Your message dated Wed, 13 May 2015 22:49:59 +0000
with message-id <e1ysftt-0001qk...@franck.debian.org>
and subject line Bug#693614: fixed in sshguard 1.6.0-1
has caused the Debian Bug report #693614,
regarding sshguard: Do not support syslog-ng's option for ISO-8601 timestamps
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
693614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sshguard
Version: 1.5-5
Severity: normal
Tags: upstream l10n patch
Hi!
I'm running sshguard with syslog-ng configured with the option
options {ts_format(iso);};
for ISO-8601 timestamps which contain the full year and timezone data.
These timestamps are not supported in version 1.5-5 of sshguard.
Included a patch for ISO-8601 support.
I would be glad if this patch find it's way into sshguard -- perhaps
even in the upstram source.
*** /home/olf/tmp/sshguard-1.5.0.patch
diff --git a/src/parser/attack_parser.y b/src/parser/attack_parser.y
index da5a2a0..46acf59 100644
--- a/src/parser/attack_parser.y
+++ b/src/parser/attack_parser.y
@@ -85,7 +85,7 @@ static struct {
%token <num> INTEGER SYSLOG_BANNER_PID LAST_LINE_REPEATED_N_TIMES
/* flat tokens */
-%token SYSLOG_BANNER TIMESTAMP_SYSLOG TIMESTAMP_TAI64 AT_TIMESTAMP_TAI64
METALOG_BANNER
+%token SYSLOG_BANNER TIMESTAMP_SYSLOG TIMESTAMP_SYSLOG_ISO TIMESTAMP_TAI64
AT_TIMESTAMP_TAI64 METALOG_BANNER
/* ssh */
%token SSH_INVALUSERPREF SSH_NOTALLOWEDPREF SSH_NOTALLOWEDSUFF
%token SSH_LOGINERR_PREF SSH_LOGINERR_SUFF SSH_LOGINERR_PAM
diff --git a/src/parser/attack_scanner.l b/src/parser/attack_scanner.l
index 45e7c22..7dc3685 100644
--- a/src/parser/attack_scanner.l
+++ b/src/parser/attack_scanner.l
@@ -78,8 +78,13 @@ MINPS [0-5][0-9]
WORD [a-zA-Z0-9][-_a-zA-Z0-9]+
NUMBER [1-9][0-9]*
HOSTADDR localhost|([-a-zA-Z0-9]+\.)+[a-zA-Z]+
+YEAR [0-9][0-9][0-9][0-9]
+MONTHNO 0[1-9]|1[0-2]
+DAY 0[1-9]|[1-2][0-9]|3[0-1]
+TZ Z|[\+\-][0-9][0-9]:[0-9][0-9]
TIMESTAMP_SYSLOG {MONTH}\ +{DAYNO}\ +{HOUR}:{MINPS}:{MINPS}
+TIMESTAMP_SYSLOG_ISO
{YEAR}"-"{MONTHNO}"-"{DAY}"T"{HOUR}":"{MINPS}":"{MINPS}{TZ}
TIMESTAMP_TAI64 [0-9A-Fa-f]{24}
SOLARIS_MSGID_TAG "[ID "[0-9]+" "{WORD}"."{WORD}"]"
@@ -107,13 +112,13 @@ IPV4MAPPED6
((:(:0{1,4}){0,4}|0{1,4}:(:0{1,4}){1,3}|(0{1,4}:){2}(0{1,4}:0{0,4}:0
*/
/* handle entries with PID and without PID from processes other than sshguard
*/
-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[
]+{PROCESSNAME}"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? {
+({TIMESTAMP_SYSLOG}|{TIMESTAMP_SYSLOG_ISO})[
]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}"["{NUMBER}"]:
"{SOLARIS_MSGID_TAG}? {
/* extract PID */
yylval.num = getsyslogpid(yytext, yyleng);
return SYSLOG_BANNER_PID;
}
-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+({PROCESSNAME}":")?
{ return SYSLOG_BANNER; }
+({TIMESTAMP_SYSLOG}|{TIMESTAMP_SYSLOG_ISO})[
]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+({PROCESSNAME}":")? { return
SYSLOG_BANNER; }
/* syslog style "last message repeated N times" */
"last message repeated "([1-9][0-9]*)" times" {
@@ -123,7 +128,7 @@ IPV4MAPPED6
((:(:0{1,4}){0,4}|0{1,4}:(:0{1,4}){1,3}|(0{1,4}:){2}(0{1,4}:0{0,4}:0
}
/* metalog banner */
-{TIMESTAMP_SYSLOG}" ["{PROCESSNAME}"] " { return
METALOG_BANNER; }
+({TIMESTAMP_SYSLOG}|{TIMESTAMP_SYSLOG_ISO})" ["{PROCESSNAME}"] "
{ return METALOG_BANNER; }
/* SSH: invalid or rejected user (cross platform [generated by openssh]) */
@@ -212,6 +217,10 @@ IPV4MAPPED6
((:(:0{1,4}){0,4}|0{1,4}:(:0{1,4}){1,3}|(0{1,4}:){2}(0{1,4}:0{0,4}:0
/*{MONTH}\ +{DAYNO}\ +{HOUR}:{MINPS}:{MINPS} { return
TIMESTAMP_SYSLOG; }*/
{TIMESTAMP_SYSLOG} { return
TIMESTAMP_SYSLOG; }
+ /* syslog-ng ISO timestamp */
+ /*{YEAR}"-"{MONTH}"-"{DAY}"T"{HOUR}":"{MINPS}":"{MINPS}{TZ} { return
TIMESTAMP_SYSLOG_ISO; }*/
+{TIMESTAMP_SYSLOG_ISO} { return
TIMESTAMP_SYSLOG_ISO; }
+
/* TAI64 timestamp */
"@"{TIMESTAMP_TAI64} { return
AT_TIMESTAMP_TAI64; }
{TIMESTAMP_TAI64} { return
TIMESTAMP_TAI64; }
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sshguard depends on:
ii iptables 1.4.14-3
ii libc6 2.13-35
sshguard recommends no packages.
sshguard suggests no packages.
-- Configuration Files:
/etc/default/sshguard changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: sshguard
Source-Version: 1.6.0-1
We believe that the bug you reported is fixed in the latest version of
sshguard, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 693...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julián Moreno Patiño <jul...@debian.org> (supplier of updated sshguard package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 May 2015 10:51:59 -0500
Source: sshguard
Binary: sshguard
Architecture: source amd64
Version: 1.6.0-1
Distribution: unstable
Urgency: medium
Maintainer: Julián Moreno Patiño <jul...@debian.org>
Changed-By: Julián Moreno Patiño <jul...@debian.org>
Description:
sshguard - Protects from brute force attacks against ssh
Closes: 693614 775209 780800
Changes:
sshguard (1.6.0-1) unstable; urgency=medium
.
* New upstream release. (Closes: #693614)
* d/patches/01_sshguard_manpage.diff, Remove, merge with upstream.
* d/patches/02_avoid_ftbfs_kfreebsd.diff, Refresh patch offset.
* d/patches/03_fix_inode.diff, Remove, merge with upstream.
* d/control, Bump Standards-Version to 3.9.6 (no changes).
* Add systemd support. (Closes: #780800)
+ Thanks to Ondřej Surý for it.
* Add -w parameter to iptables to wait for the xtables
lock. (Closes: #775209 #780238)
+ Thanks to Joao Luis Meloni Assirati for it.
* d/copyright, Extend debian copyright holders years.
+ Update short license name.
Checksums-Sha1:
e235de8127271b7b7cf1665f0b137a28ee9cf559 1878 sshguard_1.6.0-1.dsc
4411eb34994cdb639e3c410c2bb1963783aee6ae 384376 sshguard_1.6.0.orig.tar.xz
d4a44d987ef42e6eea0c486410b99cd927bab191 6068 sshguard_1.6.0-1.debian.tar.xz
32a79af6c844f769ae3928f1433acecfb14d692e 182690 sshguard_1.6.0-1_amd64.deb
Checksums-Sha256:
2dadd2da9774efd7682bdeac316e9bda702a19afedc38c0a962402fff4689dc8 1878
sshguard_1.6.0-1.dsc
dce32b1fc3fb0f8d15b6c56b9822c300434faaa87240e5373c095dc22bfa07e4 384376
sshguard_1.6.0.orig.tar.xz
db834017139dddfeaefd312442c45a8783c9215cbb962e57a40d295816ffdcc8 6068
sshguard_1.6.0-1.debian.tar.xz
c9373d918f9215ceb8cf7c0dd997e9186044ca253cf00161009379a7619834c2 182690
sshguard_1.6.0-1_amd64.deb
Files:
326f6e350308243aeeb6bc74f6c5ce20 1878 net optional sshguard_1.6.0-1.dsc
ceb012f89d68d2cf69c6ddd5db8bd86a 384376 net optional sshguard_1.6.0.orig.tar.xz
ab2d0b326a9ca27a7490164328369b12 6068 net optional
sshguard_1.6.0-1.debian.tar.xz
840516502a7798db1d0adc5bc7b0a49b 182690 net optional sshguard_1.6.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVU9S7AAoJENX9/BVhaL9g0zEQAIlECyt2aHJc2cQGkJsJH319
gZ0lJoqreuuTBuJSt2EU9D2G3MFf/obUygYle2LnBlm3tbqhyCK4hFlvw+mexHdQ
ejmvHgJ4lFn+q0OBCam0thq+HCXnCLN0Ggzkl5F1jlb0AbLRg/ivZMUloGnQjtEW
gvmcyHg4ozJ4ssheauoSFD9rVm8otL+j7F5Sk2mrLGluOh2C14hS/6dG3ZY3OjuG
NDChNZ//HgCDO/WS0w7A9ZqkVNCeyBEDE8K9F3PAa/wh12/DYWZVYGXE5TmRSiAT
feQeRO4iF02y9MqUBr5UoD634wP2Pj7sEhnMSHhDoIRu3fUxNxW/i3UGcACKlbJX
IOjBf5+UL2xtStcvmBCJJN2Ycrxyi2128s6NepKCZCc2HNFe/sR11BJ1gxqFXBZ3
rkJLDpSoArREOT/3SQ5JpWoAciCqDsbOTYq5eadHLCNk5F/68WDqbRsSzB/m4ysB
VP4VlrsT3rrmov4PtFsvR+9etyYotV5QSaGr6+gDyBdiYbzlpMap/IsAuhkoDUqm
JssRyRjugdgbu2iuFACZtx7uDrLvc/LiJKJRUCnFz9IT7/+nx8Z8J4apM7a2poVA
it3Sss4QsQxrhCElXunB7Er1PCW61ikQjfRIHbmQ6aUu4yoPdvAYEA0gFIOa0Wzi
Il8H6wLazHKrkuj97ywh
=ezbQ
-----END PGP SIGNATURE-----
--- End Message ---
