logcheck (1.2.54) unstable; urgency=low * ignore.d.server/dovecot: also ignore local logins, which are "secured", not "TLS". Thanks to Marco Nenciarini for the patch (closes: #407642). * ignore.d.workstation/kernel: ignore all kinds of input devices, not just Logitech mice; thanks to Dave Vehrs for the patch (closes: #407087). * ignore.d.server/kernel: patch by Elmar Hoffmann to filter messages by 3ware driver (closes: #408764). * ignore.d.server/postfix: make anvil filter rules ipv6 compliant. * violations.ignore.d/logcheck-postfix: ignore deferred messages after rewriting the address (orig_to in use). * violations.ignore.d/logcheck-postfix: ignore plain informational messages even if they contain some of the violations.d/logcheck words. * ignore.d.server/postfix: ignore messages about successful deliveries to IMail servers (and possibly others; closes: #407777). * ignore.d.server/postfix: patch by Armin Berres to filter information messages from postfix+mysql (closes: #408444). * ignore.d.server/postfix: patch by Armin Berres to filter policyd-weight messages (closes: #408700). * ignore.d.server/postfix: ignore messages about numeric MX results by smtpd as well. * violations.ignore.d/logcheck-postfix: ignore lmtp message when content filter muted DSN. * ignore.d.server/postfix: ignore message due to timeout receiving the initial server greeting. * ignore.d.server/openvpn: ignore messages related to client-side routes and client-config-dir. * ignore.d.server/openvpn, violations.ignore.d/logcheck-openvpn: fix up a bunch of the rules for various stages of the connections. * ignore.d.server/ssh: ignore messages about invalid users even with '" characters in the usernames. * ignore.d.server/ssh: ignore messages related to Allow/DenyUsers (closes: #407009). * violations.ignore.d/logcheck-ssh: ignore more PAM authentication failure messages. * ignore.d.server/courier, violations.ignore.d/loghceck-courier: ignore SSL/TLS connection errors for all components. * ignore.d.workstation/logcheck, ignore.d.server/cracklib: moved cracklib rules to server level (closes: #408557). * ignore.d.server/epmd: ignore information output from erlang-base daemon epmd; thanks Armin Berres for the patch (closes: #408559). * ignore.d.server/spamd: improve rules for corner cases, thanks to Armin Berres for his help. * violations.d/smartd: no longer elevate temperature messages as smartd does that already (closes: #407734). * ignore.d.server/smartd: ignore raw values in attribute change messages; thanks to Elmar Hoffmann (closes: #408890). * ignore.d.server/smartd: honour exclamation mark for max value in attribute change value; thanks to Elmar Hoffmann (closes: #408901). * ignore.d.server/squid: ignore vary store marker object mismatches. * Added Galician debconf translation by Jacobo Tarrio (closes: #408123). * Updated Czech debconf translation; thanks Miroslav Kure (closes: #407830). -- martin f. krafft Tue, 30 Jan 2007 15:26:22 +0000 logcheck (1.2.53) unstable; urgency=low * violations.ignore.d/logcheck-postfix: ignore entries for messages bounced/deferred by the LDA. * ignore.d.server/postfix: ignore network_biopair_interop messages about read errors. * ignore.d.server/postfix: ignore bounce messages on bad address syntax. * ignore.d.server/postfix: ignore lost connection warnings during HELO handshake. * ignore.d.server/postfix: more tolerance on message-ids. * violations.ignore.d/logcheck-postfix, ignore.d.server/postfix: ignore messages related to checks done by the cleanup daemon. * violations.ignore.d/logcheck-postfix: more extended DSN matches contributed by Jefferson Cowart; thanks (closes: #405786)! * violations.ignore.d/logcheck-postfix: fix greylisting defer message for zero-sized senders (<>). * violations.ignore.d/logcheck-postfix: fix greylisting defer filter for new-style messages. * violations.ignore.d/logcheck-postfix: ignore messages about deliverable messages (sender address verification). * violations.ignore.d/logcheck-postfix: ignore cleanup status messages which have been elevated to violations due to matches between domain names and violation filters (e.g. vrfy.org). * violations.ignore.d/logcheck-ssh: ignore ssh_msg_recv messages which are escalated to violations. * ignore.d.server/dcc: ignore message about sleep after failure. * ignore.d.server/kernel: ignore libata load message. * ignore.d.server/kernel: ignore several meesages related to hard disks. * ignore.d.{server,workstation}/kernel: ignore more messages related to removable disks and their filesystems. * ignore.d.server/kernel: ignore messages from bridge subsystem. * ignore.d.server/pdns: ignore message about . zone refreshes. * ignore.d.server/spamd: ignore logger and server pid info messages. * ignore.d.server/dovecot: ignore disconnection messages after login too. * violation.ignore.d/ssh: ignore messages about illegal users with IPs reverse resolved too. * ignore.d.server/squid: handle messages about unsupported messages with any type (related to mldonkey) in a hackish way, due to locale mismatches (see #350206). * violations.ignore.d/logcheck-sudo: properly ignore invocations of sudoedit. * ignore.d.server/openvpn, violations.ignore.d/logcheck-openvpn: also honour "openvpn" as process name, which seems to be used by clients; thanks to Vincent Danjean for being persistent (closes: #406179). * ignore.d.server/openvpn: ignore messages with IP address of peers of newly established connections. * ignore.d.server/dhclient: updated to new style for informational messages. * ignore.d.server/saned: also ignore access granted messages for other usernames. * logcheck now chdir()s to /var/lib/logcheck before cleanup of the temporary directory. This should hopefully fix some of the "Check temporary directory" messages. * Modified the system account Gecos name to "logcheck system account". * Check for existence of home directory of the system account. If it points to a non-existing directory, change it to /var/lib/logcheck. Also ignore the corresponding log entry by usermod. -- martin f. krafft Tue, 16 Jan 2007 07:13:32 +0100 logcheck (1.2.52) unstable; urgency=low * ignore.d.server/dovecot: cleanup of dovecot filters to match some more operational messages reported by Stefan Schlesinger (closes: #396760). * ignore.d.server/dovecot: ignore delivery notification log messages by deliver MDA. * ignore.d.server/dovecot: amend for new log format. * ignore.d.server/dovecot: ignore messages about disconnection because of disconnection (sic). * ignore.d.workstation/kernel: also ignore lack of UDF partition. * ignore.d.server/proftpd: small correction wrt IPv6 addresses (closes: #397466). * ignore.d.server/proftpd: ignore reaching of max login attempts limit). * ignore.d.server/postfix, violations.ignore.d/logcheck-postfix: ignore more new-style messages with extended DSNs (closes: #404422). * ignore.d.server/postfix: ignore cleanup msgs withempty msgid (closes: #400986). * ignore.d.server/watchdog: first couple of filters added. * ignore.d.server/netconsole: first couple of filters added. * ignore.d.server/cron-apt: ignore + in package names. * ignore.d.server/dhcp: fixed to filter requests for unknown leases. * ignore.d.server/dhcp: hide message about duplicate lease. * ignore.d.server/ssh: ignoring message about corrupted input MAC. * ignore.d.server/ssh: ignoring message about bad packet length. * ignore.d.server/ssh: ignoring message about bad protocol identification. * ignore.d.server/ssh: ignore messages about missing auth information. * ignore.d.server/ssh: support filtering gssapi-keyex messages; thanks to Russ Allbery (closes: #400426). * ignore.d.server/ssh: allow dashes in hostnames of refused connect messages; thanks to Russ Allbery (closes: #400813). * violations.ignore.d/logcheck-ssh: ignore ssh hosts.allow warnings (closes: #400714). * ignore.d.server/dcc: ignore message about which DCC servers are used. * ignore.d.server/openvpn: ignoring more operational messages. * ignore.d.server/snort: added ruleset by Jason Martens (closes: #403758). * ignore.d.server/courier: fix bogus rule, thanks to Michael Tautschnig (closes: #400350). * ignore.d.server/rsync: ignore rule about file list built; thanks to Russ Albery (closes: #400425). * ignore.d.server/lpr: ignore restart message; thanks to Russ Albery (closes: #400427). * ignore.d.server/nagios: fix filters; thanks to Esteban Cerutti (closes: #401717). * ignore.d.server/slapd: ignore slapcat init message; thanks to Dirk Prösdorf (closes: #400432). * Added Spanish debconf translation by Javier Fernández-Sanguino (closes: #402204). * Do not source debconf confmodule in preinst as it's not needed. * Assign a real name to the logcheck system user, unless the real name GECOS field is not empty (closes: #402800). Also ignore the message generated by chfn. -- martin f. krafft Thu, 28 Dec 2006 12:32:00 +0100 logcheck (1.2.51) unstable; urgency=medium * medium urgency to increase the chance of making etch as per agreement with Steve Langasek, release manager. Rationale: arch-indep and only new regexps in this version. * violations.d/kernel: added to elevate messages about media errors. * violations.ignore.d/kernel: ignore some non-critical messages by device drivers, such as USB stuff. * violations.ignore.d/kernel: ignore if AGP fails to initialise on Matrox cards. * ignore.d.server/kernel: ignore message about device-mapper loading. * ignore.d.server/kernel: ignore startup banners by tun/tap driver. * ignore.d.server/kernel: ignore startup configuration printout by sk98lin. * ignore.d.server/kernel: ignore startup banner by skge driver. * ignore.d.server/kernel: ignore startup messages by ipmi driver. * ignore.d.server/kernel: ignore iptables bandwidth messages generated by webmin bandwidth module/shorewall (closes: #397580). * ignore.d.server/kernel: remove filter for iptables log messages for UDP packets, which aren't generated by default. * ignore.d.server/kernel: ignore message about missing disc in drive. * ignore.d.workstation/kernel: ignore messages related to pmount and USB hotplugged storage devices. * ignore.d.workstation/kernel: ignore intel8x0 (soundcard) initialisation messages. * ignore.d.workstation/kernel: ignore more messages related to USB hotplug. * ignore.d.workstation/kernel: ignore message about DRM loading and initializing. * ignore.d.{workstation,server}/kernel: moved several messages to server class as they also apply to servers. * violations.ignore.d/logcheck-su: ignore redundant message about authentication failure, which provides no additional information. * violations.ignore.d/logcheck-cron-apt: ignore redundant summary error message about index files that failed to download. * ignore.d.server/logcheck: ignore pam_unix opened and closed sessions with empty progname (gconf mainly). * ignore.d.server/pdns: added more filters to silence recent versions of pdns (except for startup/shutdown). * ignore.d.server/pdns: also hide IPv6-related messages and messages related to syncing of new slave zones. * ignore.d.server/anacron: also ignore messages with exit status. * violations.ignore.d/logcheck-ssh: ignore authentication error messages by pam_unix: if there's no user name, the attempt is pathetically harmless anyway; if there's a username, sshd logs another message with more information. * ignore.d.server/ssh: ignore listening notices for all ports, not just 22. * ignore.d.server/ppp: filtering messages about connections to pppd. * violations.ignore.d/logcheck-bluez-utils: ignore non-critical failure messages about connections that failed. * ignore.d.server/bluez-utils: added to filter dund connection messages. * ignore.d.workstation/bluez-utils: add filters to ignore device connection and disconnection, as well as startup/shutdown. * violations.ignore.d/postfix: ignore unsupported SSL cert purpose. * violations.ignore.d/postfix: ignore messages related to amavisd-new banning attachments. * ignore.d.server/postfix: filtering message when smtp client is greylisted. * ignore.d.server/postfix: ignore redundant message about reload by postfix-script as master also logs. * ignore.d.server/postfix: ignore errors about virtual users not found. * ignore.d.server/postfix, violations.ignore.d: ignoring more messages about rejects the admin does not care about; thanks to Russ Allbery (closes: #397097). * */*postfix: also ignore [-_$] in local part of message-id; thanks to Alexander Gerasiov (closes: #398163). * ignore.d.server/postfix: ignore messages about changed hash tables. * ignore.d.server/postfix: ignore summary messages when postsuper deleted queue entries. * ignore.d.{workstation,server}/mldonkey: moved to server category and added some additional rules for informational status messages. * ignore.d.server/dhclient: filtering send_packet messages which are purely informational or redundant without any extra info. * ignore.d.server/dhcp: updated for latest BOOTP messages. * ignore.d.server/dhcp: fixed to filter requests for unknown leases. * ignore.d.server/hplip: added to filter information messages from hpiod/hpijs/hpssd. * ignore.d.server/xinetd: ignore messages about conf files read and services removed, as well as startup banner. * ignore.d.server/saned: ignore most messages. * ignore.d.server/squid: ignore messages resulting from clients firing unsupported request methods at the server, which may happen in situations where transparent proxying is in use. GNUTELLA is one offendant. * ignore.d.server/squid: ignore some messages generated by squid 2.6 in transparent mode. * ignore.d.server/squid: ignore messages about closed client connections due to lifetime timeout. * ignore.d.server/proftpd: support IPv6 addresses with UseReverseDNS off; thanks to Gregor Hermens (closes: 397466). * ignore.d.server/proftpd: ignore messages by new version of proftpd about aborted transfers and chrooting to the root directory. * ignore.d.server/proftpd: ignore message about failure to bind to IPv6 sockets if protocol is not available, as IPv6 cannot be turned off it seems (see http://bugs.proftpd.org/show_bug.cgi?id=2817). * ignore.d.server/amandad: ignore messages with resolved hostnames instead of IPs; thanks to Jan Evert van Grootheest (closes: #396407). * ignore.d.server/courier: cleanup to match some more messages reported by Enrique Garcia (closes: #395265). * [TODO] ignore.d.server/dovecot: cleanup of dovecot filters to match some more operational messages reported by Stefan Schlesinger (closesNOTYET: #396760). * ignore.d.server/smartd, violations.d/smartd: ignore messages about temperature changes except those that report reaching new maximum values; escalate those reporting the reaching of critical limits to security events. * ignore.d.server/ntp: ignore debug messages from signal_no_reset. * ignore.d.server/ntp: ignore messages about which port ntpd bound to. * ignore.d.server/maradns: added initial set of filters for maradns. * ignore.d.server/cpufreqd: added filters for startup messages about unconfigured/missing plugins. * Added README.backports. * Now recommends logcheck-database of at least the current verson (>= instead of =). -- martin f. krafft Fri, 17 Nov 2006 18:36:32 +0100 logcheck (1.2.50) unstable; urgency=low * chgrp the entire /etc/logcheck tree to group logcheck if it exists during logcheck-database's configuration (closes: #391665). * ignore.d.server/cron-apt: also ignore Get messages with dots in the component name (local repos). * ignore.d.server/postfix, violations.ignore.d/logcheck-postfix: ignore redundant messages about missing maildirs (closes: #354821). * ignore.d.server/ppp: ignore messages about modem hangups due to remote connection drops. You're not going to see these anyway if pppd does your connection, and there will be plenty other messages alerting you to the lack of connectivity. * ignore.d.server/dhcp: ignore message about leased addresses which respond to ping requests. * ignore.d.workstation/mldonkey: added file to ignore pretty much everything. -- martin f. krafft Thu, 2 Nov 2006 22:47:48 +0100 logcheck (1.2.49) unstable; urgency=low * Add note about read permissions on log files to the error ourput generated by logcheck in case of problems (closes: #382858). * Safer adding of logcheck alias to /etc/aliases; now does *not* remove the alias on remove/purge anymore since mail may still arrive at a later point (closes: #392637). * ignore.d.server/kernel: also ignore outgoing iptables log entries (closes: #377381). * ignore.d.server/kernel: ignore TCP treason uncloaked messages since the kernel apparently knows how to handle them anyway and we're really not a NIDS. * violations.ignore.d/logcheck-postfix: fixed rule to filter generic bounces by the smtp client. * violations.ignore.d/logcheck-postfix: allow messages about network_biopair_interop failures to report negative num_read counts. * violations.ignore.d/logcheck-postfix: ignore generic 554 messages during CONNECT; thanks to Martin Lohmeier (closes: #373174). * violations.ignore.d/logcheck-postfix: updated filter for generic smtp status messages to postfix 2.3 (closes: #376533). * violations.ignore.d/logcheck-postfix: also filter rejections even if rcpt is not yet known; thanks to Micah Anderson (closes: #382442). * violations.ignore.d/logcheck-postfix: do not ever report security warnings about mail which has been sent (closes: #382440). * ignore.d.server/postfix: ignore messages about missing issuer certificates. * ignore.d.server/postfix: handle LMTP submissions from localhost; thanks to Marco Nenciarini (closes: #389047). * ignore.d.server/postfix: ignore lost connections after any SMTP command; thanks to Micah Anderson (closes: #387000). * ignore.d.server/postfix: ignore warning about non-SMTP commands. * ignore.d.server/postfix: ignore warning about lost connections after initial server greeting. * ignore.d.server/postfix: ignore warning about lost connections any type of upper case SMTP command. * ignore.d.server/postfix: again ignore warning about failed SASL auth. * ignore.d.server/postfix: also ignore bare port 25 in log messages; thanks to Bernd Zeimetz (closes: #385001). * ignore.d.server/postfix-policyd: added rules by Bernd Zeimetz (closes: #387008). * ignore.d.server/saslauthd, violations-ignore.d/logcheck-saslauthd: ignore messages about unknown users or invalid passwords (closes: #369486). * ignore.d.server/spamd, violations.ignore.d/logcheck-spamd: update rule to ignore checking messages (closes: #382805). * ignore.d.server/spamc: ignore warning about max message size limitation. * ignore.d.server/imapproxy: allow usernames with @ (closes: #373190). * ignore.d.server/dovecot: properly handle IPv6 addresses (closes: #327088). * ignore.d.server/dovecot: ignore more messages about inactivity disonnects. * ignore.d.server/dovecot: ignore PAM auth messages about unknown users. * ignore.d.server/innd: ignoring new message about flushing messages by send-uucp; thanks to Thomas Parmelan (closes: #387272). * ignore.d.server/courier,squid: fix rules with space after the $ line-end mark. * ignore.d.server/squid: ignore message about oversized URLs. * ignore.d.server/squid: ignore informational aioSync messages; thanks to Elmar Hoffmann (closes: #385982). * ignore.d.server/squid: ignore warning about missing PTR record. * violations.ignore.d/logcheck-nagios, ignore.d.server/nagios: extended rules to support nagios2; thanks to Cyril Chaboisseau (closes: #355364). * violations.ignore.d/logcheck-bind: ignoring messages for unexpected RCODEs; thanks to Ingo Theiss (closes: #378333). * ignore.d.server/dhcp: ignore messages about NAK due to portable client from other network requesting old lease. * violations.d/smartd: elevate messages about uncorrectable and unreadable sectors (closes: #392679). * ignore.d.server/smartd: ignore messages smartd generates when sending warning mail; thanks to Elmar Hoffmann (closes: #393938). * */*smartd: now filters all smartd attribute changes except for temperature changes to values higher than and equal to 55, and changes to the attributes Reallocated_Sector_Ct, Current_Pending_Sector, Offline_Uncorrectable, and UDMA_CRC_Error_Count. See /usr/share/doc/logcheck-database/NEWS.Debian.gz . * ignore.d.server/cron-apt: ignore regular messages about downgrades; they are not going to take place anyway, and an error message is emitted nevertheless. * ignore.d.server/cron-apt: handle situations when fetching takes minutes. * ignore.d.server/proftpd: ignore messages about login access limited. -- martin f. krafft Wed, 18 Oct 2006 22:11:06 +0200 logcheck (1.2.48) unstable; urgency=low [ maximilian attems ] * ignore.d.server/postfix: Fix cleanup rule and remove duplicate. Thanks Paul Aurich (closes: 378976) * Updated debconf translations: - fr.po thanks Michel Grentzinger (closes: 379215) - nl.po thanks Frans Pop (closes: 377605) - it.po thanks Luca Monducci (closes: 377874) * violations.ignore.d/logcheck-ssh, violations.ignore.d/logcheck-postfix: Move to postfix rules to the later. (closes: 377139) * ignore.d.server/courier: Ignore authdaemon ldap reconnections. Thanks Tilman Koschnick for the patch (closes: 372286). * ignore.d.server/sa-exim: Add 2 rules for sa-exim. Thanks Ross Boylan (closes: 359787). * ignore.d.workstation/kernel: Add more rules for swsusp. * ignore.d.workstation/kernel: Ignore loop module loading. * Add catalan debconf translation (closes: 379131) - Thanks for ca.po to Jordà Polo * ignore.d.workstation/kernel: Ignore oprofile loading. * ignore.d.workstation/kernel: Ignore removable device plugging. * ignore.d.server/dhclient: Ignore recorded leas output and bound renewal. * violations.ignore.d/logcheck-login: Ignore successful root logins on tty's. * ignore.d.workstation/ifplugd: Ignore link beat loose. * ignore.d.workstation/kernel: detto. * debian/logcheck-database.postinst: Make logcheck-database piuparts clean, on upgrade. Remove moved configfiles if they are unchanged. Thanks Lars Wirzenius for report (closes: #355701). * Remove old useless logcheck/changes low priority debconf template. * Remove logcheck/install-note as logcheck.conf is self explantory. (closes: 377618) Thanks Thomas Huriaux . * Move logcheck/changes retroactively to logcheck.News. Thus cleanup logcheck.control, no debconf left (closes: #388924). * logcheck-database.config fix bashism. [ martin f. krafft ] * moved po-debconf build-dep to arch-dependent list due to clean target. * removed logcheck debconf files, only logcheck-database has debconf. * ignore.d.server/pdns: ignore failure to get SOA serial from supermasters that send wrong notifies. * ignore.d.server/cron-apt: fixed several rules for corner cases. * ignore.d.server/postfix: added rule for server greeting timeout. * ignore.d.server/postfix: also add msgid status messages by cleanup daemon. * ignore.d.server/proftpd: fixed rule to ignore unknown user logins. * ignore.d.server/spamd: fixed rule for config location message. * ignore.d.server/ssh: duplicate possible breakin messages from violations.ignore.d. * ignore.d.server/ssh: duplicate invalid user messages from violations.ignore.d, and also cater for zero-length usernames. * ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: revert to reporting drastic changes in attributes. * ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: now works with almost arbitrary disk names. * ignore.d.server/kernel: partially undo link status message filter, now only filters up messages, not the down ones. By nature of the link status, the messages will come in pairs or not at all anyway. * ignore.d.server/dovecot: ignoring inactivity logouts. * ignore.d.server/pdns: ignoring message about new superslave zones. * ignore.d.server/spamd: correcting typo in SIGCHLD cleanup rule. * ignore.d.server/ssh: ignoring ssh_msg_recv failure messages. * ignore.d.server/pdns: ignore messages about not being authoritative for just about anything. * ignore.d.server/cron-apt: fixed rule to properly treat lines with packages whose names have dots (closes: #381983). * Do not remove the logcheck user on purge as it may still own files (closes: #383243). * Updated nl debconf translation, thanks to Frans Pop (closes: #386768). * Added patches by Elmar Hoffman to ignore power on time usage attribute and messages about self-tests. -- martin f. krafft Sun, 8 Oct 2006 17:15:43 +0200 logcheck (1.2.47) unstable; urgency=low * ignore.d.server/pdns: minor corrections to better ignore notifies -- I think pdns 1.9.20 introduced a new format. * ignore.d.server/dovecot: minor correction to ignore SSL parameter regeneration. * ignore.d.server/cron-apt: ignore echo of update line, permit distribution names with a hyphen ("sarge-backports"), allow ~ in versions, and ignore the summary message about failed fetching of index files. * violations.ignore.d/logcheck-ssh: ignoring "Connection reset by peer" messages. * violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN" messages (with the hyphen) when it's a clear fake (IP maps to A, which does not map to IP). * violations.ignore.d/logcheck-ssh: ignore logins as invalid user which have a 'none' method. * ignore.d.server/postfix: improved filters for postfix 2.3 lmtp connections. * violations.ignore.d/logcheck-proftpd: ignoring extra PAM messages for failed logins. * violations.ignore.d/logcheck-proftpd: ignoring denied and failed logins due to limit specification. * ignore.d.server/kernel: ignore interface link status changes. If they are important, we would not be able to get mail about them anyway. * ignore.d.workstation/kernel: ignore messages about unknown keys pressed. This information is interesting, but by the time logcheck delivers the mail, no user will remember which key s/he pressed. * Added further lintian and linda overrides (non-standard-dir-perm). * Updated debconf translations: - Vietnamese, thanks to Clytie Siddall! - Swedish, thanks to Daniel Nylander! - German, thanks to maximilian attems! - Japanese, thanks to Hideki Yamane! -- martin f. krafft Tue, 18 Jul 2006 07:24:18 +0200 logcheck (1.2.46) unstable; urgency=low * ignore.d.server/ssh: fixed regression related to "Did not receive identification string" warning. Sorry about that (closes: #377276). * ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: extended the regexp matching usernames to anything non-whitespace in filters about nonexistent users -- today someone tried to log in as '!@#$%^&*()_+' here! * ignore.d.server/pdns: ignoring warnings about overly large packets, or packates otherwise of the wrong size. * ignore.d.server/cron-apt: fixing rules wrt sarge and cleaning up. * ignore.d.server/dovecot: fixing filter for dovecot 1.0 logins by removing the space at the end of the line. Gargh! * We're now maintaining logcheck in SVN. See README.Debian file (which also received other minor updates). -- martin f. krafft Sun, 9 Jul 2006 15:04:49 +0200 logcheck (1.2.45) unstable; urgency=low [ Todd Troxell ] * Increment version [ Jamie Penman-Smithson ] * ignore.d.server/smartd: Add rule to match normal temperature changes. * violations.ignore.d/logcheck-sudo: Ignore invocation of sudoedit too. Thanks to Jan Braun . (Closes: #360120) * ignore.d.server/dhcp: Match new DHCP log format with IPv6 addresses. (Closes: #369603) * violations.ignore.d/logcheck-ssh: Match new log format in openssh 4.3. (Closes: #369497) * ignore.d.server/oidentd: Match IPv6 addresses too. Thanks to Elmar Hoffmann for the patch. (Closes: #369294) * ignore.d.server/oidentd: Remove superfluous rule for connections from localhost. * ignore.d.server/pdns: Ignore 'Refreshed n records' messages. (Closes: #369263) * ignore.d.server/smartd: Minor change to rule for "Temperature changed" messages. * ignore.d.server/xinetd: Add the first rules for xinetd. * ignore.d.server/smartd: Merge two rules for self-test messages into one. (Closes: #368878) * ignore.d.server/saslauthd: Add rule to suppress 'client step' messages. (Closes: #368652) * violations.ignore.d/logcheck-postfix: Update rules for postgrey. (Closes: #368318) * violations.ignore.d/logcheck-postfix: Add rule to suppress smtpd '554 Access denied' messages. (Closes: #368313) * ignore.d.server/postfix: Fix rule to really match 'read timeout' messages. (Closes: #367781) * ignore.d.server/spamd: Merge in rules from the spamassassin package. (Closes: #366364) * Minor changes to usage summary and explanation of FQDN option. (Closes: #365565) * ignore.d.server/dkfilter: Minor fix to rules for dkfilter.out. Match 'wrong sender domain' messages from dkfilter.out. * ignore.d.workstation/anacron: Move to ignore.d.server. (Closes: #368900) [ maximilian attems ] * ignore.d.server/dovecot: Add rule for aborted logins. * ignore.d.workstation/kdm: Ignore kdm-greeter logline. * ignore.d.server/nagios: Improve existing rules, add newer for service flapping and ping logging. * ignore.d.server/sympa: Add impressive ruleset on common ml operations. * ignore.d.server/stunnel: New rules. * ignore.d.server/squid: Add 2 rules for cachemgr. * ignore.d.server/rsync: Add 2 rules for common rsyncd failures. * ignore.d.server/rsnapshot: Add 2 rules for casual rsnapshort warnings. * ignore.d.server/proftpd: Add 3 rules about usual ftpd operations. * ignore.d.server/ntp: Ignore to many recvbufs. Thanks to all the above rules to Peter Palfrader . * ignore.d.workstation/kernel: Add rules to reduce noise on swsusp. * debian/logcheck.postinst: Remove old check against woody version removing /var/cache/logcheck. * debian/logcheck-database.preinst, debian/logcheck-database.postinst: Remove checks against old woody symlinkfarm. * debian/logtail.preinst: Remove old dpkg-divert handling. * debian/control: Remove useless versioned depends on debianutils and po-debconf. Versions are satisfied on Sarge. * debian/control: Conform to policy 3.7.2 without changes. * ignore.d.server/dhcp: Properly escape dots. [ Gerfried Fuchs ] * debian/control: move debhelper dependency to Build-Depends due to policy requirements. [ martin f. krafft ] * ignore.d.server/cron: added rules to ignore begin/end of crontab edits (closes: #356681). * ignore.d.server/cron: added crontab-specific lines from ignore.d.workstation/cron (and removed them there). * ignore.d.*/cron-apt: moved cron-apt rules from workstation to server. * ignore.d.server/dhclient: even 3.0 sleeps when no lease in persistent database. * ignore.d.workstation/dovecot: Added/updated dovecot 1.0 rules. * ignore.d.server/kernel: added rules to ignore martian, ll header, and icmpv6_send warnings. * ignore.d.server/pdns: added many rules for standard pdns operational messages. * violations.ignore.d/logcheck-pdns: ignore denied AXFR requests. * ignore.d.server/postfix: ignoring cleanup header_checks REPLACE messages (closes: #376489). * ignore.d.server/postfix: extending rule for "too many errors" to cover all SMTP commands (closes: #376472). * ignore.d.server/postfix: ignoring dNSNames complaints (closes: #376469, and parts of 369487). * ignore.d.server/postfix: ignoring bounce message about sender non-delivery notification. * violations.ignore.d/logcheck-postfix: ignore invalid SASL logins, PAM will complain with more details (closes: #369487). * violations.ignore.d/logcheck-postfix: ignore HELO access check rejections (closes: #376968). * ignore.d.[ws]*/ppp: adding/updating rules to ignore informational messages. * ignore.d.server/proftpd: adding ANON command to successful login rule and noticing that the other rule of the bug has already been fixed (closes: #372541). * ignore.d.server/proftpd: ignoring logins with unknown users. * ignore.d.workstation/proftpd: ignore reaching maximum number of login attempts. * ignore.d.server/smartd: don't be so selective about temperature filtering (closes: #355085). * ignore.d.server/smartd, violations.ignore.d/logcheck-smartd: ignore usage and prefailure attribute changes given that smartd will send separate mail when things go bad anyway. * ignore.d.server/spamd: fixing several of the spamd rules wrt email addresses, and added new rules for newer spamd versions. * ignore.d.[ws]*/squid: moved messages about server stop/start/reconfigure to workstation, and those about unchanged cache dir sizes to server. * ignore.d.*/squid: folded in some filters for operational messages and updated squidGuard spawn message to include all eventHelper messages. * ignore.d.server/ssh: ignore messages about missing shadow information for NOUSER (when there was a NULL user passed in the SSH protocol). * ignore.d.server/ssh: make sure that we never get bothered by scans again (closes: #376461, #354820, #376474). * ignore.d.server/ssh: ignore SSH disconnects (closes: #376464). * ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: ignore login attempts for nonexistent accounts (closes: #376462). * src/logcheck: if called as root, now echoes the options back to the user for easier cut-n-paste. * debian/control: recommend logcheck-database instead of depending on it (closes: #376739). -- Todd Troxell Thu, 6 Jul 2006 06:13:19 -0500 logcheck (1.2.44) unstable; urgency=low [ Jamie Penman-Smithson ] * Add kernel rules for 'Device not ready' and 'BIOS EDD' messages. (Closes: #353510) * Update postfix rules to match new log format in 2.2. * Modify exim4 rules to match messages with multiple recipients. (Closes: #359878) [ maximilian attems ] * debian/logcheck.postrm, debian/logcheck.postinst: Don't hide errors in postinst. * src/logcheck: $SENDMAILTO escape it properly so that multiple senders can be specified. * src/logcheck: Make shure we always have an $LOCKFILEDIR as Ubuntu purges lock dir on startup. Thanks Dave Love for the patch. (closes: #357039) * debian/logcheck.postinst: 755 is fine as permissions for $LOCKFILEDIR. * ignore.d.server/ntp: Catch negative corrections too - thanks to Robert Edmonds . (closes: #355649) * ignore.d.server/smartd: Ignore smartd temperature messages within the normal operating range between 5-50 degrees C - thanks to Adam Porter for the patch. (closes: #355085) * it.po: Add Italian debconf translation. Thanks to Luca Monducci . (closes: #356737) * ignore.d.server/postfix: Ignore noise buffer length postfix logline - thanks to Karl Chen for the patch. (closes: #356754) * ignore.d.server/kernel: Ignore ECP dmesg logline. (closes: #355092) * ignore.d.server/dhclient: Fix typo, add rule match. * ignore.d.server/popa3d: Take into account multiple messages. Thanks Robbert Kouprie for the patch. (closes: #363336) * ignore.d.workstation/kernel: Add various kernel rules. (Closes: #353815) [ Todd Troxell ] * Switch back to using run-parts as it created confusion for users with files like #rulefile# and .rulefile.swp in their tree. (closes: #353793) -- Todd Troxell Sat, 29 Apr 2006 22:48:35 +0200 logcheck (1.2.43a) unstable; urgency=low * Bugfix release. Unconditionalize chgrp -R of /etc/logceck as our new logfile-unreadability tests revealed some unreadable rule files upon upgrade. * This release also includes changes I forgot to include in the previous release, listed in the prior changelog entry. -- Todd Troxell Sun, 19 Feb 2006 08:32:20 -0500 logcheck (1.2.43) unstable; urgency=low [ maximilian attems ] * Add exim4 rule for defered messages. * Fix ssh rule for valid session. * Add some kernel rules for some sony device. [ Todd Troxell ] * Correct hylafax receive rule. * Add /var/lib/logcheck to INSTALL, Thanks to Jonathan Adamczewski * Add check to see if logcheck cfg is accessible. Thanks Markus Peuhkuri (Closes: #344553) * Add Marcus Peuhkuri's ssh-summarizer script to doc dir (Closes: #307585) * Correct Postfix rule for "address not listed for hostname" (Closes: #344620) * Update copyright year to 2006 * Add Dutch Debconf translation, thanks Frans Pop (Closes: #344716) * Patch from Bill Wohler to sudo vc ignore rules (Closes: #343631) * Remove redundant hylafax mdoem string rule * Add exit status section to manpage [ Jamie Penman-Smithson ] * Add snmpd rule to match new "Connection from UDP" messages. Thanks to Ralf Hildebrandt . (Closes: #337916) * Update dovecot rule to match new log format - lowercase method - yet again. (Closes: #337517) * Add various new kernel rules at workstation level. Thanks to Dave Vehrs . (Closes: #337998) * Fix postfix rules to match "initializing server-side TLS engine" messages. (Closes: #347227) * Update su rules for login 4.0.x. (Closes: #346502) * Reword EXAMPLES section in the logcheck manpage. Thanks to Jari Aalto . (Closes: #351669) * Update postfix/lmtp rule to match new log format in postfix 2.3. * Use 'find' instead of 'run-parts' to list the contents of directories since 'run-parts' cannot handle filenames with periods. Update control to depend on findutils. * Exit with an error if a rule file is unreadable. (Closes: #340226) * Add postfix rule to match "statistics: max simultaneous domains[..]" scache messages. * Update spamd rules. Thanks to Russ Allbery & Karl Chen . (Closes: #336558) * Fix ntp rules to match ipv6 addresses too. Thanks to Beat Bolli . (Closes: #336079) * Add first rule for cvs-pserver. (Closes: #338732) * Modify dhcp rules to match dhcpd output when no client hostname is returned and '(none)' is used. (Closes: #346350) * Add the first rules for cron-apt. Thanks to Dave Vehrs . (Closes: #338003) * Add logcheck to /etc/aliases during install. (Closes: #353148) * Add the first rules for dspam. -- Todd Troxell Sun, 19 Feb 2006 07:55:46 -0500 logcheck (1.2.42) unstable; urgency=low [ maximilian attems ] * Add dccproc timeout rule. * Only source the conffile if we can read it. Should enable logcheck runs directly out of the logcheck source. * Default to send mail to local root otherwise messages go to Nirvana. * Check if conffile with list of logfiles is readable. * Fallback to read syslog if no logfile is provided. * Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751) * Add rule for recent nfs mountd messages. Thanks to toby cabot . (Closes: #325800) * Move imap file to server level, not appropriate for paranoid. * Add imap ignore rule for moved bytes, seems pretty normal imap usage. Thanks to toby cabot . (Closes: #325801) * Add rule for Postponed keyboard-interactive ssh logins. * Update some usb rules for usb-storage and phone devices. (Closes: #324347) * Update horde3 rules the identifier can be changed by the user to any char. Thanks to Martin Lohmeier (Closes: #324613) * Add imp4 rule for successful logins. Thanks to Martin Lohmeier (Closes: #324615) * Bumped standards to 3.6.2. * Fix exim4 rule for more modern tls string. * logcheck.8 fix add full path to README.logcheck-database.gz. (Closes: #328632) [ Jamie Penman-Smithson ] * Add the first rules for mon. Thanks to Robbert Muller . (Closes: #324451) * Modify dovecot rules to match ipv6 addresses too. (Closes: #327088) * Add first polypaudio rules in workstation to suppress module-alsa-sink.c messages. (Closes: #331282) * Add first rules for tftpd, suppress 'connect' and 'get file' messages. (Closes: #333456) * Fix dovecot rules to match the new format log messages in 1.0. (Closes: #332707, #333461) * Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann (Closes: #332807) * Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar Hoffmann (Closes: #333233) * Update nagios rules to match host UNREACHABLE notification messages. (Closes: #325874) * Add the first rules for popa3d. (Closes: #328251) * Fix group permissions for /var/lock/logcheck on install or upgrade so logcheck can be executed by the logcheck group. (Closes: #330208) * Add Swedish translation, thanks to Daniel Nylander . (Closes: #334415) * Fix anvil max rate rule to match statistics messages when postfix is bound to a specific IP. (Closes: #334342) * Modify spamd rules to match log message format in 3.1. (Closes: #335021) [ Todd Troxell ] * Add check for lockfile-progs to aid non-debian installations. * Set logcheck to remove cleanup trap if an error occours while getting lockfile. This will prevent many confusing error messages. * Add error reporting on -o option * Add IPv6 support to bind rules. Thanks Marco Nenciarin (Closes: #327100) * Add IPV6 support to postfix rules. Thanks Marco Nenciarin (Closes: #327114) * Add INSTALL documentation for manual/non-Debian installation. * Add 5 receive rules for hylafax's FaxGetty. * Call adduser without --home flag in postinst. (Closes: #312393) -- Todd Troxell Sat, 22 Oct 2005 23:14:54 -0400 logcheck (1.2.41) unstable; urgency=low [ Jamie Penman-Smithson ] * Fix postfix rule to match "setting up TLS connection" messages again. * Fix innd rule for "ME time" messages, add rule for innfeed "ME time" messages. * Fix rules for gps to match messages with the null sender (<>). * Update cyrus/notifyd rule to match destination folders and subfolders too. * Update cyrus rules to suppress DBERROR db3: n lockers messages when it's only 1-2 lockers, these messages are harmless as long as the number doesn't increase. * Update postfix lmtp rule to match messages given by amavis when discarding UBE and viruses. * Fix bug in the squid rule for "found whitespace" messages which caused grep to choke due to unescaped { and } characters. (Closes: #311216) * Update innd nnrpd rule for latest version of INN. * Add a versioned dependency on grep to prevent bugs like #311216 happening in the first place. * Added Vietnamese translation, thanks to Clytie Siddall. (Closes: #312597) * Fix minor typo in logcheck-database.templates. (Closes: #312598) * Modify rules for successful ssh login messages to match when ssh/ssh2 is not specified at the end. (Closes: #312729) * Modified ignore.d.workstation/kernel to ignore nfs warnings about mount version. (Closes: #313601) * Fix postfix anvil rules to match max message/recipient rate and count messages. * Add the first rules for dkfilter, which implements domainkeys signing and verification for postfix. * Add rule for openssh-krb5 and add gssapi-with-mic to the list of auth alternatives. (Closes: #318500) * Add ovpn-tunnel rule to suppress "VERIFY OK: nsCertType=SERVER" messages. Thanks to Martin Lohmeier . (Closes: #320009) [ Maximilian Attems ] * Suppress error message if hostname not set. (Closes: #314951) * Add another sshd rule for PARANOID /etc/hosts.deny setting. * Fix postfix rule concerning Service unavailable. (Closes: #315507) * Add some initial support for exim4 log messages. Pretty rudimentary stuff still, will need further refinements. (Closes: #316612) * First rule for amandad. (Closes: #313603) * Remention how to invoke logcheck with sudo. * Add an examples section to the manpage with my most usual invocation. * Fix rules for gconfd loglines. * Add rule for mailman admin loglines in violations.ignore.d/logcheck-postfix thanks toby cabot . (Closes: #317772) * Fix hostname match in rbldnsd rule thanks sistemas@dedaloingenieros.com. (Closes: #317741) * Unifiy gdm rules, add a rule for X restart. * Beautify README.logcheck-database, uses markdown(1) syntax now. Added testing rules header to carify sections. (Closes: #317642, #318731) * Small manpage fixes. * Add 2 courier rules for ACCEPTED usernames and the started client module. * Add pdns rule for duplicate packets from recursor. * Fix cvs rule for exit code != 0. thanks Martin Lohmeier (Closes: #321506) * Fix hostname match in cups-lpd rules thanks Gilbert Laycock (Closes: #322179) * Add horde3 rules for users login/logout thanks Martin Lohmeier (Closes: #322570) * Fix logcheck.8 rendering of docbook-to-man. (Closes: #322036) [Todd Troxell] * Tweak descriptions to satisfy litian. -- Todd Troxell Mon, 22 Aug 2005 15:27:45 -0500 logcheck (1.2.40) unstable; urgency=low jamie: * Improve postfix rules in ignore.d.server/postfix and violations.ignore.d/logcheck-postfix. (Closes: #305350) * Add postfix rule for "Temporary failure in name resolution" messages. * Add rules for policyd, add comma to throttle rule. * Add nagios rules for PROCESS_SERVICE_CHECK_RESULT messages. (Closes: #306695) * Add more ntp rules for "adjusting local clock" messages. (Closes: #303661) * Add postfix rule for "unknown SPF result" messages when using the libspf2 patch. * Add rule for bind 9.3 "FORMERR resolving" messages. * Add more nagios rules for SERVICE_FLAPPING messages and ENABLE_*_NOTIFICATIONS messages. * Fix udev rules to match alphanumeric device names and subdirectories in front of %k. (Closes: #307588) * Add bind rule to suppress NSTATS messages. (Closes: #307675) * Add nagios rule for "HOST EVENT HANDLER" messages. * Add cyrus rules to match notifyd messages. * Add first rule for grinch, an open relay checker for postfix. * Set a default for FQDN and only set the value of HOSTNAME once we've read logcheck.conf. The FQDN option now works. (Closes: #308249) * Minor changes to innd rules. Add rule to match innfeed "Connection refused" messages. * Add nagios rule for ENABLE_NOTIFICATIONS messages. * Add postfix rule to suppress "certificate has expired" messages. * Add postfix rule for "misplaced delimiter" hostname warnings. * Add nagios rules to match ACKNOWLEDGEMENT, ADD_SVC_COMMENT, HOST_DOWNTIME and DISABLE_SVC_NOTIFICATIONS messages. * Add the first rules for qpopper and qpopper-drac. (Closes: #125794, #191637) * Fix innd rules in violations.ignore.d/logcheck-innd for innfeed to match "global/final seconds.." messages. * Correct innd rule for perl filter rejection messages to match hostnames with hyphens and underscores too. * Adjust the anvil rule to match "max connection" messages with port 587 (submission). * Add section to README.logcheck-database about submitting rules. * Modify rules for dovecot to also match messages from the pop3 daemon. (Closes: #310423) * Minor changes to innd rules. Add rule for readclose messages. * Add postfix rule in violations.ignore.d/logcheck-postfix to suppress dNSNames mismatch messages. * Add innd rule for innfeed hostChkCxns messages. * Fix postfix rule in violations.ignore.d/logcheck-postfix to match CommonName mis-match messages when verifying broken certs where the CN is empty. maks: * Add some pppd rules for pppoatm usage. * Fix hostname match in cvsd rules. * Add some first preliminary iptables rules for iptables REJECT logging ignore.d.server/kernel for UDP packets. * Add jabberd, ssh, rsync rules from Peter Palfrader . The ssh rule ignores network scanning noise (not the account brutforcing). * Added dot to username match in scponly rule. * Match more strictly ipv4 address in dhcpd + dhclient rules. * Add to ignore.d.server/dhcpd initial udhcpd lines. (Closes: #306388) * Minor additions to logcheck(8). * Add rule for cron nss_ldap message in ignore.d.server/cron. * Generalise kernel message no IPv6 routers present level workstation. * Update rsync daemon rule thanks Paul Slootman (Closes: #308800) * Update postfix peer verification rule match. (Closes: #307889) * Beautify logcheck.postinst don't call dpkg --compare-versions when no $2. * Correct proftpd rules thanks to Tilman Koschnick (Closes: #309084) todd: * Add Eric Evans as an uploader. -- Todd Troxell Sunday, 29 May 2005 00:24:00 -0500 logcheck (1.2.39) unstable; urgency=low todd: * Fix logcheck upgrade script to set owner on lock directory properly Thanks Marco Valli, Maks -- Todd Troxell Tuesday, 19 Apr 2005 11:53:00 -0500 logcheck (1.2.38) unstable; urgency=low maks: * Generalise postfix rule concerning network_biopair_interop. * Add rule for ntp message about valid/infalid peers. (Closes: #303661) * Improve rules .PHONY target + add checkpo rule for the translation check. * Add help target to debian/rules documenting the syntax. jamie: * Add rule in violations.ignore.d/logcheck-postfix for postgrey (Closes: #300888) * Modify bind notify rule for bind 9.3.x (Closes: #303176) * Add various workstation kernel/udev rules for removable devices (Closes: #297995) * Modify rsync rule to match module names with '.', '-' and '_'. Thanks to SATOH Fumiyasu for the patch (Closes: #295352) * Add nagios rule for UNKNOWN state service notification. * Modify postfix anvil rule for 'max connection' statistics messages to match smtps connections too. * Add new rules for policyd, a postfix policy daemon. * Add more postfix rules for certificate verification failure messages. * Add new rules for postfix scache (connection cache server). * Add rule for bind 9.3 'unexpected RCODE' messages. * Modify dnsmasq rule to match '/var/run/dnsmasq/resolv.conf' too. (Closes: #302678) todd: * Change lockfile location from /var/lock/logcheck to /var/lock/logcheck/logcheck (Thanks Rainer Zocholl) to avoid potential DoS condition. (Closes: #304978) * Make lockfile debug messages refer to the correct files. * Add note about dh_installlogcheck permissions. (See #302379) -- Todd Troxell Monday, 18 Apr 2005 23:45:00 -0500 logcheck (1.2.37) unstable; urgency=low maks: * Fix routine message when resolvconf is installed. thanks for patch to Thomas Hood (Closes: #302678) * Add postfix rules for local procmail delivery. (Closes: #302744) * Fix logcheck su rule reporting valid `su -' use. * Add nagios rule for UNREACHABLE messages. thanks for patch to Geoff Crompton (Closes: #298495) todd: * Revert warning on bad regex code (Closes: #302689) -- Todd Troxell Saturday, 2 Apr 2005 17:57:00 -0500 logcheck (1.2.36) unstable; urgency=low jamie: * Update rules for gps 1.0>. * Add/update rules for innd. maks: * Add harmless pdns rule at server level. * Add rules for cups-lpd at level server. * Add violations.ignore.d/logcheck-dcc for the nightly dccifd reporting. * Add rule ignore.d.server/kernel for printer out of paper. (Closes: #298291) * Add one more apm rule for useless gdm logout message. * Add rules for 2 harmless dhcpd and dhclient messages. * Add cvsd, pam rules from Peter Palfrader . * Add ssh rule for timeout before authentication. * Check time of rotated logfile against already gzipped logfile. syslog-ng leaves old syslog.0 logfile in /var/log. (Closes: #296096) todd: * Add support for warnings in report * Update copyright dates * Warn on invalid regex (Closes: #295560) * Update udev for directories (Matt Brubeck) (Closes: #301415) -- Todd Troxell Wednesday, 30 Mar 2005 20:04:00 -0600 logcheck (1.2.35) unstable; urgency=low maks: * logtail fix invocation without switches (compat to old versions). * Add smartd rule, whitespace fix openvpn rule, merge old smartd rules. * Add rule for imaplogin disconnected + logout messages. (closes: #294950, #295418) * Add rule violations.ignore.d/logcheck-ssh + rule ignore.d.server/ssh for the PARANOID wildcard in /etc/hosts.deny. * Match dots as dots aka '\.' in all rules. * Add kernel rules at level workstation (annoying apm, usb storage) * Fix gconf SIGHUP rule (dup whitespace). jamie: * Add rules for webmin (closes: #286307). * Add rules for postfix 2.2, innd. * Modify rule for pure-ftpd logout messages (closes: #294612). * Add rule for pure-ftpd timeout messages (closes: #295254). * Modify rule for pure-ftpd logout messages to match even if username is missing(!) (closes: #295257). * Add rules in violations.ignore.d/logcheck-postfix for certificate verification failures. * Add rule for courierpop3login (closes: 296014). * Add rule in violations.ignore.d/logcheck-pureftp for upload/download messages (closes: #296110). todd: * Correct link syntax in copyright (closes: 296214). * Add comments to clarify postinst -- Todd Troxell Sunday, 20 Feb 2005 23:17:00 -0500 logcheck (1.2.34) unstable; urgency=low todd: * Correct "Gandhi" spelling in docs/README.how.to.interpret. Thanks Satya (closes: #289529) * Set logtail to report errors on stderr instead of stdout. (closes: #289801) * Adjust logcheck to redirect stdout and also stderr when reporting in order to maintain the current behavior of logcheck after the change above. * Change rule directories to setgid for real this time. (closes: #291395) * Update gconf, workstation/kernel rules maks: * Add pdns, fix scponly, fix gconfd SIGHUP rule. * Fix pam_winbind rule at level workstation. (Closes: #289866) * Ignore sudo "command continued" logline. (Closes: #290195) * Add rule for daily sysklogd -r restart at level server. (Closes: #290511) jamie: * Update rules for nagios. -- Todd Troxell Sunday, 23 Jan 2005 21:31:00 -0500 logcheck (1.2.33) unstable; urgency=low maks: * Enhance rules at level workstation for removable devices. (closes: #284505, #284825) * Fix dnsmasq rule regarding DHCPINFORM. (closes: #286532) * Add rbldnsd rules at level server from Rafael Jesus Alcantara Perez . (closes: #285602) * Add jabberd rules from Peter Palfrader . * Add rule for weekly nmbd logrotate. (closes: #286329) * Add rules from Lee Maguire for usb headset on level workstation. (closes: #286747) * Fix dovecot rules: dots in usernames + other breakage. (closes: #286306) * Fix gconfd rules for latest default english logging style. * Logtail need to depend on versioned perl not logcheck. (closes: #288580) * Add rules for dictd, francine, kernel from alfie. * Fix dhcp rules for vlan case. (closes: #289246) todd: * Set rule directories setgid to simplify administration. (closes: #286230) * Add future package plans to TODO * Remove dh_strip and dh_shlibdeps from debian/rules * Touch cron.d/logcheck in postinst. (closes: #284788) * Conditionally set permissions in postinst on version <1.2.33 (closes: #287184) * Update dh_installlogcheck, which has already been patched in debhelper. (closes: #287237) -- Todd Troxell Saturday, 08 Jan 2005 04:56:00 -0500 logcheck (1.2.32) unstable; urgency=low maks: * Add rules for jabberd, openvpn, rsnapshot, saslauthd, stunnel at level server from Peter Palfrader . * Default reportlevel is "server", correct logcheck.conf thanks koki. * Fix up space in newer xdm logging. * Add kernel rule for dvd combi drives at level workstation. * Add nss_ldap rule for apache, sshd syslog line at level server. * Ignore also ssh disconnect from win clients on level server. * Have per package NEWS.Debian files, move them below debian/. thanks alfie for hint dh_installchangelogs(1) for multiple NEWS.Debian. (closes: #281646) * Add and fix hostname match in dnsmasq ruleset. (closes: #283331) * Add rules for workstation related to removable media. (closes: #277644) * Remove kernel rules related to tainted modules. * Fix sudo ignore rule for tty usage. * Fix gconfd rules at level workstation for newest gnome. alfie: * logtail.8: Fixed formating to be consistant, changed OPTION to -r (the only OPTION not mentioned yet :)) jamie: * Add rules for nagios, gps. * Added new rules for messages from USB joystick use. (closes: #282378) * Fix spamd rule to match all hosts. (closes: #282842) -- Todd Troxell Tuesday, 07 Dec 2004 10:57:39 -0500 logcheck (1.2.31) unstable; urgency=low jamie * Fix rules for hylafax, thanks to Ross Boylan. (closes: #270018) max * Add rule for tripwire run at level paranoid. * Add rule for nscd at level server. alfie: * Fixed my non-fix in logcheck, sorry (closes: #279635) todd: * Fix segmented rules, thanks rloboda@bojko.krakow.pl -- Todd Troxell Tuesday, 09 Nov 2004 03:25:11 -0500 logcheck (1.2.30) unstable; urgency=low maks: * Move pptpd rules to level server. * Small typo fixes in docs. * New rules for bind, courier, cpqarrayd, dhcp, jabberd, nagios, ntp, openvpn, postfix, slapd, smartd, smokeping, squid, ssh, thy, uptimed. all for level server thanks to Peter Palfrader . * Logcheck/rules: Don't take locale for granted use character class instead. * Fix 2 samba rules at level server. (closes: #277635) * Added rules for perdition, postfix, pure-ftpd, snmpd. thanks to Brendon Baumgartner * Small enhancment courier rule. * Simplify logic in logcheck-postinst. jamie: * Add rules for dnsmasq. (closes: #277636) * Add rules for hylafax. * Add violations.ignore.d rules for hylafax. alfie: * Fix sed error to really remove trailing spaces. (closes: #278337) * Add myself to uploaders field because of stable releases. todd: * Remove chown from debian/rules. (closes: #277782) -- Todd Troxell Tuesday, 02 Nov 2004 00:21:41 -0500 logcheck (1.2.29) unstable; urgency=low maks: * Don't report sudo calls where pwd contains spaces (Closes: #272969) * Fix trailing space in perdition rule. (Closes: #273433) * Small documentation update how to test rules without fiddling with trailing space. * sed fine tuning to speed up + remove trailing tabs. thanks alfie * Don't use -m switch from sort, it basically disables sorting. Remove gratious call to uniq that should be done with SORTUNIQ. (Closes: #270677) * Add violations.ignore.d/su on old logfiles to be removed on sarge upgrade. * Add rules for kdm/wdm/xdm, kernel (usb, keyboard) on level workstation. * Only show "rules-directories-note" on upgrade. * Enhance ppp rules on level workstation. (Closes: #270019) Add pppoa3 rules to the ppp rules. * Small update concerning reject messages in postfix + new rule. * Added pptpd rules at level workstation. thanks to Erich Schubert * Added first pure-ftpd rules at level server. * Fix cyrus violations.ignore.d rules for higher pids. todd: * Add 1 dovecot rule * Fix another permission issue involving rulefiles. Added chown to debian/ rules. * Simpler formatting on version string. jamie: * Updated rules for innd, added rule for cleanfeed. * Small correction to gps rules. * Added SPF postfix policy server rule for 'SPF pass'. * Fix spelling mistake in dhcp rules. (Closes: #276063) * Change dhcp rules to reflect ISC's change of name. Thanks to Dirk Prosdorf for the patch. (Closes: #276317) -- Todd Troxell Saturday, 16 Oct 2004 19:14:03 -0500 logcheck (1.2.28) unstable; urgency=low maks: * Small fixes: join 2 lines in ignore.d.server/postfix, add '^' for start-of-line ignore.d.server/scponly (Closes: #270398) * Small rule update oidentd (Closes: #271286) * Check if logcheck has the permissions to read the offsetfiles. * Allow Hostname for logcheck mail to be set by commandline switch for log hosts. thanks to Joerg Jaspert * Minor comment fixes for picky readers. * Handle lack of permissions gracefully. (Closes: #271482) * Small update dhcp for dyndns support. (Closes: #260743) * Add a sendfile rule at level workstation for its connect syslogging. -- Todd Troxell Wednesday, 22 Sep 2004 16:35:03 -0500 logcheck (1.2.27) unstable; urgency=low todd: * Add pointer to README.logcheck-database.gz in logcheck man page. (Closes: #268277) * Remove qmail rules because they have been added to qmail package. * Rule updates for spamd (Closes: #269318) * Add note about avoiding file name confilcts in README.Maintainer * Add violations ignore for courier-pop3d-ssl (Closes: #269959) * Add anon-proxy rules (Closes: #269310) * Add perdition rules thanks to jamie@silverdream.org (Closes: #270191) -- Todd Troxell Monday, 06 Sep 2004 19:10:19 -0500 logcheck (1.2.26) unstable; urgency=low maks: * Fix multi-line build-depends lintian warning for source package. * Add su usage hint a root check. thanks todd and Alfie! * Small rules updated and added dhcp, nagios, postfix, squid, winbind. (Closes: #267587, #266432) -- Todd Troxell Tuesday, 31 Aug 2004 02:02:03 -0400 logcheck (1.2.25) unstable; urgency=low todd: * Small rule updates for dhclient, ntp, bind, kernel, bonobo, qmail, proftpd, ntpd, gconf, dovecot, su, samba, postfix (Closes: #259603, #264158) * Add line to logcheck.postinst to remove header.txt on purge * Add check to exit if running script as root. eevans: * Added violations.ignore.d/logcheck-spamd rule, (Closes: #262327) maks: * Re-format NEWS.Debian into Debian changelog format (Closes: #255932) * Remove /var/state/logcheck from debian/logcheck.dirs. * Small rule updates for pdns, pop3d-ssl, postfix, scponly. * Ack woody security fix. (Closes: #193161) * Small rule updates for dhcpd, kernel, nagios, postfix, rsnapshot thanks to Peter Palfrader . * Add gps policy server rules. (Closes: #265176) * Fix port match in oidentd rules. (Closes: #265588) -- Todd Troxell Friday, 13 Aug 2004 22:54:13 -0500 logcheck (1.2.24) unstable; urgency=low eevans: * Added violations ignore rule for squid (Closes: #257874) maks * Added dhcpd-client, kernel, ntp, postfix rules. (Closes: #259094) * Added lots of postfix rules at level workstation for those, who wants to include /var/log/mail.log. (Closes: #206495) * Generalize "nobody" to "[_[:alnum:]-]+" for su rule. * Update rules ignore.d.paranoid/cron, ignore.d.paranoid/postfix. New courier rules merged and simplified from imap, impd-ssl and pop3d-ssl. thanks to Bastian Blank . (Closes: #258759) * Fix pid regex in cyrus rules. (Closes: #259092) * Added cyrus rules for notifyd. (Closes: #259466) * Make sure logtail gets a logfile to read, if not exit soon. Documented -o switch in logtail(8). (Closes: #259371) * Added logcheck-devel mail to logtail(8) and copyright. * Added userv rules. (Closes: #260105) * Generalize user match in spamd rule. (Closes: #260103) * Added a ippl rule at level workstation. (Closes: #260102) * Updated logcheck help message to all existent switches. Corrected logcheck command line parsing, -T needs no args. Use 6 'X' for mktemp(1) template. Better lock handling. (Closes: #260330) * Do not create unused /var/state/logcheck and really get rid of it. (Closes: #260096) * Added cs Translation. thanks Jan Outrata. (Closes: #260382) * Remove duplicate postfix rules, fix for remote string add lmtp rule. (Closes: #260810) todd: * Added 2 kernel rules for sparc workstations. * Added nearly 50 squid rules. (Closes: #213711) * Fix anacron Normal exit rule. * Move adduser from preinst to postinst (Closes: #258735) * Update pump and dhclient rules. -- Todd Troxell Friday, 23 Jul 2004 21:39:19 -0500 logcheck (1.2.23) unstable; urgency=low maks: * Remove logcheck pre-dependency on logtail. * Added imapproxy, kernel, nfs, scponly rules. * Updated dhcpd, innd, postfix, su, sudo rules. (Closes: #253879, #244171, #190101, #254681, #253861, #186372, #255560). * Fix locale dependent regexes. * Implemented testing mode to logcheck - doesn't update offset. * Added -l LOG switch for test runs on new log files. thanks todd for ideas and first work (Closes: #234385). * Add -m switch to specify recipient. (Closes: #149567). alfie: * debian/logcheck-database.templates: Clearified the rules-directories-note template and got updates for all translations. Thanks for fast responses! todd: * Update innfeed rules (Closes: #254133). * Update dhcp3 rules (Closes: #256549). * Change postinst script to set permissions on versions previous to 1.2.23 (Closes: #253998). * Add postfix rule for lmtp. * Add Rule for cyrus imap/SQUAT annoyance. * Spamd update for unknown message id. * Add Kernel and bonobo rules for workstations. -- Todd Troxell Thursday, 12 Jul 2004 22:55:19 -0500 logcheck (1.2.22a) unstable; urgency=low maks: * Fix broken cleancheck call. (Closes: #252966, #253075, #253260, #253486) -- Todd Troxell Thursday, 10 Jun 2004 04:18:23 -0500 logcheck (1.2.22) unstable; urgency=low maks: * Remove broken attempt to avoid UTF-8. (Closes: #214117) * Update automount, innd, kernel, openvpn, postfix rules. (Closes: #252216, #249474, #244172, #252174, #187496, #249181, #252712) * Better readability of greplogoutput() in logcheck. * Our Perl usage needs 5.8, add dependency. (Closes: #252078) * Rename conflicting logcheck-sendmail rule in logcheck-sendmail_tmp Sendmail ships aboves rule. (Closes: #252661, #252556) todd: * add MAILTO=root to logcheck.cron.d (Closes: #252597) -- Todd Troxell Saturday, 05 Jun 2004 14:02:47 -0500 logcheck (1.2.21) unstable; urgency=low maks: * Better description of logtail package. * Recommend use of an offsite email address in main conf. * Added and updated bind, cracklib, innd, kernel, logcheck, nntpcache, Login.app, proftp, postfix, pump, sendmail rulefiles. (Closes: #248816, #213709, #198767, #248409, #249074, #250374, #250373, #249181) * Added -v switch (outputs logcheck version). * Harden permissions regarding world. * Added and updated arpwatch, bind, gconf, gdm, kernel, openvpn, postfix, rpc.statd and spamd rules. thanks to Peter Palfrader . * New Config option for subject tags [logcheck]. * Lower all debconf messages priority. * Added and updated oidentd rules. (Closes: #186849) thanks to Tobias Wolter * Ignore normal use of su and sudo. (Closes: #182992, #192192) * Remove empty file innd. * Add switches to logtails default arguments. * Added cvs-build, cvs-clean debian/rules - stolen from apt. * Denote /etc/logcheck/logcheck.logfile as CFG in manpage and logcheck. * Move logtail.8 from debian to doc dir. * Added Japanese translation. thanks to Hideki Yamane (Closes: #251463) * Added French translation. thanks to Rémi Pannequin (Closes: #252173) * Fix bashishm in preinst and postinst. (Closes: #251364) todd: * Add debconf to logcheck Depends: * Check the return values of all commands that write to disk. (Closes: #174173) * Add NEWS.Debian to logcheck.docs (Followup to #247360) eevans: * Made addition of logcheck user and permissions/ownership changes a conditional of an upgrade from a version less than 1.2.19. (Closes: #249324) * Added a note to README.Debian on how to manually change the cronjob interval. (Closes: #222240, #226937) alfie: * src/logcheck: test also for readability for the header.txt and footer.txt. * debian/changelog: stripped all trailing whitespace from the file. * debian/*templates: Some small consistency and formating updates. Updated the debian/po/*.po files too. -- Todd Troxell Thursday, 03 Jun 2004 05:49:47 -0500 logcheck (1.2.20a) unstable; urgency=low maks: * Fix bug where many extra TMPDIRs were being created and never removed -- Todd Troxell Sunday, 16 May 2004 02:21:00 -0500 logcheck (1.2.20) unstable; urgency=low maks: * Updated gconfd rules. (Closes: #246695) * Added and Updated ntpd rules. (Closes: #246750) * Added first cyrus rules. (Closes: #247047) * Updated pop3d-ssl rules. * Updated postfix rules. (Closes: #196258, #190696) * Try secure TMPDIR in /tmp if /var/tmp fails. (Closes: #242284) * Initial german translation. * Set a sane DEFAULTLEVEL="server" in logcheck itself. * Better hantling of crontab. (Closes: #243019) * Enhanced manpage logcheck(8). (Closes: #215640) * Add syslog-ng option for sysklogd dependency. (Closes: #248244) alfie: * Full german translation. * Updated pt_BR translation from André Luís Lopes. * Run debconf-updatepo. * debian/logcheck.8 is generated, so get rid of it in clean target, too. todd: * Change logcheck home to /var/lib/logcheck. (Closes: #247614) * Change modes on /etc/logcheck. (Closes: #247929, #248046) * Allow adm group to read logcheck rules. (Closes: #209048) * Remove noroot template. (Closes: #247360) * Remove useless chown to /var/tmp/logcheck* thanks to maks. * Remove bash depends. Bash is marked essential. * Change Maintainer field to Debian logcheck Team, set ttroxell@debian.org as uploader. * Bumped standards to 3.6.1. * Removed Python from Build-Depends-Indep. Thanks, Alfie. * Changed chmod to /etc/logcheck in postinst to use X flag instead of x. Thanks, Martin Waitz -- Todd Troxell Wednesday, 12 May 2004 04:49:00 +0000 logcheck (1.2.19-2) unstable; urgency=low maks: * Add another chown -R flag. (Closes: #247279) todd: * Fix templates (Closes: #247466, #247467, #247424) * Lower debconf noroot message priority * Add NEWS.Debian to make some progress on 247360 -- Todd Troxell Wednesday, 05 May 2004 01:39:00 +0000 logcheck (1.2.19-1) unstable; urgency=low todd: * quick fix release to keep things working in unstable * add -R flag to chmod in configure (Closes: #247230) -- Todd Troxell Monday, 03 May 2004 16:02:11 +0000 logcheck (1.2.19) unstable; urgency=low maks: * Rename "Security Violations" in "Security Events". (Closes: #182079) * Use the newer gettext-based debconf template translation system. Patch with pt_BR translation from André Luís Lopes. (Closes: #187519) * Documented -u switch in manpage. * Updated pump rules. * Updated uptimed rules. (Closes: #216204) * Logcheck used empty ignores when greplogoutput was called with 2 arguments. Thanks to Paul Cassella for preliminary patch. (Closes: #243980) eevans: * Added a trap to invoke cleanup() when shell exits. Thanks to Marc Staveley for the patch. (Closes: #207795) * Changed interpreter from /bin/sh to /bin/bash todd: * Added -t flag to logtail and logtail.8 - used in test mode - see man page * Added bash depends in debian/control - required by trap patch above * Added adduser depends, add logcheck user on preinst and remove in postrm * Set to run as user logcheck (Closes: #97573) * Changed permissions in Makefile to allow for use as user logcheck * Set configure in postinst to fix file perms on on files to facilitate running as user logcheck * Removed chmod from logtail. (Closes: #189822) -- Todd Troxell Monday, 03 May 2004 09:59:29 +0000 logcheck (1.2.18) unstable; urgency=low * New maintainer (Closes: #244271) * Updated debian/copyright with new upstream information. (Closes: #206022) * Updated sudo, oidentd rules. * Updated dhclient rules. (Closes: #202718) * Updated ignore.d.server/ssh to match newest ssh logs. (Closes: #242217) * Updated cron, ssh, sudo, su rulefiles to recent PAM session logs. (Closes: #241058, #242276, #243861) * Sync better package description with manpage intro. * Use standard ISO 8601 separator like "-" for date. (Closes: #226840) * Removed reference to old filename restriction. (Closes: #193485) * Better wording for -l switch. (Closes: #234383) * Added Files section in manpage. -- Todd Troxell Friday, 23 Apr 2004 20:04:21 +0000 logcheck (1.2.17) unstable; urgency=low * Allow rules in ignore.d.violations to run regardless of filename prefix. (Closes: #241236) Patch from maximilian attems * Allow mail subjects to optionally qualify the reporting machines hostname. (FQDN=[01]) (Closes: #241216) * Strip leading and trailing whitespace from log entries before processing them. (Closes: #238513) * Added NTP rules. (Closes: #222944) * Updated su rules. (Closes: #226838) -- Steve Kemp Wednesday, 01 Apr 2004 11:04:21 +0000 logcheck (1.2.16) unstable; urgency=low * Penultimate upload before the new perl revision homed at: http://alioth.debian.org/projects/logcheck Volunteers and co-maintainers welcome, many thanks for the recent bug triaging by many people. * Suggest syslog-summery in the control file. (Closes: #210753) Thanks to Julien Noel. * Warn if syslog-summery isn't installed. (Closes: #192167) and (Closes: #185788) Thanks to Julien Noel. * Updated the matching pattern for su. (Closes: #230587) Thanks to Bengt Thure. * Use 'logcheck' in the license files instead of 'foobar'. (Closes: #212147) Thanks to Marc Haber. * Updated dependencies to include exim4 instead of exim. (Closes: #228584) Thanks to Marc Haber. * Make all rule files readable to the world. (Closes: #224026) Thanks to Marc Haber. -- Steve Kemp Wednesday, 03 Mar 2004 17:31:27 +0000 logcheck (1.2.15) unstable; urgency=low * Clarified copyright, thanks to Javier (Closes: #196433) * Incorpated improved patern for 'su'. * Updated the header/footer usage, thanks to Santiago Vila (Closes: #191891) * Fixed typo in template, thanks to Christian (Closes: #191340) * Fixed more typos in templates, thanks to Jens (Closes: #201628) * Create working directory on install, thanks to Peter Rose (Closes: #198922) -- Steve Kemp Thursday, 07 Aug 2003 11:08:45 +0000 logcheck (1.2.14) unstable; urgency=low * Improved lockfile handling, thanks to Nicholas Francois (Closes: #189867) * Call logfile via it's complete path, thanks to Mark Ballinger (Closes: #190395) * Updated the rules for dhclient, thanks to Mark Brown (Closes: #190872) * Don't complain about failing removal of checkfile, thanks to Christian Hammers (Closes: #186365) * Allow the use of configuration header and footer text, thanks to Jon Marler (Closes: #177227) * Added minimal new file for removing USB debugging messages from the mails. * Added minimal configuration file for ignoring sudo messages. -- Steve Kemp Mon, 07 Apr 2003 10:17:20 +0000 logcheck (1.2.13) unstable; urgency=low * New maintainer. -- Steve Kemp Mon, 07 Apr 2003 10:17:20 +0000 logcheck (1.2.12) unstable; urgency=low * Add the /etc/logcheck/cracking.ignore.d directory to logcheck-database. * Changes to PATH handling. - Set PATH in the crontab - No longer set PATH in logcheck. * Some cleanups to the depends. * Add a description comment to the crontab. * Cleanups to the introduction message disabling code - Change logcheck.conf to be INTRO=1 instead of INTRO="yes" - Check for old style INTRO settings in logcheck.conf and correct. * Updates to the regression tests to set the PATH, so it finds the correct version of logtail. * Changes to the Introduction message. * Flag a @reboot run of logcheck in the subject line. * Use debian/compat instead setting DH_COMPAT=4 in debian/rules. * Some improvements to the following rulefiles: - /etc/logcheck/ignore.d.paranoid/cron - /etc/logcheck/ignore.d.server/innd -- Jon Middleton Wed, 19 Mar 2003 21:34:29 +0000 logcheck (1.2.11) unstable; urgency=low * Add an configuration option to run syslog-summary over each sections log messages. (closes: #87439) -- Jon Middleton Sat, 1 Mar 2003 22:52:55 +0000 logcheck (1.2.10) unstable; urgency=low * Added ignore rules for courier-pop-ssl. (/etc/logcheck/ignore.d.server/pop3d-ssl) * Added ignore rules for courier-imap-ssl. (/etc/logcheck/ignore.d.server/imapd-ssl) * Reduced the imap ignores to cover only courier-imap. (/etc/logcheck/ignore.d.server/imap) * Yet more rulefile improvements: - /etc/logcheck/violations.ignore.d/logcheck-postfix - /etc/logcheck/ignore.d.paranoid/postfix - /etc/logcheck/ignore.d.server/ssh - /etc/logcheck/ignore.d.server/postfix - /etc/logcheck/ignore.d.server/innd - /etc/logcheck/ignore.d.server/ucd-snmp (closes: #182441) - /etc/logcheck/ignore.d.server/automount (closes: #182271) -- Jon Middleton Sat, 1 Mar 2003 19:03:46 +0000 logcheck (1.2.9) unstable; urgency=low * Use the replacement subject options from logcheck.conf to set the section headers. * Yet more fixes to violations.ignore.d/logcheck-innd. * Some improvements to the following rulefiles: - /etc/logcheck/ignore.d.paranoid/cron - /etc/logcheck/ignore.d.paranoid/postfix - /etc/logcheck/ignore.d.server/imap -- Jon Middleton Sun, 23 Feb 2003 10:37:56 +0000 logcheck (1.2.8) unstable; urgency=low * Added ERROR to violations.d/logcheck. (closes: #182011) * Correct typo in violations.ignore.d/logcheck-innd. (closes: #181847, #182025) * Ignore pam session open and close messages for a user in violations.ignore.d/su. (closes: #180844) * Some fixes and improvements to the following rulefiles: - /etc/logcheck/cracking.d/logcheck - /etc/logcheck/violations.ignore.d/logcheck-innd - /etc/logcheck/ignore.d.paranoid/cron - /etc/logcheck/ignore.d.paranoid/ssh - /etc/logcheck/ignore.d.server/cron - /etc/logcheck/ignore.d.server/imap - /etc/logcheck/ignore.d.server/innd (closes: #181137) - /etc/logcheck/ignore.d.server/logcheck - /etc/logcheck/ignore.d.server/postfix - /etc/logcheck/ignore.d.workstation/ppp - /etc/logcheck/ignore.d.workstation/logcheck -- Jon Middleton Sat, 22 Feb 2003 18:47:49 +0000 logcheck (1.2.7) unstable; urgency=low * Update README.Maintainer to be a bit clearer. (closes: #178664) * Add missing \]'s to ignore.d.server/postfix. (closes: #180533) * Do not show upgrade messages on initial install (closes: #180667) * Rename violations.ignore.d/innd to violations.ignore.d/logcheck-innd. * Document setting $RULEDIR in the config file (closes: #181420) * Replaced [[:digit:]]+ with [0-9]+ as it's makes lots of lines shorter. * Fixes and improvements to the following rulefiles: - /etc/logcheck/violations.ignore.d/logcheck-postfix. - /etc/logcheck/violations.ignore.d/logcheck-innd. - /etc/logcheck/ignore.d.server/dhcpd. (closes: #181137) - /etc/logcheck/ignore.d.server/innd. (closes: #180792) - /etc/logcheck/ignore.d.server/imap. (closes: #181263) - /etc/logcheck/ignore.d.server/dhclient. - /etc/logcheck/ignore.d.server/squid. - /etc/logcheck/ignore.d.paranoid/postfix. - /etc/locgecck/ignore.d.paranoid/imap. - /etc/locgecck/ignore.d.paranoid/ppp. -- Jon Middleton Wed, 19 Feb 2003 22:18:38 +0000 logcheck (1.2.6) unstable; urgency=low * The "Mutli-Megabyte mails are good for you" release. This release improves the matching of *most* rulefiles, but there are an number of services that I do not run. Patches to any incorrectly anchored lines (with example syslog messages) would be welcomed. * Cleanup the rulefiles - Remove duplicate rules from workstation, server and paranoid. - Remove .* where possible (closes: #165950). - Anchor all lines with ^ and $ (closes: #166029). - Remove obsolete and badly written rules. * Indent Build-Depends-Indep in the control file. * Only display the debconf standard-rename-note note if upgrading for a version less than 1.2.1 * Prompt with debconf about the removal of old conffiles. -- Jon Middleton Sun, 9 Feb 2003 16:41:41 +0000 logcheck (1.2.5) unstable; urgency=low * Renamed old README to CHANGES, now logs changes. * Documentation updates from Justin B Rye. (closes: #177320) - Updates to CHANGES - New READMEs for logcheck, logcheck-database, logtail - Updates to logtail manpage. * Rulefile ignore.d.paranoid/bind is now left-anchored. (Thanks to Justin B. Rye). * Updated to debhelper v4. - Updated Build-Depends-Indep - Use ${misc:Depends} to generate debconf depends. * Add a versioned build-dep for debianutils, as the regression tests require run-parts with the --list option. (closes: #177987) * Improvements to violations.ignore.d/su from Elmar Hoffmann. (closes: #178421) * Improvements to ignore.d.server/dhclient from Jonas Smedegaard. (closes: #178540) * Remove ignore.d.workstation/dhclient and ignore.d.workstation/dhcp as there the same as files that are in ignore.d.server. -- Jon Middleton Mon, 27 Jan 2003 11:40:06 +0000 logcheck (1.2.4) unstable; urgency=low * No longer use echo -e, as it's not available under dash. (closes: #176700) * Add violations.ignore.d/su to ignore some common cases. * Improved regex's for su and sudo violations rulefiles. * Improved regex for innd violations.ignore rulefile. -- Jon Middleton Tue, 14 Jan 2003 23:04:37 +0000 logcheck (1.2.3) unstable; urgency=low * Update to Standards-Version 3.5.8 * Doc's now mention egrep not grep (closes: #52096) * Move su and sudo into there own violations files. (closes: #176532) * Enable (and note) changes to ignore.d directory behaviour. -- Jon Middleton Sun, 12 Jan 2003 23:48:13 +0000 logcheck (1.2.2) unstable; urgency=low * Reduce memory use in logtail by calling the file handle from a while loop. (closes: #175546). * Include manpage for logcheck. (closes: #169197) * Make sure that all rulefiles have new line before EOF. (closes: #166015, #175985) * Sort logcheck rulefiles. * Remove duplicates from cracking and violations logcheck rulefiles. -- Jon Middleton Sat, 11 Jan 2003 21:12:34 +0000 logcheck (1.2.1) unstable; urgency=low * Use lockfile-progs instead of dotlockfile as it works. * Some more Getopts tweaks from Justin B Rye. * Rename the standard files to logcheck, as it's a better name. * Send error mail only when only in STDOUT mode. * Rename standard.postfix to logcheck-postfix, so that run-parts will list it. (closes: #175300). * Correct typo in README.Debian.(closes: #175402) * Support local-* file in violations.ignore.d for local ignores. (closes: #175302) -- Jon Middleton Sun, 5 Jan 2003 19:52:32 +0000 logcheck (1.2.0) unstable; urgency=low * Removed the uploaders field from the control file. * Fix cracking ignore support (Thanks to David James McClurkin) * Make use of run-parts --list for the cleaning of rulefiles and depend on debianutils >= 1.16.9, this also removes error messages about ignored file types. (closes: #166901, #166044) * Corrections to debian/logcheck.templates. (closes: #173749) * Removed ignore.d.workstation/exim and ignore.d.paranoid/exim as these messages are covered by the cron ignore file. (closes: #166097) * Set the REPORTLEVEL to paranoid if not set in the conf file. * Added commandline options. * Improved the introduction message (closes: #174329) * Removed ignore files for non-free packages (portsentry and qmail) * Improved Bind ignores from Jonas Smedegaard (closes: #171362, #171362) * No longer use hardcoded paths (closes: #174972, #175044) * Documentation updates (Thanks to Justin B Rye) - Spelling and grammar fixes to debug and comments - Improvements, spelling and grammar fixes to debconf templates - Improvements, spelling and grammar fixes to README.Debain - Usage text for logcheck -h - Improvements to /etc/logcheck/logcheck.conf * Added code (not yet enabled) to allow the ignore directories to also include the files from lower levels i.e. workstation = workstation + server + paranoid server = server + paranoid paranoid = paranoid -- Jon Middleton Thu, 2 Jan 2003 20:02:35 +0000 logcheck (1.1.9.8) unstable; urgency=low * Packages can now to apply ignore rules to the standard violations file. (closes: #155594, #155596) * Added more bind ignores for to ignore.d.server. (closes: #164859) * Added ignores for gconf to ignore.d.workstation. * Added ignores for squid to ignore.d.server. * Added a lockfile so that only one instance can run (closes: #144118) * Added violations.ignore.d/standard.postfix with common messages. * Added failure to violations.d/standard. * Support old and new style of pam syslog messages. * Fix errors reported by linda. - Use set -e in all Maintainer scripts instead of /bin/sh -e. - Remove unused dh_testversion. - Install undocumented man page for logcheck. -- Jon Middleton Sun, 20 Oct 2002 17:26:55 +0100 logcheck (1.1.9.7) unstable; urgency=low * Do not mask some real errors from dhcp (closes: #164794) * Ignore crontab edit and replace for server and workstation (closes: #97407) -- Jon Middleton Tue, 15 Oct 2002 09:17:56 +0100 logcheck (1.1.9.6) unstable; urgency=low * Added ignore rules for dhclient and chronyd (closes: #161247, #92101) * Added innd stats message to violations.ignore.d/standard (closes: #91734) * Added ucd-snmp Connections to ignore.d.server/standard (closes: #100721, #95682) * Added promisc to violations.d/standard (closes: #113572, #114616) * Added ignore rules for pppd (closes: #137228) * Added rules for dhcp3-server to ignore.d.server/dhcp (closes: #141973) * Added lame server ignore rule for bind9 (closes: #146150) * Added local oidentd lookup to ignore.d.server/standard (closes: #92272) * Added some imapd ignore rules to ignore.d.server/imap (closes: #136699) * Added ignore for bind NOTIFYs to ignore.d.server/bind (closes: #128901) * Updated workstation and server ignore entries for new pam (closes: #164168) * More robust handling of non-existent logfiles (closes: #164003) * Added ignore rules to server and workstation for nntpcache (closes: 164534) -- Jon Middleton Thu, 10 Oct 2002 19:58:30 +0100 logcheck (1.1.9.5) unstable; urgency=low * The default reportlevel was not changed in the last release. * Fix logtails postinst for upgrade from versions between 1.1.9.2 and 1.1.9.4. * Change logcheck.logfiles to only be a union of *.* this should finally fix the long standing problem of lines being logged multiple times in one email message. -- Jon Middleton Wed, 11 Sep 2002 20:27:47 +0100 logcheck (1.1.9.4) unstable; urgency=high * Urgency set to high, as this version needs to get into testing. * Make the test for the logtail manpage divert silent. * Change default reportlevel to paranoid * Change Conffile handling (closes: #156945, 156942) - Do not update logcheck.logfiles with syslogd-listfiles. - Temporarily do not ask some debconf questions. - Do updated logcheck.conf with debconf values. * Start to overhaul the documentation (closes: #156758) - Removed out of date upstream 1.1.1 docs from the package. - Link logcheck manpage to undocumented until it has been updated. - Moved maintainers information into README.Maintainer - Replaced the old upstream README with updated version. - Changed README.Debian to only cover setup. -- Jon Middleton Mon, 19 Aug 2002 21:36:04 +0100 logcheck (1.1.9.3) unstable; urgency=low * Fix logtails postinst for upgrade from versions prior to 1.1.1-13.1 (closes: #156772, 156727) -- Jon Middleton Thu, 15 Aug 2002 18:37:22 +0100 logcheck (1.1.9.2) unstable; urgency=low * Added Rene Mayrhofer and myself to the Uploaders field. * Logheck postinsts: - Do not exit if confiles not writable (closes: #121123) - Do not exit if logcheck.logfiles has no comments (closes: 155398) * Fix typo's in the debconf messages (closes: #155486) * Change logtail to only depend on perl-base (closes: 156416) * Improve error checking of cleanrules function (closes: 156387) * Try to make warning about rulefile symlink's more meaningful. * Ack Chris Boyle's NMU (closes: 133108) -- Jon Middleton Mon, 12 Aug 2002 21:47:17 +0100 logcheck (1.1.9.1) unstable; urgency=low * Change the maintainer to be myself. * Increase the version number as this version has undergone a complete rewrite (and make it a Debian native package). (closes: #121923) * Set LC_CTYPE="" for utf-8 locels. (closes: #136508) * Add cracking ignore suppport. (closes: #114573, #123898, #131934, #131934) * Security violation mails now have a different subject. (closes: #119465) * Comments are now allowed in rulefiles. (closes: #148964) * Really fix the the directory problem. (closes: #151239, #136015) * We now use functions for common code. (closes: #127864) * All greps are now case sensitive. (closes: #112128, #94351) * Try to reduce the number duplicate lines. (closes: #129700, #122133, #126326) * Lines logged in one section will not appear in any others. * If there is no reportlevel set, exit with an error. * Added options in logcheck.conf for - debug information with timestamps. - use sort -u instead of -k 1,3 -s (closes: #122133) - overriding the default date - set subject lines for emails. - set the reportlevel (instead of with an symlink). - disable newbie message (closes: #142655) * Reduced the length of the e-mail subject lines. * Standard rulefiles are now stored in the .d directory's. * Move standard rulefiles to there new location on upgrade. * Rewrote main Makefile and use that in debian/rules. * Depend on the Source version of logtail and logcheck-database. * Versioned depends on debian-utils. (closes: #153668) * Manpages now in right packages. * Do not create symlinks for files in ignore.d's (closes: #135053, #151453) * Issue warning if symlink found in /etc/logcheck/*.d * Added Debconf question about not managing logcheck.conf (closes: #136772) * We do use a stable sort (closes: #111597) * Added logrotate support from Oohara Yuuma (closes: #153669) * Close the bugs from my NMU's (closes: #139666, #134294, #144390, #137043, #136890, #55970, #136890, #134286, #143851, #132254, #149740, #149767, #146896, #120894, 136015, #122158, #149134, #131923, #131076, #149990) -- Jon Middleton Sat, 20 Jul 2002 15:56:24 +0100 logcheck (1.1.9.0) experimental; urgency=low * Experimental version * Not released. * Now a Debian Native package as the diffeneces to 1.1.1 are so vast. -- Jon Middleton Sat, 29 Jun 2002 21:42:12 +0100 logcheck (1.1.1-13.5) unstable; urgency=low * NMU with maintainer's permission. * Use full path to mktemp. * Run mktemp after we get the e-mail address. -- Jon Middleton Mon, 1 Jul 2002 20:38:49 +0100 logcheck (1.1.1-13.4) unstable; urgency=low * NMU with maintainer's permission. * Optimize performance (closes: #131923) * Identification lines can now be disabled. (closes: #131076) * Fix typo in TMPDIR variable (closes: #149990) * Removed PATH and hard coded command locations. * Only run /usr/sbin/syslogd-listfiles in the postinst if it is executable. -- Jon Middleton Sat, 15 Jun 2002 19:24:32 +0100 logcheck (1.1.1-13.3) unstable; urgency=low * NMU with maintainer's permission. * Removed bashism (closes: #149740) * Exit if there's nothing to do (closes: #149767) * Ignore dpkg backups and editor saves. (closes: #146896) * Added --directories=skip to egrep. (closes: #120894, 136015) * Use --text option to grep (closes: #122158, 149134) -- Jon Middleton Wed, 12 Jun 2002 18:14:29 +0100 logcheck (1.1.1-13.2) unstable; urgency=low * NMU with maintainer's permission. (fix install errors and close some long standing bugs) * Create temporary directory with mktemp -d and cleanup after every run. (closes: #139666, #134294) * Remove /var/tmp/logcheck from package. * Move cleaned rulefiles to the temporary directory. (Fixes half of #148964) * Do not remove /var/lib/logcheck in postinst. (closes: #144390, #137043, #136890) * Install manpages for logcheck not logcheck.sh (closes: #55970) * Move logtail manpage into the logtail package (closes: #136890) * Remove Non-English character from package description. (closes: #134286) * Fix ssh excludes for newer versions (closes: #143851, #132254) -- Jon Middleton Sun, 9 Jun 2002 17:16:31 +0100 logcheck (1.1.1-13.1) unstable; urgency=medium * NMU. (trying to get back into woody) * Moved state files to /var/lib/logcheck (and /var/lib/logcheck/cleaned), to be FHS-compliant, but left actual temporary stuff (TMPDIR) in /var/tmp/logcheck). Closes: #133108 * Added chmod to ensure logtail is 755, as nothing else was making it so. I guess Rene just kept his dir lying around with logtail as 755. -- Chris Boyle Thu, 21 Feb 2002 19:00:22 +0000 logcheck (1.1.1-13) unstable; urgency=HIGH This upload fixes a security bug, therfore uploading with urgency HIGH. * Fixed usage of uniq for filtering out duplicate lines. This has been introduced by a patch I got. In the future, I will have to proof-read patches very closely..... Closes: #127400 (Might also fix #129700, but please tell me if it really does.) * Also get rid of /var/state/logcheck, /var/cache/logcheck and /var/lib/logcheck (that one might get re-introduced in the future, but is not needed at the moment). Move everything under /var/tmp/logcheck to be FHS-compliant. Closes: #128541 -- Rene Mayrhofer Mon, 21 Jan 2002 10:55:09 +0100 logcheck (1.1.1-12) unstable; urgency=medium * Hopefully fixed the upgrade from logcheck <= 1.1.1-9 now by adding a versioned Replaces line for logcheck-database and logtail. Closes: #120761, #120762, #120852 * Now the auto-generation of /etc/logcheck/logcheck.logfiles works as expected. Reactivaed it in the config and postinst scripts. This works by using syslogd-listfiles from sysklogd. -- Rene Mayrhofer Sun, 25 Nov 2001 14:07:11 +0100 logcheck (1.1.1-11) unstable; urgency=high FTP maintainers: please decide on your own if this should go into stable. It might be a good idea because it fixes some possible security bugs and also has some features that I keep getting bug reports about (the current version in stable is ancient). This release fixes a serious bug (FHS problem) and also fixes A LOT of old bug reports. I am sorry for being inactive on this package for such a long time, but now I am going back to active development. If you want any feature, then simply file a bug report. I am now going through bug reports and mails asking for the addition of ignore rules to logcheck and I will reassign those bugs to the appropriate packages. Now that logcheck has a stable mechanism for package specific rules files, please use it. Those rules will be definitely more up-to-date when they come with the package that generates the log messages to be filtered. If you have any rules that you would like to be added to the default installation and they clearly belong to a single package, then please ask the maintainer of this package. I would really like to see this package going from optional to standard priority, but I need quite some help from others to achieve this. The goal should be that - on workstation logging level - the user only gets an email when seomthing goes terribly wrong. This way, logcheck can be installed on all new Debian installations without causing inconvenience for users, but offering them a notification tool if something is really broken (or better: before something gets broken). And with the current size of the logcheck package, space should be no problem.... * Moved offset data from /var/state/logcheck to /var/lib/logcheck to comply with FHS. Closes: #108227 * Incorporated a shell snippet from Markus Gutschke for reading configured logfiles from /etc/syslog.conf. This way, logcheck can automatically fill /etc/logcheck/logcheck.logfiles with correct values. Update: Disabled the code for now because the sed expression does not take log file names starting with a "-" in account. If anybody wants to correct this sed expression in the logcheck postinst, please let me know. I just want to get this release out, finally..... * Changed maintainer to rmayr@debian.org. * Updated policy version to 3.5.6.0 (this really was a warp jump....). * Remove empty lines from rules files before using them. This fixes a security problem, because empty lines act as wildcards. Therefore one single rule file with an empty line would prevent all log entries from being displayed. (Idea and one line of shell snippet borrowed from Steve Smith.) Closes: #50966 * Split logtail in its own package. * Split the logcheck rules database in an own package logcheck-database. Closes: #117537 * Change naming of offset files in /var/lib/logcheck so that watching /var/log/nmessages and /var/log/local/someapp/messages will work. Closes: #94234, #108720 * Fixed a small typo in logcheck.sh. Closes: #99619 * Removed /etc/logcheck/ignore.d.paranoid/sendmail, since it is now included in the sendmail package. Closes: #113305, #118423, #111549, #110010, #111915 * The removal problems should now be fixed (now not printing anything in postrm anymore - this seemed to be a problem with the debhelper-generated debconf cleanup stuff). Closes: #90836, #110412 * Fixed handling of ignore greppings. Closes: #95592, #87225 * Fixed another small bug with grepping ignore files. Closes: #118494 * Do not install the INSTALL file anymore. * Corrected spelling errors. Closes: #90862, #99106 * Renamed /etc/logcheck/*hacking* to /etc/logcheck/*cracking* Closes: #96319 * Corrected the sorting of lines in logcheck.sh so that lines with the same timestamp get their order preserved. Cloeses: #111597 * Changed string "Security Violations" to "Possible Security Violations" in sent mails. Closes: #113185 * Do not use logtail.c from the original logcheck package anymore, but a perl version by Paul Slootman. This makes the package architecture independent. Closes: #89614 * Run logcheck on reboot (using a line with @reboot in /etc/cron.d/logcheck). Closes: #97172 * Make symbolic links in /etc/logcheck relative. Closes: #108370 * Allow comments in /etc/logcheck/logfiles Closes: #111198 * Renamed logcheck.sh to logcheck. Closes: #113842 * Finally fixed the problem with logrotation. Closes: #70926, #79836, #118800 This is from 1.1.1-10 (never uploaded, only internal testing), but repeated here because of the closed bug report. * There should be no more problems with duplicate entries in logcheck.ignore.workstation, because now this file is quite minimal and not generated from diffs to logcheck.ignore.paranoid anymore. Closes: #86726 * Users, please use the newest logcheck version, 1.1.1-4 is ancient. Those bugs have been closed quite some time ago: Closes: #103397 -- Rene Mayrhofer Fri, 9 Nov 2001 15:59:14 +0100 logcheck (1.1.1-10) unstable; urgency=medium * There should be no more problems with duplicate entries in logcheck.ignore.workstation, because now this file is quite minimal and not generated from diffs to logcheck.ignore.paranoid anymore. Closes: #86726 -- Rene Mayrhofer Sat, 25 Aug 2001 13:17:45 +0200 logcheck (1.1.1-9) unstable; urgency=low * Split the logcheck.ignore.* files into smaller pieces, one for each package that generates the log messages. Now there are directories /etc/logcheck/ignore.d.(workstation|server|paranoid) and /etc/logcheck/ignore.d will be a link to one of those equivalent to the handling of /etc/logcheck/logcheck.ignore. This is only the default configuration, you can of course remove the link and create your own directory. * Fixed a stupid bug in logcheck.sh that caused logcheck to mail some messages to the admin even if the last file in ignore.d or violations.ignore.d should have filtered it out. Closes: #87225 * Now use debhelper version 3. * This bug (using '\(' and '\)' instead of '(' and ')' for automount rules) has been fixed as of version 1.1.1-7. Closes: #86678 * There should be no more problems with duplicate entries in logcheck.ignore.workstation, because now this file is quite minimal and not generated from diffs to logcheck.ignore.paranoid anymore. Closes: #86726 -- Rene Mayrhofer Wed, 21 Feb 2001 11:03:57 +0100 logcheck (1.1.1-8) unstable; urgency=medium * Added the directories /etc/logcheck/*.d so that other packages can drop their rules files into them. Therefore logcheck will only include basic rules in the future and will expect other packages to include their own. Please read README.Debian for details about this new feature. Closes: #80581 * Fixed typo in mail message Closes: #80870, #85768 * This bug has been fixed by 1.1.1-7. Closes: #81078 * Fixed bug in 'conffiles' in the Debian directory. The path names were relative, but should be absolute. Closes: #81498 * Added more rules for logcheck.ignore.server for leafnode and uptimed. This is a temporary solution, the next version of logcheck will have the rules files split on a per-package basis, so that these rules files can be integrated easily in the corresponding Debian packages. But I don't want to make all those changes at once, so this is a release featuring the logcheck.sh enhancements, the next one will change the config files. Closes: #80580 * Added more rules for logcheck.ignore.workstation for pppd. Closes: #79974 -- Rene Mayrhofer Thu, 28 Dec 2000 12:06:53 +0100 logcheck (1.1.1-7.3) unstable; urgency=medium * Yet another upload due to problems with orig.tar.gz. I am really sorry about this (hmh@debian.org, sponsor). -- Rene Mayrhofer Mon, 19 Dec 2000 18:52:00 -0200 logcheck (1.1.1-7.1) unstable; urgency=low * Reupload due to broken orig.tar.gz file. -- Rene Mayrhofer Mon, 18 Dec 2000 17:58:14 -0200 logcheck (1.1.1-7) unstable; urgency=low This release can be considered a major release. Since I did not hear anything from the upstream maintainer in the last 6 months, I am fixing all those little bug reports (that the upstream author promised to fix with his version 2.0) now in the Debian package. Not very nice, when the new upstream version actually is released, but it has been too long now...... * Added more rules and fixed some rules in logcheck.ignore (every time the same dumb "(" to "\(" translations....) * Changed 'BAD' to '\bBAD\b' in logcheck.violations Closes: #78969 * Fixed the Makefile, because the creation of the ignore files did not work with current woody (the default behaviour of patch for creating backup files seems to have changed). * Fixed a bug in postinst - it was possible that it could overwrite a manually created .ignore file (a missing return statement - the check for this case was already in the script). Closes: #77615, #77002 * Changed the postfix so that either the config directory /etc/logcheck is deleted when purging or a message is given that it is not empty. Closes: #69554 * Changed the Depends line to have sysklogd | system-log-daemon since syslogd-ng now conflicts with sysklogd. Closes: #76657 * The list of logfiles the logcheck checks ( :-) ) is now configurable in a file /etc/logcheck/logcheck.logfiles - so logcheck.sh should not need to be modified anymore. Thanks to Jeremy Hankins for that idea. Closes: #66686, #67728, #47339, #59899, #51302 * The input of grepping the logfiles is now run through sort first, thus eliminating duplicate log entries caused by checking multiple log files with the same log messages in them. Additionally this should reduce the resource usage of the grep runs as suggested by KORN Andras. Closes: #59559, #74410, #51333 * The config file /etc/logcheck/logcheck.conf is now sourced later in the logcheck.sh script, thus all of the configuration variables can be overridden in the config file. I placed it a bit later than suggested by Chris Fearnley (thanks for the hint), because this way it is also possible to change the DATE variable, setting another date format string with it (as suggested by jbr@datacash.com). Now there is a new default for the DATE variable in logcheck.conf. Closes: #71880, #63894, #74330 * The offset files for logtail are now stored in logcheck's private directory instead of /var/log (thanks to Marco d'Itri). Closes: #59899 * The bugreport regarding segfaults with mailx has been fixed by mailx as far as I know (at least it does not seem to be an issue now). Mabye in the next version I will try to do without mailx, but at the moment I do not have the time to experiment with various mailers and there sendmail interface emulation (therefore bug 68793 is still open). * I am closing bug report #50994 now, because it turned out (at least for me) that escaping the brackets automatically would not be beneficial. Since I started using egrep's features with grouping, etc. the ignore files got significantly shorter. Closes: #50994 * Now logcheck identifies itself with each mail so that new users don't get confused by getting that much mails. Closes: #57751 -- Rene Mayrhofer Thu, 24 Nov 2000 19:14:11 +0200 logcheck (1.1.1-6) unstable; urgency=low * Made default configuration files configurable with logcheck: security levels are "workstation", "server" and "paranoid" * Ask for email address in debconf. * Only display debconf note when upgrading from a version < "1.1.1-3" . Thanks to Martin Bialasinski for the hint. (closes: bug #63490) * Depend on mail-transport-agent, cron and syslogd * Changed '(' and ')' in logcheck.ignore to '\(' and '\)' (closes: bug #59160) * Added more rules in logcheck.ignore for "server" and "workstation" (closes: bug #61449, bug #56358, bug #50734) * Made logcheck.ignore aware of the changed log message of openssh vs. ssh (closes: bug #65679) * Made it depend on mailx (since logcheck.sh uses /usr/bin/mail) (closes: bug #66088) -- Rene Mayrhofer Sun, 7 May 2000 20:36:33 +0200 logcheck (1.1.1-5) frozen unstable; urgency=low * Added more rules in logcheck.ignore (closes: #56358) -- Rene Mayrhofer Tue, 11 Jan 2000 20:25:19 +0100 logcheck (1.1.1-4) unstable; urgency=low * Changed '[' and ']' in config files to '\[' and '\]' (closes: bug #52097, bug #51291). * Run logcheck from the cron.d file only if it is installed (closes: bug #51748, bug #51342). * Added a note in the postinstall that the config file /etc/cron.d/logcheck should be overwritten by dpkg (Thanks to Andrew Stribblehill for the hint). -- Rene Mayrhofer Tue, 7 Dec 1999 11:09:28 +0100 logcheck (1.1.1-3) unstable; urgency=low * Moved binaries to /usr/sbin and changed permissions to 755 (closes: bug #50696) * Added some rules to logcheck.ignore so that false alarms are prevented. -- Rene Mayrhofer Sat, 20 Nov 1999 18:21:28 +0100 logcheck (1.1.1-2) unstable; urgency=low * Made manpages for the executables point to undocumented * Moved /var/tmp/logcheck to /var/state/logcheck -- Rene Mayrhofer Wed, 17 Nov 1999 20:43:05 +0100 logcheck (1.1.1-1) unstable; urgency=low * New upstream release * Now it is distributed under the GPL, moving it back to main. -- Rene Mayrhofer Mon, 1 Nov 1999 01:51:22 +0100 logcheck (1.1-2) unstable; urgency=low * Made it /usr/share/doc compliant * Moved to non-free/admin -- Rene Mayrhofer Wed, 29 Sep 1999 14:06:27 +0200 logcheck (1.1-1) unstable; urgency=low * Initial Release. -- Rene Mayrhofer Mon, 10 May 1999 23:13:20 +0200