logcheck 1.3.4 source package in Ubuntu

Changelog

logcheck (1.3.4) unstable; urgency=low

  [ Hannes von Haugwitz ]
  * ignore.d.workstation/ifplugd
    - ignore link beat detection
  * ignore.d.server/smartd
    - added rule to match completed self-test
    - added rules to match more self-test messages
  * Added some rules for wpasupplicant (closes: #544084)
  * ignore.d.server/su, violations.ignore.d/logcheck-su
    - adjusted su rules to also match /dev/ prefix (closes: #551340)
  * Added rule for apcupsd (closes: #535976)

  [ Frédéric Brière ]
  * Adjusted various kernel SCSI rules for removable media
  * Added USB kernel rules for USB_ANNOUNCE_NEW_DEVICES
  * Merged USB "new device" and "reset device" rules
  * Ignore "UDP: bad checksum" and "UDP: short packet" kernel messages
  * Corrected xdm pam_session rules (closes: #508335)
  * Updated acpid "client has disconnected" rule
  * Updated libpam-mount "realpath of X is Y" rule
  * Added libpam-mount "Command successful" rule
  * Adjusted ssh "Authentication failure" rule for "invalid user"
  * Updated cron-apt "Fetched" rule to match new time formats
    (closes: #531596)
  * Updated cron-apt rules to match all possible sizes and lengths
  * Replaced bashisms with POSIX equivalents (closes: #508546)
  * Depend on rsyslog by default (closes: #526911)
  * Dropped (now useless) ownership/permissions fixes on /var/lock/logcheck
  * ignore.d.server/openvpn: (closes: #499323)
    - match pathless ifconfig/route
    - match '.' and '_' in interface names
    - added "authentication succeeded' rule
  * ignore.d.server/dhcp:
    - interface names can have underscore in them (closes: #518422)
    - merged "Wrote X to leases file" rules, and added new ones
      (closes: #526116)
  * ignore.d.server/scponly: (closes: #506333)
    - added missing process name before PID
    - added the exhaustive list of commands allowed by scponly
  * Added rule for ext3 writeback data mode (closes: #542273)
  * ignore.d.server/dovecot:
    - replaced the (incomplete) method list with a wildcard (closes: #530591)
    - added I/O stats at the end of "Logged out" (closes: #538696)
    - added "discarded duplicate forward" and optional spacing to deliver
      rule (closes: #510889)
  * ignore.d.server/openvpn:
    - recognize some more options for PUSH_REPLY (closes: #511353)
  * ignore.d.server/postfix: (closes: #529367)
    - allow optional port number after "setting up TLS connection"
    - recognize "Trusted TLS connection established"
  * ignore.d.server/postfix:
    - allow <> as MAIL FROM in various messages
    - removing wildcard "reject: (RCPT|MAIL)" rule
  * ignore.d.server/innd:
    - added "no_read"/"no_post" rule (closes: #533487)
  * ignore.d.server/bind:
    - added various connection failure resolver messages (closes: #536071)
  * ignore.d.workstation/kernel:
    - adjusted sd "hardware sectors" rule for 2.6.28 (closes: #542390)
    - further adjusted that rule for 2.6.31-rc1
  * logtail/logtail2 no longer ignore -o when called with only one argument
    (closes: #453309)
  * Deleting obsolete conffiles in logcheck-database.preinst
    - ignore.d.server/lpr, replaced by lpr
    - ignore.d.server/ntp, replaced by ntp
    - ignore.d.server/sendmail, also in sendmail-base (closes: #542265)
    - deleting all the conffiles dropped over the years (closes: #453519)
  * Quote most variables and commands in logcheck
  * Allow filenames with spaces in logcheck.logfiles (closes: #319169)
  * ignore.d.server/smartd:
    - Replaced hardcoded controller list with generic pattern (closes: #555828)

  [ Gerfried Fuchs ]
  * Upload to unstable.
  * Bump to Standards-Version 3.8.3.

logcheck (1.3.3) unstable; urgency=low

  Upload to unstable.

  [ Hanspeter Kunz ]
  * ignore.d.server/spamd:
    - enhanced rule to ignore "Tell: Setting local Removing remote" messages
    - enhanced rule to ignore bayes database locking failures
  * ignore.d.server/dovecot
    - merged the two rules on aborted logins (thereby matching more cases)
    - ignore more authentication failure messages
    - ignore even more authentication failure messages
    - ignore ldap authentiation failure messages
  * ignore.d.server/postfix
    - ignore more undeliverable mail messages (unknown in virtual alias table)
  * ignore.d.server/ssh
    - ignore pam_unix(sshd:auth) user unknown messages
  * Bumped debhelper compatibility level to 7
  * Use dh_prep instead of dh_clean -k
  * Specify licence as GPLv2 (instead of unversioned GPL)
  * Fixed typo in logtail.NEWS
  * Bumped Standards-Version to 3.8.2; no changes necessary

  [ martin f. krafft ]
  * Special-case lockfile error message in case logcheck is still running. Now
    logcheck differentiates between another process still running and some
    other problem with obtaining the lock.
  * ignore.d.server/postfix:
    - clean up "connect to" failure messages.
  * Remove lock directory, which logcheck recreates at runtime.

logcheck (1.3.2) experimental; urgency=low

  [ Gerfried Fuchs ]
  * Remove amavisd-new conflict, the file name conflict is long gone.
  * Remove unused-override entries (the complete logcheck-database file, in
    fact)
  * Fixed referenced detectrotate path in logtail2 manpage.
  * Escape [ in kernel timestamp rules, noticed by Michael Tautschnig, thanks!
    (closes: #498613)
  * Apply patch from Jari Aalto for fixing package description paragraph
    ordering by importence, thanks (closes: #499415)
  * Supress cron session closed messages too, thanks to Ferenc Wagner for
    noticing (closes: #499393)
  * Match for sshd:session additional to ssh:session, noticed by Ferenc Wágner
    (closes: #499561)
  * ignore.d.server/nagios, violations.ignore.d/logcheck-nagios: also support
    nagios3 as string in the log lines (closes: #514335).

  [ martin f. krafft ]
  * ignore.d.server/postfix:
    - ignore milter rejection messages.

  [ Hanspeter Kunz ]
  * ignore.d.server/dovecot:
    - deleted redudant rule for deliver
    - enhanced deliver rule to allow pretty much anything as msgid
    - allow missing ")" in deliver rule
    - ignore managesieve logins and disconnects
  * ignore.d.server/postfix:
    - generalize rule for ETRN rejections (allow brackets)
    - IPv6-ification of milter-discard rule
    - added optional "orig_to" to one of "postfix/smtp status=sent" rules
      where it was missing
    - ignore another TLS library problem
      (SSL3_READ_BYTES:reason(1000):s3_pkt.c:1057:SSL alert number 0)
    - ignore "too many errors after DATA (0 bytes)"

logcheck (1.3.1) experimental; urgency=low

  * Removed ignore.d.server/no-ip, which clashes with the no-ip package, which
    has been superseeded anyway.
  * ignore.d.server/openvpn:
    - fix the regexps that added support for @ characters in the client CN
      (see #493066).
  * ignore.d.server/postfix:
    - expect more IPv6 addresses in filters.
  * ignore.d.server/ssh:
    - ignore bad username warnings.

logcheck (1.3.0) experimental; urgency=low

  * Formalise the dropping of violations.d/logcheck. Please see
    /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information
    (closes: #471072).

  * Remove most messages from cracking.d/logcheck and split up the remaining
    ones into separate files.

  * Add Auto-Submitted header to outgoing mails (closes: #489172).

  * Thanks to Hanspeter Kunz for all his patches.

  * ignore.d.server/dovecot:
    - ignore connection closed messages.
    - ignore auth failure messages whe ruser and rip are known.
    - ignore forwards and to cope with missing >'s at the end of long msgids.
    - ignore closed connection messages also when connection is reset by peer.
  * ignore.d.server/postfix:
    - fix most regexps to support IPv6 addresses.
    - allow port 587 in regexps whereever port 25 is used.
    - ignore messages about untrusted cert issuers that have any of &(), in
      their name.
    - ignore "NOQUEUE: milter-reject" messages.
    - enhanced "TLS library problem" rule to also ignore "bad
      certificate" errors.
    - added rule to ignore "SSL23_GET_CLIENT_HELLO:unknown protocol"
      messages.
    - ignore new message format for lacking subject CN in peer cert.
    - ignore getting too many errors after END-OF-MESSAGE, not only after four
      letter SMTP commands.
    - ignore milter-reject messages after RCPT which include the recipient.
    - ignore multiple PIX workaround messages.
    - ignore anvil connection rate statistics for unknown DNS hosts.
    - ignore all data related to untrusted certificate issuers.
    - ignore connection concurrency limit warnings for service submission too.
  * ignore.d.server/ssh:
    - ignore authentication failures with new PAM format.
  * ignore.d.server/kernel:
    - ignore unsupported function warnings from PnPBIOS
    - ignore whitespace before timestamp in newer kernels (closes: #494740).
  * ignore.d.server/no-ip:
    - ignore message when IP was already set to the current IP.
  * ignore.d.server/ntp:
    - allow hyphen in interface names in listen messages.
  * ignore.d.server/pdns:
    - ignore parsing errors for packages of arbitrary size.
    - ignore errors due to invalid qdomains causing servfails.
  * ignore.d.server/ikiwiki:
    - ignore error when "do" parameter has not been passed to CGI.
  * ignore.d.server/openvpn:
    - ignore messages about clients reconnecting and dropping previous active
      connections.
    - ignore restarts due to fatal TLS errors.
    - ignore replay-window backtrack warnings.
    - ignore connection reset messages with negative status (?) numbers.
    - do not require TUN devices to be named tun-*.
    - also ignore client CNs with @ (closes: #493066).
  * ignore.d.server/proftpd:
    - ignore when proftpd barfs all over syslog when a passive transfer
      failed.
  * ignore.d.server/spamd:
    - expect shortcircuit status in scan messages; thanks to Marc Sherman
      (closes: #474239).
  * ignore.d.server/upsd:
    - ignore client connection messages (closes: #495923).

  * violations.d/su:
    - match both, user-root and user:root styles (closes: #491694).

  * Rulefiles are now installed with mode 644; the directories are still moe
    700, so the files are not publicly readable (unless the admin hardlinks
    them elsewhere).
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  21 Dec 2009 10:43:49 +0000