck cfg is accessible. Thanks Markus Peuhkuri (Closes: #344553) * Add Marcus Peuhkuri's ssh-summarizer script to doc dir (Closes: #307585) * Correct Postfix rule for "address not listed for hostname" (Closes: #344620) * Update copyright year to 2006 * Add Dutch Debconf translation, thanks Frans Pop (Closes: #344716) * Patch from Bill Wohler to sudo vc ignore rules (Closes: #343631) * Remove redundant hylafax mdoem string rule * Add exit status section to manpage [ Jamie Penman-Smithson ] * Add snmpd rule to match new "Connection from UDP" messages. Thanks to Ralf Hildebrandt . (Closes: #337916) * Update dovecot rule to match new log format - lowercase method - yet again. (Closes: #337517) * Add various new kernel rules at workstation level. Thanks to Dave Vehrs . (Closes: #337998) * Fix postfix rules to match "initializing server-side TLS engine" messages. (Closes: #347227) * Update su rules for login 4.0.x. (Closes: #346502) * Reword EXAMPLES section in the logcheck manpage. Thanks to Jari Aalto . (Closes: #351669) * Update postfix/lmtp rule to match new log format in postfix 2.3. * Use 'find' instead of 'run-parts' to list the contents of directories since 'run-parts' cannot handle filenames with periods. Update control to depend on findutils. * Exit with an error if a rule file is unreadable. (Closes: #340226) * Add postfix rule to match "statistics: max simultaneous domains[..]" scache messages. * Update spamd rules. Thanks to Russ Allbery & Karl Chen . (Closes: #336558) * Fix ntp rules to match ipv6 addresses too. Thanks to Beat Bolli . (Closes: #336079) * Add first rule for cvs-pserver. (Closes: #338732) * Modify dhcp rules to match dhcpd output when no client hostname is returned and '(none)' is used. (Closes: #346350) * Add the first rules for cron-apt. Thanks to Dave Vehrs . (Closes: #338003) * Add logcheck to /etc/aliases during install. (Closes: #353148) * Add the first rules for dspam. -- Todd Troxell Sun, 19 Feb 2006 07:55:46 -0500 logcheck (1.2.42) unstable; urgency=low [ maximilian attems ] * Add dccproc timeout rule. * Only source the conffile if we can read it. Should enable logcheck runs directly out of the logcheck source. * Default to send mail to local root otherwise messages go to Nirvana. * Check if conffile with list of logfiles is readable. * Fallback to read syslog if no logfile is provided. * Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751) * Add rule for recent nfs mountd messages. Thanks to toby cabot . (Closes: #325800) * Move imap file to server level, not appropriate for paranoid. * Add imap ignore rule for moved bytes, seems pretty normal imap usage. Thanks to toby cabot . (Closes: #325801) * Add rule for Postponed keyboard-interactive ssh logins. * Update some usb rules for usb-storage and phone devices. (Closes: #324347) * Update horde3 rules the identifier can be changed by the user to any char. Thanks to Martin Lohmeier (Closes: #324613) * Add imp4 rule for successful logins. Thanks to Martin Lohmeier (Closes: #324615) * Bumped standards to 3.6.2. * Fix exim4 rule for more modern tls string. * logcheck.8 fix add full path to README.logcheck-database.gz. (Closes: #328632) [ Jamie Penman-Smithson ] * Add the first rules for mon. Thanks to Robbert Muller . (Closes: #324451) * Modify dovecot rules to match ipv6 addresses too. (Closes: #327088) * Add first polypaudio rules in workstation to suppress module-alsa-sink.c messages. (Closes: #331282) * Add first rules for tftpd, suppress 'connect' and 'get file' messages. (Closes: #333456) * Fix dovecot rules to match the new format log messages in 1.0. (Closes: #332707, #333461) * Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann (Closes: #332807) * Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar Hoffmann (Closes: #333233) * Update nagios rules to match host UNREACHABLE notification messages. (Closes: #325874) * Add the first rules for popa3d. (Closes: #328251) * Fix group permissions for /var/lock/logcheck on install or upgrade so logcheck can be executed by the logcheck group. (Closes: #330208) * Add Swedish translation, thanks to Daniel Nylander . (Closes: #334415) * Fix anvil max rate rule to match statistics messages when postfix is bound to a specific IP. (Closes: #334342) * Modify spamd rules to match log message format in 3.1. (Closes: #335021) [ Todd Troxell ] * Add check for lockfile-progs to aid non-debian installations. * Set logcheck to remove cleanup trap if an error occours while getting lockfile. This will prevent many confusing error messages. * Add error reporting on -o option * Add IPv6 support to bind rules. Thanks Marco Nenciarin (Closes: #327100) * Add IPV6 support to postfix rules. Thanks Marco Nenciarin (Closes: #327114) * Add INSTALL documentation for manual/non-Debian installation. * Add 5 receive rules for hylafax's FaxGetty. * Call adduser without --home flag in postinst. (Closes: #312393) -- Todd Troxell Sat, 22 Oct 2005 23:14:54 -0400 logcheck (1.2.41) unstable; urgency=low [ Jamie Penman-Smithson ] * Fix postfix rule to match "setting up TLS connection" messages again. * Fix innd rule for "ME time" messages, add rule for innfeed "ME time" messages. * Fix rules for gps to match messages with the null sender (<>). * Update cyrus/notifyd rule to match destination folders and subfolders too. * Update cyrus rules to suppress DBERROR db3: n lockers messages when it's only 1-2 lockers, these messages are harmless as long as the number doesn't increase. * Update postfix lmtp rule to match messages given by amavis when discarding UBE and viruses. * Fix bug in the squid rule for "found whitespace" messages which caused grep to choke due to unescaped { and } characters. (Closes: #311216) * Update innd nnrpd rule for latest version of INN. * Add a versioned dependency on grep to prevent bugs like #311216 happening in the first place. * Added Vietnamese translation, thanks to Clytie Siddall. (Closes: #312597) * Fix minor typo in logcheck-database.templates. (Closes: #312598) * Modify rules for successful ssh login messages to match when ssh/ssh2 is not specified at the end. (Closes: #312729) * Modified ignore.d.workstation/kernel to ignore nfs warnings about mount version. (Closes: #313601) * Fix postfix anvil rules to match max message/recipient rate and count messages. * Add the first rules for dkfilter, which implements domainkeys signing and verification for postfix. * Add rule for openssh-krb5 and add gssapi-with-mic to the list of auth alternatives. (Closes: #318500) * Add ovpn-tunnel rule to suppress "VERIFY OK: nsCertType=SERVER" messages. Thanks to Martin Lohmeier . (Closes: #320009) [ Maximilian Attems ] * Suppress error message if hostname not set. (Closes: #314951) * Add another sshd rule for PARANOID /etc/hosts.deny setting. * Fix postfix rule concerning Service unavailable. (Closes: #315507) * Add some initial support for exim4 log messages. Pretty rudimentary stuff still, will need further refinements. (Closes: #316612) * First rule for amandad. (Closes: #313603) * Remention how to invoke logcheck with sudo. * Add an examples section to the manpage with my most usual invocation. * Fix rules for gconfd loglines. * Add rule for mailman admin loglines in violations.ignore.d/logcheck-postfix thanks toby cabot . (Closes: #317772) * Fix hostname match in rbldnsd rule thanks sistemas@dedaloingenieros.com. (Closes: #317741) * Unifiy gdm rules, add a rule for X restart. * Beautify README.logcheck-database, uses markdown(1) syntax now. Added testing rules header to carify sections. (Closes: #317642, #318731) * Small manpage fixes. * Add 2 courier rules for ACCEPTED usernames and the started client module. * Add pdns rule for duplicate packets from recursor. * Fix cvs rule for exit code != 0. thanks Martin Lohmeier (Closes: #321506) * Fix hostname match in cups-lpd rules thanks Gilbert Laycock (Closes: #322179) * Add horde3 rules for users login/logout thanks Martin Lohmeier (Closes: #322570) * Fix logcheck.8 rendering of docbook-to-man. (Closes: #322036) [Todd Troxell] * Tweak descriptions to satisfy litian. -- Todd Troxell Mon, 22 Aug 2005 15:27:45 -0500 logcheck (1.2.40) unstable; urgency=low jamie: * Improve postfix rules in ignore.d.server/postfix and violations.ignore.d/logcheck-postfix. (Closes: #305350) * Add postfix rule for "Temporary failure in name resolution" messages. * Add rules for policyd, add comma to throttle rule. * Add nagios rules for PROCESS_SERVICE_CHECK_RESULT messages. (Closes: #306695) * Add more ntp rules for "adjusting local clock" messages. (Closes: #303661) * Add postfix rule for "unknown SPF result" messages when using the libspf2 patch. * Add rule for bind 9.3 "FORMERR resolving" messages. * Add more nagios rules for SERVICE_FLAPPING messages and ENABLE_*_NOTIFICATIONS messages. * Fix udev rules to match alphanumeric device names and subdirectories in front of %k. (Closes: #307588) * Add bind rule to suppress NSTATS messages. (Closes: #307675) * Add nagios rule for "HOST EVENT HANDLER" messages. * Add cyrus rules to match notifyd messages. * Add first rule for grinch, an open relay checker for postfix. * Set a default for FQDN and only set the value of HOSTNAME once we've read logcheck.conf. The FQDN option now works. (Closes: #308249) * Minor changes to innd rules. Add rule to match innfeed "Connection refused" messages. * Add nagios rule for ENABLE_NOTIFICATIONS messages. * Add postfix rule to suppress "certificate has expired" messages. * Add postfix rule for "misplaced delimiter" hostname warnings. * Add nagios rules to match ACKNOWLEDGEMENT, ADD_SVC_COMMENT, HOST_DOWNTIME and DISABLE_SVC_NOTIFICATIONS messages. * Add the first rules for qpopper and qpopper-drac. (Closes: #125794, #191637) * Fix innd rules in violations.ignore.d/logcheck-innd for innfeed to match "global/final seconds.." messages. * Correct innd rule for perl filter rejection messages to match hostnames with hyphens and underscores too. * Adjust the anvil rule to match "max connection" messages with port 587 (submission). * Add section to README.logcheck-database about submitting rules. * Modify rules for dovecot to also match messages from the pop3 daemon. (Closes: #310423) * Minor changes to innd rules. Add rule for readclose messages. * Add postfix rule in violations.ignore.d/logcheck-postfix to suppress dNSNames mismatch messages. * Add innd rule for innfeed hostChkCxns messages. * Fix postfix rule in violations.ignore.d/logcheck-postfix to match CommonName mis-match messages when verifying broken certs where the CN is empty. maks: * Add some pppd rules for pppoatm usage. * Fix hostname match in cvsd rules. * Add some first preliminary iptables rules for iptables REJECT logging ignore.d.server/kernel for UDP packets. * Add jabberd, ssh, rsync rules from Peter Palfrader . The ssh rule ignores network scanning noise (not the account brutforcing). * Added dot to username match in scponly rule. * Match more strictly ipv4 address in dhcpd + dhclient rules. * Add to ignore.d.server/dhcpd initial udhcpd lines. (Closes: #306388) * Minor additions to logcheck(8). * Add rule for cron nss_ldap message in ignore.d.server/cron. * Generalise kernel message no IPv6 routers present level workstation. * Update rsync daemon rule thanks Paul Slootman (Closes: #308800) * Update postfix peer verification rule match. (Closes: #307889) * Beautify logcheck.postinst don't call dpkg --compare-versions when no $2. * Correct proftpd rules thanks to Tilman Koschnick (Closes: #309084) todd: * Add Eric Evans as an uploader. -- Todd Troxell Sunday, 29 May 2005 00:24:00 -0500 logcheck (1.2.39) unstable; urgency=low todd: * Fix logcheck upgrade script to set owner on lock directory properly Thanks Marco Valli, Maks -- Todd Troxell Tuesday, 19 Apr 2005 11:53:00 -0500 logcheck (1.2.38) unstable; urgency=low maks: * Generalise postfix rule concerning network_biopair_interop. * Add rule for ntp message about valid/infalid peers. (Closes: #303661) * Improve rules .PHONY target + add checkpo rule for the translation check. * Add help target to debian/rules documenting the syntax. jamie: * Add rule in violations.ignore.d/logcheck-postfix for postgrey (Closes: #300888) * Modify bind notify rule for bind 9.3.x (Closes: #303176) * Add various workstation kernel/udev rules for removable devices (Closes: #297995) * Modify rsync rule to match module names with '.', '-' and '_'. Thanks to SATOH Fumiyasu for the patch (Closes: #295352) * Add nagios rule for UNKNOWN state service notification. * Modify postfix anvil rule for 'max connection' statistics messages to match smtps connections too. * Add new rules for policyd, a postfix policy daemon. * Add more postfix rules for certificate verification failure messages. * Add new rules for postfix scache (connection cache server). * Add rule for bind 9.3 'unexpected RCODE' messages. * Modify dnsmasq rule to match '/var/run/dnsmasq/resolv.conf' too. (Closes: #302678) todd: * Change lockfile location from /var/lock/logcheck to /var/lock/logcheck/logcheck (Thanks Rainer Zocholl) to avoid potential DoS condition. (Closes: #304978) * Make lockfile debug messages refer to the correct files. * Add note about dh_installlogcheck permissions. (See #302379) -- Todd Troxell Monday, 18 Apr 2005 23:45:00 -0500 logcheck (1.2.37) unstable; urgency=low maks: * Fix routine message when resolvconf is installed. thanks for patch to Thomas Hood (Closes: #302678) * Add postfix rules for local procmail delivery. (Closes: #302744) * Fix logcheck su rule reporting valid `su -' use. * Add nagios rule for UNREACHABLE messages. thanks for patch to Geoff Crompton (Closes: #298495) todd: * Revert warning on bad regex code (Closes: #302689) -- Todd Troxell Saturday, 2 Apr 2005 17:57:00 -0500 logcheck (1.2.36) unstable; urgency=low jamie: * Update rules for gps 1.0>. * Add/update rules for innd. maks: * Add harmless pdns rule at server level. * Add rules for cups-lpd at level server. * Add violations.ignore.d/logcheck-dcc for the nightly dccifd reporting. * Add rule ignore.d.server/kernel for printer out of paper. (Closes: #298291) * Add one more apm rule for useless gdm logout message. * Add rules for 2 harmless dhcpd and dhclient messages. * Add cvsd, pam rules from Peter Palfrader . * Add ssh rule for timeout before authentication. * Check time of rotated logfile against already gzipped logfile. syslog-ng leaves old syslog.0 logfile in /var/log. (Closes: #296096) todd: * Add support for warnings in report * Update copyright dates * Warn on invalid regex (Closes: #295560) * Update udev for directories (Matt Brubeck) (Closes: #301415) -- Todd Troxell Wednesday, 30 Mar 2005 20:04:00 -0600 logcheck (1.2.35) unstable; urgency=low maks: * logtail fix invocation without switches (compat to old versions). * Add smartd rule, whitespace fix openvpn rule, merge old smartd rules. * Add rule for imaplogin disconnected + logout messages. (closes: #294950, #295418) * Add rule violations.ignore.d/logcheck-ssh + rule ignore.d.server/ssh for the PARANOID wildcard in /etc/hosts.deny. * Match dots as dots aka '\.' in all rules. * Add kernel rules at level workstation (annoying apm, usb storage) * Fix gconf SIGHUP rule (dup whitespace). jamie: * Add rules for webmin (closes: #286307). * Add rules for postfix 2.2, innd. * Modify rule for pure-ftpd logout messages (closes: #294612). * Add rule for pure-ftpd timeout messages (closes: #295254). * Modify rule for pure-ftpd logout messages to match even if username is missing(!) (closes: #295257). * Add rules in violations.ignore.d/logcheck-postfix for certificate verification failures. * Add rule for courierpop3login (closes: 296014). * Add rule in violations.ignore.d/logcheck-pureftp for upload/download messages (closes: #296110). todd: * Correct link syntax in copyright (closes: 296214). * Add comments to clarify postinst -- Todd Troxell Sunday, 20 Feb 2005 23:17:00 -0500 logcheck (1.2.34) unstable; urgency=low todd: * Correct "Gandhi" spelling in docs/README.how.to.interpret. Thanks Satya (closes: #289529) * Set logtail to report errors on stderr instead of stdout. (closes: #289801) * Adjust logcheck to redirect stdout and also stderr when reporting in order to maintain the current behavior of logcheck after the change above. * Change rule directories to setgid for real this time. (closes: #291395) * Update gconf, workstation/kernel rules maks: * Add pdns, fix scponly, fix gconfd SIGHUP rule. * Fix pam_winbind rule at level workstation. (Closes: #289866) * Ignore sudo "command continued" logline. (Closes: #290195) * Add rule for daily sysklogd -r restart at level server. (Closes: #290511) jamie: * Update rules for nagios. -- Todd Troxell Sunday, 23 Jan 2005 21:31:00 -0500 logcheck (1.2.33) unstable; urgency=low maks: * Enhance rules at level workstation for removable devices. (closes: #284505, #284825) * Fix dnsmasq rule regarding DHCPINFORM. (closes: #286532) * Add rbldnsd rules at level server from Rafael Jesus Alcantara Perez . (closes: #285602) * Add jabberd rules from Peter Palfrader . * Add rule for weekly nmbd logrotate. (closes: #286329) * Add rules from Lee Maguire for usb headset on level workstation. (closes: #286747) * Fix dovecot rules: dots in usernames + other breakage. (closes: #286306) * Fix gconfd rules for latest default english logging style. * Logtail need to depend on versioned perl not logcheck. (closes: #288580) * Add rules for dictd, francine, kernel from alfie. * Fix dhcp rules for vlan case. (closes: #289246) todd: * Set rule directories setgid to simplify administration. (closes: #286230) * Add future package plans to TODO * Remove dh_strip and dh_shlibdeps from debian/rules * Touch cron.d/logcheck in postinst. (closes: #284788) * Conditionally set permissions in postinst on version <1.2.33 (closes: #287184) * Update dh_installlogcheck, which has already been patched in debhelper. (closes: #287237) -- Todd Troxell Saturday, 08 Jan 2005 04:56:00 -0500 logcheck (1.2.32) unstable; urgency=low maks: * Add rules for jabberd, openvpn, rsnapshot, saslauthd, stunnel at level server from Peter Palfrader . * Default reportlevel is "server", correct logcheck.conf thanks koki. * Fix up space in newer xdm logging. * Add kernel rule for dvd combi drives at level workstation. * Add nss_ldap rule for apache, sshd syslog line at level server. * Ignore also ssh disconnect from win clients on level server. * Have per package NEWS.Debian files, move them below debian/. thanks alfie for hint dh_installchangelogs(1) for multiple NEWS.Debian. (closes: #281646) * Add and fix hostname match in dnsmasq ruleset. (closes: #283331) * Add rules for workstation related to removable media. (closes: #277644) * Remove kernel rules related to tainted modules. * Fix sudo ignore rule for tty usage. * Fix gconfd rules at level workstation for newest gnome. alfie: * logtail.8: Fixed formating to be consistant, changed OPTION to -r (the only OPTION not mentioned yet :)) jamie: * Add rules for nagios, gps. * Added new rules for messages from USB joystick use. (closes: #282378) * Fix spamd rule to match all hosts. (closes: #282842) -- Todd Troxell Tuesday, 07 Dec 2004 10:57:39 -0500 logcheck (1.2.31) unstable; urgency=low jamie * Fix rules for hylafax, thanks to Ross Boylan. (closes: #270018) max * Add rule for tripwire run at level paranoid. * Add rule for nscd at level server. alfie: * Fixed my non-fix in logcheck, sorry (closes: #279635) todd: * Fix segmented rules, thanks rloboda@bojko.krakow.pl -- Todd Troxell Tuesday, 09 Nov 2004 03:25:11 -0500 logcheck (1.2.30) unstable; urgency=low maks: * Move pptpd rules to level server. * Small typo fixes in docs. * New rules for bind, courier, cpqarrayd, dhcp, jabberd, nagios, ntp, openvpn, postfix, slapd, smartd, smokeping, squid, ssh, thy, uptimed. all for level server thanks to Peter Palfrader . * Logcheck/rules: Don't take locale for granted use character class instead. * Fix 2 samba rules at level server. (closes: #277635) * Added rules for perdition, postfix, pure-ftpd, snmpd. thanks to Brendon Baumgartner * Small enhancment courier rule. * Simplify logic in logcheck-postinst. jamie: * Add rules for dnsmasq. (closes: #277636) * Add rules for hylafax. * Add violations.ignore.d rules for hylafax. alfie: * Fix sed error to really remove trailing spaces. (closes: #278337) * Add myself to uploaders field because of stable releases. todd: * Remove chown from debian/rules. (closes: #277782) -- Todd Troxell Tuesday, 02 Nov 2004 00:21:41 -0500 logcheck (1.2.29) unstable; urgency=low maks: * Don't report sudo calls where pwd contains spaces (Closes: #272969) * Fix trailing space in perdition rule. (Closes: #273433) * Small documentation update how to test rules without fiddling with trailing space. * sed fine tuning to speed up + remove trailing tabs. thanks alfie * Don't use -m switch from sort, it basically disables sorting. Remove gratious call to uniq that should be done with SORTUNIQ. (Closes: #270677) * Add violations.ignore.d/su on old logfiles to be removed on sarge upgrade. * Add rules for kdm/wdm/xdm, kernel (usb, keyboard) on level workstation. * Only show "rules-directories-note" on upgrade. * Enhance ppp rules on level workstation. (Closes: #270019) Add pppoa3 rules to the ppp rules. * Small update concerning reject messages in postfix + new rule. * Added pptpd rules at level workstation. thanks to Erich Schubert * Added first pure-ftpd rules at level server. * Fix cyrus violations.ignore.d rules for higher pids. todd: * Add 1 dovecot rule * Fix another permission issue involving rulefiles. Added chown to debian/ rules. * Simpler formatting on version string. jamie: * Updated rules for innd, added rule for cleanfeed. * Small correction to gps rules. * Added SPF postfix policy server rule for 'SPF pass'. * Fix spelling mistake in dhcp rules. (Closes: #276063) * Change dhcp rules to reflect ISC's change of name. Thanks to Dirk Prosdorf for the patch. (Closes: #276317) -- Todd Troxell Saturday, 16 Oct 2004 19:14:03 -0500 logcheck (1.2.28) unstable; urgency=low maks: * Small fixes: join 2 lines in ignore.d.server/postfix, add '^' for start-of-line ignore.d.server/scponly (Closes: #270398) * Small rule update oidentd (Closes: #271286) * Check if logcheck has the permissions to read the offsetfiles. * Allow Hostname for logcheck mail to be set by commandline switch for log hosts. thanks to Joerg Jaspert * Minor comment fixes for picky readers. * Handle lack of permissions gracefully. (Closes: #271482) * Small update dhcp for dyndns support. (Closes: #260743) * Add a sendfile rule at level workstation for its connect syslogging. -- Todd Troxell Wednesday, 22 Sep 2004 16:35:03 -0500 logcheck (1.2.27) unstable; urgency=low todd: * Add pointer to README.logcheck-database.gz in logcheck man page. (Closes: #268277) * Remove qmail rules because they have been added to qmail package. * Rule updates for spamd (Closes: #269318) * Add note about avoiding file name confilcts in README.Maintainer * Add violations ignore for courier-pop3d-ssl (Closes: #269959) * Add anon-proxy rules (Closes: #269310) * Add perdition rules thanks to jamie@silverdream.org (Closes: #270191) -- Todd Troxell Monday, 06 Sep 2004 19:10:19 -0500 logcheck (1.2.26) unstable; urgency=low maks: * Fix multi-line build-depends lintian warning for source package. * Add su usage hint a root check. thanks todd and Alfie! * Small rules updated and added dhcp, nagios, postfix, squid, winbind. (Closes: #267587, #266432) -- Todd Troxell Tuesday, 31 Aug 2004 02:02:03 -0400 logcheck (1.2.25) unstable; urgency=low todd: * Small rule updates for dhclient, ntp, bind, kernel, bonobo, qmail, proftpd, ntpd, gconf, dovecot, su, samba, postfix (Closes: #259603, #264158) * Add line to logcheck.postinst to remove header.txt on purge * Add check to exit if running script as root. eevans: * Added violations.ignore.d/logcheck-spamd rule, (Closes: #262327) maks: * Re-format NEWS.Debian into Debian changelog format (Closes: #255932) * Remove /var/state/logcheck from debian/logcheck.dirs. * Small rule updates for pdns, pop3d-ssl, postfix, scponly. * Ack woody security fix. (Closes: #193161) * Small rule updates for dhcpd, kernel, nagios, postfix, rsnapshot thanks to Peter Palfrader . * Add gps policy server rules. (Closes: #265176) * Fix port match in oidentd rules. (Closes: #265588) -- Todd Troxell Friday, 13 Aug 2004 22:54:13 -0500 logcheck (1.2.24) unstable; urgency=low eevans: * Added violations ignore rule for squid (Closes: #257874) maks * Added dhcpd-client, kernel, ntp, postfix rules. (Closes: #259094) * Added lots of postfix rules at level workstation for those, who wants to include /var/log/mail.log. (Closes: #206495) * Generalize "nobody" to "[_[:alnum:]-]+" for su rule. * Update rules ignore.d.paranoid/cron, ignore.d.paranoid/postfix. New courier rules merged and simplified from imap, impd-ssl and pop3d-ssl. thanks to Bastian Blank . (Closes: #258759) * Fix pid regex in cyrus rules. (Closes: #259092) * Added cyrus rules for notifyd. (Closes: #259466) * Make sure logtail gets a logfile to read, if not exit soon. Documented -o switch in logtail(8). (Closes: #259371) * Added logcheck-devel mail to logtail(8) and copyright. * Added userv rules. (Closes: #260105) * Generalize user match in spamd rule. (Closes: #260103) * Added a ippl rule at level workstation. (Closes: #260102) * Updated logcheck help message to all existent switches. Corrected logcheck command line parsing, -T needs no args. Use 6 'X' for mktemp(1) template. Better lock handling. (Closes: #260330) * Do not create unused /var/state/logcheck and really get rid of it. (Closes: #260096) * Added cs Translation. thanks Jan Outrata. (Closes: #260382) * Remove duplicate postfix rules, fix for remote string add lmtp rule. (Closes: #260810) todd: * Added 2 kernel rules for sparc workstations. * Added nearly 50 squid rules. (Closes: #213711) * Fix anacron Normal exit rule. * Move adduser from preinst to postinst (Closes: #258735) * Update pump and dhclient rules. -- Todd Troxell Friday, 23 Jul 2004 21:39:19 -0500 logcheck (1.2.23) unstable; urgency=low maks: * Remove logcheck pre-dependency on logtail. * Added imapproxy, kernel, nfs, scponly rules. * Updated dhcpd, innd, postfix, su, sudo rules. (Closes: #253879, #244171, #190101, #254681, #253861, #186372, #255560). * Fix locale dependent regexes. * Implemented testing mode to logcheck - doesn't update offset. * Added -l LOG switch for test runs on new log files. thanks todd for ideas and first work (Closes: #234385). * Add -m switch to specify recipient. (Closes: #149567). alfie: * debian/logcheck-database.templates: Clearified the rules-directories-note template and got updates for all translations. Thanks for fast responses! todd: * Update innfeed rules (Closes: #254133). * Update dhcp3 rules (Closes: #256549). * Change postinst script to set permissions on versions previous to 1.2.23 (Closes: #253998). * Add postfix rule for lmtp. * Add Rule for cyrus imap/SQUAT annoyance. * Spamd update for unknown message id. * Add Kernel and bonobo rules for workstations. -- Todd Troxell Mon, 12 Jul 2004 22:55:19 -0500 logcheck (1.2.22a) unstable; urgency=low maks: * Fix broken cleancheck call. (Closes: #252966, #253075, #253260, #253486) -- Todd Troxell Thursday, 10 Jun 2004 04:18:23 -0500 logcheck (1.2.22) unstable; urgency=low maks: * Remove broken attempt to avoid UTF-8. (Closes: #214117) * Update automount, innd, kernel, openvpn, postfix rules. (Closes: #252216, #249474, #244172, #252174, #187496, #249181, #252712) * Better readability of greplogoutput() in logcheck. * Our Perl usage needs 5.8, add dependency. (Closes: #252078) * Rename conflicting logcheck-sendmail rule in logcheck-sendmail_tmp Sendmail ships aboves rule. (Closes: #252661, #252556) todd: * add MAILTO=root to logcheck.cron.d (Closes: #252597) -- Todd Troxell Saturday, 05 Jun 2004 14:02:47 -0500 logcheck (1.2.21) unstable; urgency=low maks: * Better description of logtail package. * Recommend use of an offsite email address in main conf. * Added and updated bind, cracklib, innd, kernel, logcheck, nntpcache, Login.app, proftp, postfix, pump, sendmail rulefiles. (Closes: #248816, #213709, #198767, #248409, #249074, #250374, #250373, #249181) * Added -v switch (outputs logcheck version). * Harden permissions regarding world. * Added and updated arpwatch, bind, gconf, gdm, kernel, openvpn, postfix, rpc.statd and spamd rules. thanks to Peter Palfrader . * New Config option for subject tags [logcheck]. * Lower all debconf messages priority. * Added and updated oidentd rules. (Closes: #186849) thanks to Tobias Wolter * Ignore normal use of su and sudo. (Closes: #182992, #192192) * Remove empty file innd. * Add switches to logtails default arguments. * Added cvs-build, cvs-clean debian/rules - stolen from apt. * Denote /etc/logcheck/logcheck.logfile as CFG in manpage and logcheck. * Move logtail.8 from debian to doc dir. * Added Japanese translation. thanks to Hideki Yamane (Closes: #251463) * Added French translation. thanks to Rémi Pannequin (Closes: #252173) * Fix bashishm in preinst and postinst. (Closes: #251364) todd: * Add debconf to logcheck Depends: * Check the return values of all commands that write to disk. (Closes: #174173) * Add NEWS.Debian to logcheck.docs (Followup to #247360) eevans: * Made addition of logcheck user and permissions/ownership changes a conditional of an upgrade from a version less than 1.2.19. (Closes: #249324) * Added a note to README.Debian on how to manually change the cronjob interval. (Closes: #222240, #226937) alfie: * src/logcheck: test also for readability for the header.txt and footer.txt. * debian/changelog: stripped all trailing whitespace from the file. * debian/*templates: Some small consistency and formating updates. Updated the debian/po/*.po files too. -- Todd Troxell Thursday, 03 Jun 2004 05:49:47 -0500 logcheck (1.2.20a) unstable; urgency=low maks: * Fix bug where many extra TMPDIRs were being created and never removed -- Todd Troxell Sunday, 16 May 2004 02:21:00 -0500 logcheck (1.2.20) unstable; urgency=low maks: * Updated gconfd rules. (Closes: #246695) * Added and Updated ntpd rules. (Closes: #246750) * Added first cyrus rules. (Closes: #247047) * Updated pop3d-ssl rules. * Updated postfix rules. (Closes: #196258, #190696) * Try secure TMPDIR in /tmp if /var/tmp fails. (Closes: #242284) * Initial german translation. * Set a sane DEFAULTLEVEL="server" in logcheck itself. * Better hantling of crontab. (Closes: #243019) * Enhanced manpage logcheck(8). (Closes: #215640) * Add syslog-ng option for sysklogd dependency. (Closes: #248244) alfie: * Full german translation. * Updated pt_BR translation from André Luís Lopes. * Run debconf-updatepo. * debian/logcheck.8 is generated, so get rid of it in clean target, too. todd: * Change logcheck home to /var/lib/logcheck. (Closes: #247614) * Change modes on /etc/logcheck. (Closes: #247929, #248046) * Allow adm group to read logcheck rules. (Closes: #209048) * Remove noroot template. (Closes: #247360) * Remove useless chown to /var/tmp/logcheck* thanks to maks. * Remove bash depends. Bash is marked essential. * Change Maintainer field to Debian logcheck Team, set ttroxell@debian.org as uploader. * Bumped standards to 3.6.1. * Removed Python from Build-Depends-Indep. Thanks, Alfie. * Changed chmod to /etc/logcheck in postinst to use X flag instead of x. Thanks, Martin Waitz -- Todd Troxell Wednesday, 12 May 2004 04:49:00 +0000 logcheck (1.2.19-2) unstable; urgency=low maks: * Add another chown -R flag. (Closes: #247279) todd: * Fix templates (Closes: #247466, #247467, #247424) * Lower debconf noroot message priority * Add NEWS.Debian to make some progress on 247360 -- Todd Troxell Wednesday, 05 May 2004 01:39:00 +0000 logcheck (1.2.19-1) unstable; urgency=low todd: * quick fix release to keep things working in unstable * add -R flag to chmod in configure (Closes: #247230) -- Todd Troxell Monday, 03 May 2004 16:02:11 +0000 logcheck (1.2.19) unstable; urgency=low maks: * Rename "Security Violations" in "Security Events". (Closes: #182079) * Use the newer gettext-based debconf template translation system. Patch with pt_BR translation from André Luís Lopes. (Closes: #187519) * Documented -u switch in manpage. * Updated pump rules. * Updated uptimed rules. (Closes: #216204) * Logcheck used empty ignores when greplogoutput was called with 2 arguments. Thanks to Paul Cassella for preliminary patch. (Closes: #243980) eevans: * Added a trap to invoke cleanup() when shell exits. Thanks to Marc Staveley for the patch. (Closes: #207795) * Changed interpreter from /bin/sh to /bin/bash todd: * Added -t flag to logtail and logtail.8 - used in test mode - see man page * Added bash depends in debian/control - required by trap patch above * Added adduser depends, add logcheck user on preinst and remove in postrm * Set to run as user logcheck (Closes: #97573) * Changed permissions in Makefile to allow for use as user logcheck * Set configure in postinst to fix file perms on on files to facilitate running as user logcheck * Removed chmod from logtail. (Closes: #189822) -- Todd Troxell Monday, 03 May 2004 09:59:29 +0000 logcheck (1.2.18) unstable; urgency=low * New maintainer (Closes: #244271) * Updated debian/copyright with new upstream information. (Closes: #206022) * Updated sudo, oidentd rules. * Updated dhclient rules. (Closes: #202718) * Updated ignore.d.server/ssh to match newest ssh logs. (Closes: #242217) * Updated cron, ssh, sudo, su rulefiles to recent PAM session logs. (Closes: #241058, #242276, #243861) * Sync better package description with manpage intro. * Use standard ISO 8601 separator like "-" for date. (Closes: #226840) * Removed reference to old filename restriction. (Closes: #193485) * Better wording for -l switch. (Closes: #234383) * Added Files section in manpage. -- Todd Troxell Friday, 23 Apr 2004 20:04:21 +0000 logcheck (1.2.17) unstable; urgency=low * Allow rules in ignore.d.violations to run regardless of filename prefix. (Closes: #241236) Patch from maximilian attems * Allow mail subjects to optionally qualify the reporting machines hostname. (FQDN=[01]) (Closes: #241216) * Strip leading and trailing whitespace from log entries before processing them. (Closes: #238513) * Added NTP rules. (Closes: #222944) * Updated su rules. (Closes: #226838) -- Steve Kemp Thu, 01 Apr 2004 11:04:21 +0000 logcheck (1.2.16) unstable; urgency=low * Penultimate upload before the new perl revision homed at: http://alioth.debian.org/projects/logcheck Volunteers and co-maintainers welcome, many thanks for the recent bug triaging by many people. * Suggest syslog-summery in the control file. (Closes: #210753) Thanks to Julien Noel. * Warn if syslog-summery isn't installed. (Closes: #192167) and (Closes: #185788) Thanks to Julien Noel. * Updated the matching pattern for su. (Closes: #230587) Thanks to Bengt Thure. * Use 'logcheck' in the license files instead of 'foobar'. (Closes: #212147) Thanks to Marc Haber. * Updated dependencies to include exim4 instead of exim. (Closes: #228584) Thanks to Marc Haber. * Make all rule files readable to the world. (Closes: #224026) Thanks to Marc Haber. -- Steve Kemp Wednesday, 03 Mar 2004 17:31:27 +0000 logcheck (1.2.15) unstable; urgency=low * Clarified copyright, thanks to Javier (Closes: #196433) * Incorpated improved patern for 'su'. * Updated the header/footer usage, thanks to Santiago Vila (Closes: #191891) * Fixed typo in template, thanks to Christian (Closes: #191340) * Fixed more typos in templates, thanks to Jens (Closes: #201628) * Create working directory on install, thanks to Peter Rose (Closes: #198922) -- Steve Kemp Thursday, 07 Aug 2003 11:08:45 +0000 logcheck (1.2.14) unstable; urgency=low * Improved lockfile handling, thanks to Nicholas Francois (Closes: #189867) * Call logfile via it's complete path, thanks to Mark Ballinger (Closes: #190395) * Updated the rules for dhclient, thanks to Mark Brown (Closes: #190872) * Don't complain about failing removal of checkfile, thanks to Christian Hammers (Closes: #186365) * Allow the use of configuration header and footer text, thanks to Jon Marler (Closes: #177227) * Added minimal new file for removing USB debugging messages from the mails. * Added minimal configuration file for ignoring sudo messages. -- Steve Kemp Mon, 07 Apr 2003 10:17:20 +0000 logcheck (1.2.13) unstable; urgency=low * New maintainer. -- Steve Kemp Mon, 07 Apr 2003 10:17:20 +0000 logcheck (1.2.12) unstable; urgency=low * Add the /etc/logcheck/cracking.ignore.d directory to logcheck-database. * Changes to PATH handling. - Set PATH in the crontab - No longer set PATH in logcheck. * Some cleanups to the depends. * Add a description comment to the crontab. * Cleanups to the introduction message disabling code - Change logcheck.conf to be INTRO=1 instead of INTRO="yes" - Check for old style INTRO settings in logcheck.conf and correct. * Updates to the regression tests to set the PATH, so it finds the correct version of logtail. * Changes to the Introduction message. * Flag a @reboot run of logcheck in the subject line. * Use debian/compat instead setting DH_COMPAT=4 in debian/rules. * Some improvements to the following rulefiles: - /etc/logcheck/ignore.d.paranoid/cron - /etc/logcheck/ignore.d.server/innd -- Jon Middleton Wed, 19 Mar 2003 21:34:29 +0000 logcheck (1.2.11) unstable; urgency=low * Add an configuration option to run syslog-summary over each sections log messages. (closes: #87439) -- Jon Middleton Sat, 1 Mar 2003 22:52:55 +0000 logcheck (1.2.10) unstable; urgency=low * Added ignore rules for courier-pop-ssl. (/etc/logcheck/ignore.d.server/pop3d-ssl) * Added ignore rules for courier-imap-ssl. (/etc/logcheck/ignore.d.server/imapd-ssl) * Reduced the imap ignores to cover only courier-imap. (/etc/logcheck/ignore.d.server/imap) * Yet more rulefile improvements: - /etc/logcheck/violations.ignore.d/logcheck-postfix - /etc/logcheck/ignore.d.paranoid/postfix - /etc/logcheck/ignore.d.server/ssh - /etc/logcheck/ignore.d.server/postfix - /etc/logcheck/ignore.d.server/innd - /etc/logcheck/ignore.d.server/ucd-snmp (closes: #182441) - /etc/logcheck/ignore.d.server/automount (closes: #182271) -- Jon Middleton Sat, 1 Mar 2003 19:03:46 +0000 logcheck (1.2.9) unstable; urgency=low * Use the replacement subject options from logcheck.conf to set the section headers. * Yet more fixes to violations.ignore.d/logcheck-innd. * Some improvements to the following rulefiles: - /etc/logcheck/ignore.d.paranoid/cron - /etc/logcheck/ignore.d.paranoid/postfix - /etc/logcheck/ignore.d.server/imap -- Jon Middleton Sun, 23 Feb 2003 10:37:56 +0000 logcheck (1.2.8) unstable; urgency=low * Added ERROR to violations.d/logcheck. (closes: #182011) * Correct typo in violations.ignore.d/logcheck-innd. (closes: #181847, #182025) * Ignore pam session open and close messages for a user in violations.ignore.d/su. (closes: #180844) * Some fixes and improvements to the following rulefiles: - /etc/logcheck/cracking.d/logcheck - /etc/logcheck/violations.ignore.d/logcheck-innd - /etc/logcheck/ignore.d.paranoid/cron - /etc/logcheck/ignore.d.paranoid/ssh - /etc/logcheck/ignore.d.server/cron - /etc/logcheck/ignore.d.server/imap - /etc/logcheck/ignore.d.server/innd (closes: #181137) - /etc/logcheck/ignore.d.server/logcheck - /etc/logcheck/ignore.d.server/postfix - /etc/logcheck/ignore.d.workstation/ppp - /etc/logcheck/ignore.d.workstation/logcheck -- Jon Middleton Sat, 22 Feb 2003 18:47:49 +0000 logcheck (1.2.7) unstable; urgency=low * Update README.Maintainer to be a bit clearer. (closes: #178664) * Add missing \]'s to ignore.d.server/postfix. (closes: #180533) * Do not show upgrade messages on initial install (closes: #180667) * Rename violations.ignore.d/innd to violations.ignore.d/logcheck-innd. * Document setting $RULEDIR in the config file (closes: #181420) * Replaced [[:digit:]]+ with [0-9]+ as it's makes lots of lines shorter. * Fixes and improvements to the following rulefiles: - /etc/logcheck/violations.ignore.d/logcheck-postfix. - /etc/logcheck/violations.ignore.d/logcheck-innd. - /etc/logcheck/ignore.d.server/dhcpd. (closes: #181137) - /etc/logcheck/ignore.d.server/innd. (closes: #180792) - /etc/logcheck/ignore.d.server/imap. (closes: #181263) - /etc/logcheck/ignore.d.server/dhclient. - /etc/logcheck/ignore.d.server/squid. - /etc/logcheck/ignore.d.paranoid/postfix. - /etc/locgecck/ignore.d.paranoid/imap. - /etc/locgecck/ignore.d.paranoid/ppp. -- Jon Middleton Wed, 19 Feb 2003 22:18:38 +0000 logcheck (1.2.6) unstable; urgency=low * The "Mutli-Megabyte mails are good for you" release. This release improves the matching of *most* rulefiles, but there are an number of services that I do not run. Patches to any incorrectly anchored lines (with example syslog messages) would be welcomed. * Cleanup the rulefiles - Remove duplicate rules from workstation, server and paranoid. - Remove .* where possible (closes: #165950). - Anchor all lines with ^ and $ (closes: #166029). - Remove obsolete and badly written rules. * Indent Build-Depends-Indep in the control file. * Only display the debconf standard-rename-note note if upgrading for a version less than 1.2.1 * Prompt with debconf about the removal of old conffiles. -- Jon Middleton Sun, 9 Feb 2003 16:41:41 +0000 logcheck (1.2.5) unstable; urgency=low * Renamed old README to CHANGES, now logs changes. * Documentation updates from Justin B Rye. (closes: #177320) - Updates to CHANGES - New READMEs for logcheck, logcheck-database, logtail - Updates to logtail manpage. * Rulefile ignore.d.paranoid/bind is now left-anchored. (Thanks to Justin B. Rye). * Updated to debhelper v4. - Updated Build-Depends-Indep - Use ${misc:Depends} to generate debconf depends. * Add a versioned build-dep for debianutils, as the regression tests require run-parts with the --list option. (closes: #177987) * Improvements to violations.ignore.d/su from Elmar Hoffmann. (closes: #178421) * Improvements to ignore.d.server/dhclient from Jonas Smedegaard. (closes: #178540) * Remove ignore.d.workstation/dhclient and ignore.d.workstation/dhcp as there the same as files that are in ignore.d.server. -- Jon Middleton Mon, 27 Jan 2003 11:40:06 +0000 logcheck (1.2.4) unstable; urgency=low * No longer use echo -e, as it's not available under dash. (closes: #176700) * Add violations.ignore.d/su to ignore some common cases. * Improved regex's for su and sudo violations rulefiles. * Improved regex for innd violations.ignore rulefile. -- Jon Middleton Tue, 14 Jan 2003 23:04:37 +0000 logcheck (1.2.3) unstable; urgency=low * Update to Standards-Version 3.5.8 * Doc's now mention egrep not grep (closes: #52096) * Move su and sudo into there own violations files. (closes: #176532) * Enable (and note) changes to ignore.d directory behaviour. -- Jon Middleton Sun, 12 Jan 2003 23:48:13 +0000 logcheck (1.2.2) unstable; urgency=low * Reduce memory use in logtail by calling the file handle from a while loop. (closes: #175546). * Include manpage for logcheck. (closes: #169197) * Make sure that all rulefiles have new line before EOF. (closes: #166015, #175985) * Sort logcheck rulefiles. * Remove duplicates from cracking and violations logcheck rulefiles. -- Jon Middleton Sat, 11 Jan 2003 21:12:34 +0000 logcheck (1.2.1) unstable; urgency=low * Use lockfile-progs instead of dotlockfile as it works. * Some more Getopts tweaks from Justin B Rye. * Rename the standard files to logcheck, as it's a better name. * Send error mail only when only in STDOUT mode. * Rename standard.postfix to logcheck-postfix, so that run-parts will list it. (closes: #175300). * Correct typo in README.Debian.(closes: #175402) * Support local-* file in violations.ignore.d for local ignores. (closes: #175302) -- Jon Middleton Sun, 5 Jan 2003 19:52:32 +0000 logcheck (1.2.0) unstable; urgency=low * Removed the uploaders field from the control file. * Fix cracking ignore support (Thanks to David James McClurkin) * Make use of run-parts --list for the cleaning of rulefiles and depend on debianutils >= 1.16.9, this also removes error messages about ignored file types. (closes: #166901, #166044) * Corrections to debian/logcheck.templates. (closes: #173749) * Removed ignore.d.workstation/exim and ignore.d.paranoid/exim as these messages are covered by the cron ignore file. (closes: #166097) * Set the REPORTLEVEL to paranoid if not set in the conf file. * Added commandline options. * Improved the introduction message (closes: #174329) * Removed ignore files for non-free packages (portsentry and qmail) * Improved Bind ignores from Jonas Smedegaard (closes: #171362, #171362) * No longer use hardcoded paths (closes: #174972, #175044) * Documentation updates (Thanks to Justin B Rye) - Spelling and grammar fixes to debug and comments - Improvements, spelling and grammar fixes to debconf templates - Improvements, spelling and grammar fixes to README.Debain - Usage text for logcheck -h - Improvements to /etc/logcheck/logcheck.conf * Added code (not yet enabled) to allow the ignore directories to also include the files from lower levels i.e. workstation = workstation + server + paranoid server = server + paranoid paranoid = paranoid -- Jon Middleton Thu, 2 Jan 2003 20:02:35 +0000 logcheck (1.1.9.8) unstable; urgency=low * Packages can now to apply ignore rules to the standard violations file. (closes: #155594, #155596) * Added more bind ignores for to ignore.d.server. (closes: #164859) * Added ignores for gconf to ignore.d.workstation. * Added ignores for squid to ignore.d.server. * Added a lockfile so that only one instance can run (closes: #144118) * Added violations.ignore.d/standard.postfix with common messages. * Added failure to violations.d/standard. * Support old and new style of pam syslog messages. * Fix errors reported by linda. - Use set -e in all Maintainer scripts instead of /bin/sh -e. - Remove unused dh_testversion. - Install undocumented man page for logcheck. -- Jon Middleton Sun, 20 Oct 2002 17:26:55 +0100 logcheck (1.1.9.7) unstable; urgency=low * Do not mask some real errors from dhcp (closes: #164794) * Ignore crontab edit and replace for server and workstation (closes: #97407) -- Jon Middleton Tue, 15 Oct 2002 09:17:56 +0100 logcheck (1.1.9.6) unstable; urgency=low * Added ignore rules for dhclient and chronyd (closes: #161247, #92101) * Added innd stats message to violations.ignore.d/standard (closes: #91734) * Added ucd-snmp Connections to ignore.d.server/standard (closes: #100721, #95682) * Added promisc to violations.d/standard (closes: #113572, #114616) * Added ignore rules for pppd (closes: #137228) * Added rules for dhcp3-server to ignore.d.server/dhcp (closes: #141973) * Added lame server ignore rule for bind9 (closes: #146150) * Added local oidentd lookup to ignore.d.server/standard (closes: #92272) * Added some imapd ignore rules to ignore.d.server/imap (closes: #136699) * Added ignore for bind NOTIFYs to ignore.d.server/bind (closes: #128901) * Updated workstation and server ignore entries for new pam (closes: #164168) * More robust handling of non-existent logfiles (closes: #164003) * Added ignore rules to server and workstation for nntpcache (closes: 164534) -- Jon Middleton Thu, 10 Oct 2002 19:58:30 +0100 logcheck (1.1.9.5) unstable; urgency=low * The default reportlevel was not changed in the last release. * Fix logtails postinst for upgrade from versions between 1.1.9.2 and 1.1.9.4. * Change logcheck.logfiles to only be a union of *.* this should finally fix the long standing problem of lines being logged multiple times in one email message. -- Jon Middleton Wed, 11 Sep 2002 20:27:47 +0100 logcheck (1.1.9.4) unstable; urgency=high * Urgency set to high, as this version needs to get into testing. * Make the test for the logtail manpage divert silent. * Change default reportlevel to paranoid * Change Conffile handling (closes: #156945, 156942) - Do not update logcheck.logfiles with syslogd-listfiles. - Temporarily do not ask some debconf questions. - Do updated logcheck.conf with debconf values. * Start to overhaul the documentation (closes: #156758) - Removed out of date upstream 1.1.1 docs from the package. - Link logcheck manpage to undocumented until it has been updated. - Moved maintainers information into README.Maintainer - Replaced the old upstream README with updated version. - Changed README.Debian to only cover setup. -- Jon Middleton Mon, 19 Aug 2002 21:36:04 +0100 logcheck (1.1.9.3) unstable; urgency=low * Fix logtails postinst for upgrade from versions prior to 1.1.1-13.1 (closes: #156772, 156727) -- Jon Middleton Thu, 15 Aug 2002 18:37:22 +0100 logcheck (1.1.9.2) unstable; urgency=low * Added Rene Mayrhofer and myself to the Uploaders field. * Logheck postinsts: - Do not exit if confiles not writable (closes: #121123) - Do not exit if logcheck.logfiles has no comments (closes: 155398) * Fix typo's in the debconf messages (closes: #155486) * Change logtail to only depend on perl-base (closes: 156416) * Improve error checking of cleanrules function (closes: 156387) * Try to make warning about rulefile symlink's more meaningful. * Ack Chris Boyle's NMU (closes: 133108) -- Jon Middleton Mon, 12 Aug 2002 21:47:17 +0100 logcheck (1.1.9.1) unstable; urgency=low * Change the maintainer to be myself. * Increase the version number as this version has undergone a complete rewrite (and make it a Debian native package). (closes: #121923) * Set LC_CTYPE="" for utf-8 locels. (closes: #136508) * Add cracking ignore suppport. (closes: #114573, #123898, #131934, #131934) * Security violation mails now have a different subject. (closes: #119465) * Comments are now allowed in rulefiles. (closes: #148964) * Really fix the the directory problem. (closes: #151239, #136015) * We now use functions for common code. (closes: #127864) * All greps are now case sensitive. (closes: #112128, #94351) * Try to reduce the number duplicate lines. (closes: #129700, #122133, #126326) * Lines logged in one section will not appear in any others. * If there is no reportlevel set, exit with an error. * Added options in logcheck.conf for - debug information with timestamps. - use sort -u instead of -k 1,3 -s (closes: #122133) - overriding the default date - set subject lines for emails. - set the reportlevel (instead of with an symlink). - disable newbie message (closes: #142655) * Reduced the length of the e-mail subject lines. * Standard rulefiles are now stored in the .d directory's. * Move standard rulefiles to there new location on upgrade. * Rewrote main Makefile and use that in debian/rules. * Depend on the Source version of logtail and logcheck-database. * Versioned depends on debian-utils. (closes: #153668) * Manpages now in right packages. * Do not create symlinks for files in ignore.d's (closes: #135053, #151453) * Issue warning if symlink found in /etc/logcheck/*.d * Added Debconf question about not managing logcheck.conf (closes: #136772) * We do use a stable sort (closes: #111597) * Added logrotate support from Oohara Yuuma (closes: #153669) * Close the bugs from my NMU's (closes: #139666, #134294, #144390, #137043, #136890, #55970, #136890, #134286, #143851, #132254, #149740, #149767, #146896, #120894, 136015, #122158, #149134, #131923, #131076, #149990) -- Jon Middleton Sat, 20 Jul 2002 15:56:24 +0100 logcheck (1.1.9.0) experimental; urgency=low * Experimental version * Not released. * Now a Debian Native package as the diffeneces to 1.1.1 are so vast. -- Jon Middleton Sat, 29 Jun 2002 21:42:12 +0100 logcheck (1.1.1-13.5) unstable; urgency=low * NMU with maintainer's permission. * Use full path to mktemp. * Run mktemp after we get the e-mail address. -- Jon Middleton Mon, 1 Jul 2002 20:38:49 +0100 logcheck (1.1.1-13.4) unstable; urgency=low * NMU with maintainer's permission. * Optimize performance (closes: #131923) * Identification lines can now be disabled. (closes: #131076) * Fix typo in TMPDIR variable (closes: #149990) * Removed PATH and hard coded command locations. * Only run /usr/sbin/syslogd-listfiles in the postinst if it is executable. -- Jon Middleton Sat, 15 Jun 2002 19:24:32 +0100 logcheck (1.1.1-13.3) unstable; urgency=low * NMU with maintainer's permission. * Removed bashism (closes: #149740) * Exit if there's nothing to do (closes: #149767) * Ignore dpkg backups and editor saves. (closes: #146896) * Added --directories=skip to egrep. (closes: #120894, 136015) * Use --text option to grep (closes: #122158, 149134) -- Jon Middleton Wed, 12 Jun 2002 18:14:29 +0100 logcheck (1.1.1-13.2) unstable; urgency=low * NMU with maintainer's permission. (fix install errors and close some long standing bugs) * Create temporary directory with mktemp -d and cleanup after every run. (closes: #139666, #134294) * Remove /var/tmp/logcheck from package. * Move cleaned rulefiles to the temporary directory. (Fixes half of #148964) * Do not remove /var/lib/logcheck in postinst. (closes: #144390, #137043, #136890) * Install manpages for logcheck not logcheck.sh (closes: #55970) * Move logtail manpage into the logtail package (closes: #136890) * Remove Non-English character from package description. (closes: #134286) * Fix ssh excludes for newer versions (closes: #143851, #132254) -- Jon Middleton Sun, 9 Jun 2002 17:16:31 +0100 logcheck (1.1.1-13.1) unstable; urgency=medium * NMU. (trying to get back into woody) * Moved state files to /var/lib/logcheck (and /var/lib/logcheck/cleaned), to be FHS-compliant, but left actual temporary stuff (TMPDIR) in /var/tmp/logcheck). Closes: #133108 * Added chmod to ensure logtail is 755, as nothing else was making it so. I guess Rene just kept his dir lying around with logtail as 755. -- Chris Boyle Thu, 21 Feb 2002 19:00:22 +0000 logcheck (1.1.1-13) unstable; urgency=HIGH This upload fixes a security bug, therfore uploading with urgency HIGH. * Fixed usage of uniq for filtering out duplicate lines. This has been introduced by a patch I got. In the future, I will have to proof-read patches very closely..... Closes: #127400 (Might also fix #129700, but please tell me if it really does.) * Also get rid of /var/state/logcheck, /var/cache/logcheck and /var/lib/logcheck (that one might get re-introduced in the future, but is not needed at the moment). Move everything under /var/tmp/logcheck to be FHS-compliant. Closes: #128541 -- Rene Mayrhofer Mon, 21 Jan 2002 10:55:09 +0100 logcheck (1.1.1-12) unstable; urgency=medium * Hopefully fixed the upgrade from logcheck <= 1.1.1-9 now by adding a versioned Replaces line for logcheck-database and logtail. Closes: #120761, #120762, #120852 * Now the auto-generation of /etc/logcheck/logcheck.logfiles works as expected. Reactivaed it in the config and postinst scripts. This works by using syslogd-listfiles from sysklogd. -- Rene Mayrhofer Sun, 25 Nov 2001 14:07:11 +0100 logcheck (1.1.1-11) unstable; urgency=high FTP maintainers: please decide on your own if this should go into stable. It might be a good idea because it fixes some possible security bugs and also has some features that I keep getting bug reports about (the current version in stable is ancient). This release fixes a serious bug (FHS problem) and also fixes A LOT of old bug reports. I am sorry for being inactive on this package for such a long time, but now I am going back to active development. If you want any feature, then simply file a bug report. I am now going through bug reports and mails asking for the addition of ignore rules to logcheck and I will reassign those bugs to the appropriate packages. Now that logcheck has a stable mechanism for package specific rules files, please use it. Those rules will be definitely more up-to-date when they come with the package that generates the log messages to be filtered. If you have any rules that you would like to be added to the default installation and they clearly belong to a single package, then please ask the maintainer of this package. I would really like to see this package going from optional to standard priority, but I need quite some help from others to achieve this. The goal should be that - on workstation logging level - the user only gets an email when seomthing goes terribly wrong. This way, logcheck can be installed on all new Debian installations without causing inconvenience for users, but offering them a notification tool if something is really broken (or better: before something gets broken). And with the current size of the logcheck package, space should be no problem.... * Moved offset data from /var/state/logcheck to /var/lib/logcheck to comply with FHS. Closes: #108227 * Incorporated a shell snippet from Markus Gutschke for reading configured logfiles from /etc/syslog.conf. This way, logcheck can automatically fill /etc/logcheck/logcheck.logfiles with correct values. Update: Disabled the code for now because the sed expression does not take log file names starting with a "-" in account. If anybody wants to correct this sed expression in the logcheck postinst, please let me know. I just want to get this release out, finally..... * Changed maintainer to rmayr@debian.org. * Updated policy version to 3.5.6.0 (this really was a warp jump....). * Remove empty lines from rules files before using them. This fixes a security problem, because empty lines act as wildcards. Therefore one single rule file with an empty line would prevent all log entries from being displayed. (Idea and one line of shell snippet borrowed from Steve Smith.) Closes: #50966 * Split logtail in its own package. * Split the logcheck rules database in an own package logcheck-database. Closes: #117537 * Change naming of offset files in /var/lib/logcheck so that watching /var/log/nmessages and /var/log/local/someapp/messages will work. Closes: #94234, #108720 * Fixed a small typo in logcheck.sh. Closes: #99619 * Removed /etc/logcheck/ignore.d.paranoid/sendmail, since it is now included in the sendmail package. Closes: #113305, #118423, #111549, #110010, #111915 * The removal problems should now be fixed (now not printing anything in postrm anymore - this seemed to be a problem with the debhelper-generated debconf cleanup stuff). Closes: #90836, #110412 * Fixed handling of ignore greppings. Closes: #95592, #87225 * Fixed another small bug with grepping ignore files. Closes: #118494 * Do not install the INSTALL file anymore. * Corrected spelling errors. Closes: #90862, #99106 * Renamed /etc/logcheck/*hacking* to /etc/logcheck/*cracking* Closes: #96319 * Corrected the sorting of lines in logcheck.sh so that lines with the same timestamp get their order preserved. Cloeses: #111597 * Changed string "Security Violations" to "Possible Security Violations" in sent mails. Closes: #113185 * Do not use logtail.c from the original logcheck package anymore, but a perl version by Paul Slootman. This makes the package architecture independent. Closes: #89614 * Run logcheck on reboot (using a line with @reboot in /etc/cron.d/logcheck). Closes: #97172 * Make symbolic links in /etc/logcheck relative. Closes: #108370 * Allow comments in /etc/logcheck/logfiles Closes: #111198 * Renamed logcheck.sh to logcheck. Closes: #113842 * Finally fixed the problem with logrotation. Closes: #70926, #79836, #118800 This is from 1.1.1-10 (never uploaded, only internal testing), but repeated here because of the closed bug report. * There should be no more problems with duplicate entries in logcheck.ignore.workstation, because now this file is quite minimal and not generated from diffs to logcheck.ignore.paranoid anymore. Closes: #86726 * Users, please use the newest logcheck version, 1.1.1-4 is ancient. Those bugs have been closed quite some time ago: Closes: #103397 -- Rene Mayrhofer Fri, 9 Nov 2001 15:59:14 +0100 logcheck (1.1.1-10) unstable; urgency=medium * There should be no more problems with duplicate entries in logcheck.ignore.workstation, because now this file is quite minimal and not generated from diffs to logcheck.ignore.paranoid anymore. Closes: #86726 -- Rene Mayrhofer Sat, 25 Aug 2001 13:17:45 +0200 logcheck (1.1.1-9) unstable; urgency=low * Split the logcheck.ignore.* files into smaller pieces, one for each package that generates the log messages. Now there are directories /etc/logcheck/ignore.d.(workstation|server|paranoid) and /etc/logcheck/ignore.d will be a link to one of those equivalent to the handling of /etc/logcheck/logcheck.ignore. This is only the default configuration, you can of course remove the link and create your own directory. * Fixed a stupid bug in logcheck.sh that caused logcheck to mail some messages to the admin even if the last file in ignore.d or violations.ignore.d should have filtered it out. Closes: #87225 * Now use debhelper version 3. * This bug (using '\(' and '\)' instead of '(' and ')' for automount rules) has been fixed as of version 1.1.1-7. Closes: #86678 * There should be no more problems with duplicate entries in logcheck.ignore.workstation, because now this file is quite minimal and not generated from diffs to logcheck.ignore.paranoid anymore. Closes: #86726 -- Rene Mayrhofer Wed, 21 Feb 2001 11:03:57 +0100 logcheck (1.1.1-8) unstable; urgency=medium * Added the directories /etc/logcheck/*.d so that other packages can drop their rules files into them. Therefore logcheck will only include basic rules in the future and will expect other packages to include their own. Please read README.Debian for details about this new feature. Closes: #80581 * Fixed typo in mail message Closes: #80870, #85768 * This bug has been fixed by 1.1.1-7. Closes: #81078 * Fixed bug in 'conffiles' in the Debian directory. The path names were relative, but should be absolute. Closes: #81498 * Added more rules for logcheck.ignore.server for leafnode and uptimed. This is a temporary solution, the next version of logcheck will have the rules files split on a per-package basis, so that these rules files can be integrated easily in the corresponding Debian packages. But I don't want to make all those changes at once, so this is a release featuring the logcheck.sh enhancements, the next one will change the config files. Closes: #80580 * Added more rules for logcheck.ignore.workstation for pppd. Closes: #79974 -- Rene Mayrhofer Thu, 28 Dec 2000 12:06:53 +0100 logcheck (1.1.1-7.3) unstable; urgency=medium * Yet another upload due to problems with orig.tar.gz. I am really sorry about this (hmh@debian.org, sponsor). -- Rene Mayrhofer Tue, 19 Dec 2000 18:52:00 -0200 logcheck (1.1.1-7.1) unstable; urgency=low * Reupload due to broken orig.tar.gz file. -- Rene Mayrhofer Mon, 18 Dec 2000 17:58:14 -0200 logcheck (1.1.1-7) unstable; urgency=low This release can be considered a major release. Since I did not hear anything from the upstream maintainer in the last 6 months, I am fixing all those little bug reports (that the upstream author promised to fix with his version 2.0) now in the Debian package. Not very nice, when the new upstream version actually is released, but it has been too long now...... * Added more rules and fixed some rules in logcheck.ignore (every time the same dumb "(" to "\(" translations....) * Changed 'BAD' to '\bBAD\b' in logcheck.violations Closes: #78969 * Fixed the Makefile, because the creation of the ignore files did not work with current woody (the default behaviour of patch for creating backup files seems to have changed). * Fixed a bug in postinst - it was possible that it could overwrite a manually created .ignore file (a missing return statement - the check for this case was already in the script). Closes: #77615, #77002 * Changed the postfix so that either the config directory /etc/logcheck is deleted when purging or a message is given that it is not empty. Closes: #69554 * Changed the Depends line to have sysklogd | system-log-daemon since syslogd-ng now conflicts with sysklogd. Closes: #76657 * The list of logfiles the logcheck checks ( :-) ) is now configurable in a file /etc/logcheck/logcheck.logfiles - so logcheck.sh should not need to be modified anymore. Thanks to Jeremy Hankins for that idea. Closes: #66686, #67728, #47339, #59899, #51302 * The input of grepping the logfiles is now run through sort first, thus eliminating duplicate log entries caused by checking multiple log files with the same log messages in them. Additionally this should reduce the resource usage of the grep runs as suggested by KORN Andras. Closes: #59559, #74410, #51333 * The config file /etc/logcheck/logcheck.conf is now sourced later in the logcheck.sh script, thus all of the configuration variables can be overridden in the config file. I placed it a bit later than suggested by Chris Fearnley (thanks for the hint), because this way it is also possible to change the DATE variable, setting another date format string with it (as suggested by jbr@datacash.com). Now there is a new default for the DATE variable in logcheck.conf. Closes: #71880, #63894, #74330 * The offset files for logtail are now stored in logcheck's private directory instead of /var/log (thanks to Marco d'Itri). Closes: #59899 * The bugreport regarding segfaults with mailx has been fixed by mailx as far as I know (at least it does not seem to be an issue now). Mabye in the next version I will try to do without mailx, but at the moment I do not have the time to experiment with various mailers and there sendmail interface emulation (therefore bug 68793 is still open). * I am closing bug report #50994 now, because it turned out (at least for me) that escaping the brackets automatically would not be beneficial. Since I started using egrep's features with grouping, etc. the ignore files got significantly shorter. Closes: #50994 * Now logcheck identifies itself with each mail so that new users don't get confused by getting that much mails. Closes: #57751 -- Rene Mayrhofer Fri, 24 Nov 2000 19:14:11 +0200 logcheck (1.1.1-6) unstable; urgency=low * Made default configuration files configurable with logcheck: security levels are "workstation", "server" and "paranoid" * Ask for email address in debconf. * Only display debconf note when upgrading from a version < "1.1.1-3" . Thanks to Martin Bialasinski for the hint. (closes: bug #63490) * Depend on mail-transport-agent, cron and syslogd * Changed '(' and ')' in logcheck.ignore to '\(' and '\)' (closes: bug #59160) * Added more rules in logcheck.ignore for "server" and "workstation" (closes: bug #61449, bug #56358, bug #50734) * Made logcheck.ignore aware of the changed log message of openssh vs. ssh (closes: bug #65679) * Made it depend on mailx (since logcheck.sh uses /usr/bin/mail) (closes: bug #66088) -- Rene Mayrhofer Sun, 7 May 2000 20:36:33 +0200 logcheck (1.1.1-5) frozen unstable; urgency=low * Added more rules in logcheck.ignore (closes: #56358) -- Rene Mayrhofer Tue, 11 Jan 2000 20:25:19 +0100 logcheck (1.1.1-4) unstable; urgency=low * Changed '[' and ']' in config files to '\[' and '\]' (closes: bug #52097, bug #51291). * Run logcheck from the cron.d file only if it is installed (closes: bug #51748, bug #51342). * Added a note in the postinstall that the config file /etc/cron.d/logcheck should be overwritten by dpkg (Thanks to Andrew Stribblehill for the hint). -- Rene Mayrhofer Tue, 7 Dec 1999 11:09:28 +0100 logcheck (1.1.1-3) unstable; urgency=low * Moved binaries to /usr/sbin and changed permissions to 755 (closes: bug #50696) * Added some rules to logcheck.ignore so that false alarms are prevented. -- Rene Mayrhofer Sat, 20 Nov 1999 18:21:28 +0100 logcheck (1.1.1-2) unstable; urgency=low * Made manpages for the executables point to undocumented * Moved /var/tmp/logcheck to /var/state/logcheck -- Rene Mayrhofer Wed, 17 Nov 1999 20:43:05 +0100 logcheck (1.1.1-1) unstable; urgency=low * New upstream release * Now it is distributed under the GPL, moving it back to main. -- Rene Mayrhofer Mon, 1 Nov 1999 01:51:22 +0100 logcheck (1.1-2) unstable; urgency=low * Made it /usr/share/doc compliant * Moved to non-free/admin -- Rene Mayrhofer Wed, 29 Sep 1999 14:06:27 +0200 logcheck (1.1-1) unstable; urgency=low * Initial Release. -- Rene Mayrhofer Mon, 10 May 1999 23:13:20 +0200