diff -Nru logcheck-1.2.69/debian/changelog logcheck-1.2.69ubuntu1/debian/changelog --- logcheck-1.2.69/debian/changelog 2009-02-11 12:55:12.000000000 +0100 +++ logcheck-1.2.69ubuntu1/debian/changelog 2010-02-25 11:49:03.000000000 +0100 @@ -1,3 +1,16 @@ +logcheck (1.2.69ubuntu1) karmic-proposed; urgency=low + + * rulefiles/linux/ignore.d.paranoid/cron: make /usr/sbin/ optional in + pathnames to cron; apparently a difference between syslog and rsyslog; + LP: #463471. + * rulefiles/linux/ignore.d.server/dhclient: match optional ip address; + LP: #307847. + * rulefiles/linux/ignore.d.server/ssh: add "disconnected by user" re in the + "Received disconnect from" series; this now occurs frequently with recent + OpenSSH clients; LP: #527669. + + -- Loïc Minier Thu, 25 Feb 2010 10:58:02 +0100 + logcheck (1.2.69) unstable; urgency=high [ Gerfried Fuchs ] diff -Nru logcheck-1.2.69/debian/control logcheck-1.2.69ubuntu1/debian/control --- logcheck-1.2.69/debian/control 2009-02-09 21:31:44.000000000 +0100 +++ logcheck-1.2.69ubuntu1/debian/control 2010-02-25 11:50:26.000000000 +0100 @@ -1,7 +1,8 @@ Source: logcheck Section: admin Priority: optional -Maintainer: Debian logcheck Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian logcheck Team Uploaders: Todd Troxell , Gerfried Fuchs , Eric Evans , martin f. krafft , Marc Haber , maximilian attems Standards-Version: 3.8.0 Build-Depends: debhelper (>= 4.1.13) diff -Nru logcheck-1.2.69/rulefiles/linux/ignore.d.paranoid/cron logcheck-1.2.69ubuntu1/rulefiles/linux/ignore.d.paranoid/cron --- logcheck-1.2.69/rulefiles/linux/ignore.d.paranoid/cron 2009-02-09 21:31:44.000000000 +0100 +++ logcheck-1.2.69ubuntu1/rulefiles/linux/ignore.d.paranoid/cron 2010-02-25 11:02:39.000000000 +0100 @@ -1,8 +1,8 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([_[:alnum:]-]+\) CMD \(.*\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/USR/SBIN/)?CRON\[[0-9]+\]: \([_[:alnum:]-]+\) CMD \(.*\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+( by \(uid=[0-9]+\))?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_[[:alnum:]]+\(cron:session\): session opened for user [[:alnum:]-]+( by \(uid=[0-9]+\))?$ diff -Nru logcheck-1.2.69/rulefiles/linux/ignore.d.server/dhclient logcheck-1.2.69ubuntu1/rulefiles/linux/ignore.d.server/dhclient --- logcheck-1.2.69/rulefiles/linux/ignore.d.server/dhclient 2008-12-09 10:37:24.000000000 +0100 +++ logcheck-1.2.69ubuntu1/rulefiles/linux/ignore.d.server/dhclient 2010-02-25 11:07:13.000000000 +0100 @@ -8,8 +8,8 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: Listening on [^[:space:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: Sending on[[:space:]]+[^[:space:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCPDISCOVER on [[:alnum:].]+ to [.0-9]{7,15} port 67 interval [0-9]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE) on [[:alnum:].]+ to [.0-9]{7,15} port 67$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) (of [.0-9]{7,15} )?from [.0-9]{7,15}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].]+ to [.0-9]{7,15} port 67$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound(:| to [.0-9]{7,15} --) renewal in [0-9]+ seconds\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: [[:lower:]]+[0-9]: unknown hardware address type [0-9]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: Trying recorded lease [.0-9]{7,15}$ diff -Nru logcheck-1.2.69/rulefiles/linux/ignore.d.server/ssh logcheck-1.2.69ubuntu1/rulefiles/linux/ignore.d.server/ssh --- logcheck-1.2.69/rulefiles/linux/ignore.d.server/ssh 2009-02-09 21:31:44.000000000 +0100 +++ logcheck-1.2.69ubuntu1/rulefiles/linux/ignore.d.server/ssh 2010-02-25 11:49:19.000000000 +0100 @@ -5,6 +5,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [:[:xdigit:].]+: [0-9]+: Client disconnect$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [:[:xdigit:].]+: [0-9]+: Disconnect requested by Windows SSH Client\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [:[:xdigit:].]+: [0-9]+: disconnected by user$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:]._-]+ \([:[:alnum:].]+\)$