1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#265588: logcheck-database: coreection to oidentd rules

    From [email protected]@1:229/2 to All on Fri Aug 13 23:10:09 2004
    Package: logcheck-database
    Version: 1.2.24
    Severity: wishlist

    hello,

    the current rules for oidentd are to strict, as they require connections
    to oidentd to come from port 0:
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    localhost \(127.0.0.1\):0$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):0$

    anyway, ident lookups seem to come from very different ports, according
    to my logs:
    Aug 12 13:37:37 host oidentd[2673]: Connection from gluck.debian.org (192.25.206.10):39225
    Aug 13 19:30:04 host oidentd[27268]: Connection from run.smurf.noris.de (192.109.102.41):51246
    Aug 13 16:23:53 host oidentd[25436]: Connection from spohr.debian.org (128.193.0.4):54192


    i suggest to change rules to the following:
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    localhost \(127.0.0.1\):[0-9]{1,5}$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$


    bye
    jonas


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From maks attems@1:229/2 to [email protected] on Sat Aug 14 01:10:08 2004
    From: [email protected]

    tags 265588 pending
    thanks

    On Fri, 13 Aug 2004, [email protected] wrote:

    Package: logcheck-database
    Version: 1.2.24
    Severity: wishlist

    hello,

    the current rules for oidentd are to strict, as they require connections
    to oidentd to come from port 0:
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    localhost \(127.0.0.1\):0$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):0$

    anyway, ident lookups seem to come from very different ports, according
    to my logs:
    Aug 12 13:37:37 host oidentd[2673]: Connection from gluck.debian.org (192.25.206.10):39225
    Aug 13 19:30:04 host oidentd[27268]: Connection from run.smurf.noris.de (192.109.102.41):51246
    Aug 13 16:23:53 host oidentd[25436]: Connection from spohr.debian.org (128.193.0.4):54192


    i suggest to change rules to the following:
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    localhost \(127.0.0.1\):[0-9]{1,5}$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
    [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$


    bye
    jonas

    great timing, bug just got fixed in cvs,
    will get in sarge (hopefully) as next release is imminent.


    --
    maks
    kernel janitor http://janitor.kernelnewbies.org/


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBHUcH6//kSTNjoX0RAl3+AJ9hfaanKFITquiJICIvkm7PKxJDYACfSIza czcn0akigwel78Gy9VFUE00=
    =gLEl
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)