Your message dated Thu, 13 Jul 2023 15:49:07 +0000 with message-id <e1qjyz1-00bstj...@fasolo.debian.org> and subject line Bug#1040976: fixed in crowdsec 1.4.6-5 has caused the Debian Bug report #1040976, regarding crowdsec: only looks at traditional log files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1040976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040976 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: crowdsec Version: 1.4.6-4 Severity: serious Justification: maintainer/upstream's judgement Hi, One critical thing that was missed during the bookworm release cycle is that crowdsec's default configuration only checks traditional log files. In particular: /var/log/auth.log to detect failed SSH logins. That was fine in Debian 11, but with rsyslog's Priority being lowered from important to optional in Debian 12, the traditional log files are no longer produced and we're lacking detection. :/ There are two things to consider here to provide a fix: - We could try and enable the journalctl datasource selectively, but since we're shipping the default config file marked conffiles, that is likely to trigger prompting users during upgrades, so that doesn't look too appealing. If we *don't* do that though, crowdsec's current version would fail to initialize the journalctl datasource if journald isn't available, and would error out. - So the current plan is to apply two changes: one updating the default config file, and one adjusting crowdsec's behaviour when it comes to unavailable datasources: logging and continuing instead of failing. Upstream has: - https://github.com/crowdsecurity/crowdsec/pull/2316 to update the config file. - https://github.com/crowdsecurity/crowdsec/commit/a910b7becad1e06cb460949ab448d3172eb5679f to make sure the engine doesn't fail with an unavailable datasource. The second one comes with a slight behavorial change: crowdsec now errors out if there's no valid datasources. That seems way better than running with a broken config though. Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
--- End Message ---
--- Begin Message ---Source: crowdsec Source-Version: 1.4.6-5 Done: Cyril Brulebois <cy...@debamax.com> We believe that the bug you reported is fixed in the latest version of crowdsec, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1040...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cyril Brulebois <cy...@debamax.com> (supplier of updated crowdsec package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Jul 2023 17:23:01 +0200 Source: crowdsec Architecture: source Version: 1.4.6-5 Distribution: unstable Urgency: medium Maintainer: Cyril Brulebois <cy...@debamax.com> Changed-By: Cyril Brulebois <cy...@debamax.com> Closes: 1040976 Changes: crowdsec (1.4.6-5) unstable; urgency=medium . * Fix default acquis.yaml to also include the journalctl datasource, limited to the ssh.service unit, making sure acquisition works even without the traditional auth.log file (Closes: #1040976): - 0017-fix-default-acquisition.patch * Make sure an invalid datasource doesn't make the engine error out, making it possible to include the journalctl datasource in the default config file unconditionally, without having to worry whether journalctl is actually deployed and usable: - 0018-non-fatal-errors-for-invalid-datasources.patch Checksums-Sha1: ce015bda4138b517bf215d32673841eb4a93116f 4936 crowdsec_1.4.6-5.dsc b0d03c57e0e9e3bba4d6c9e315a9bbb33b47c712 30716 crowdsec_1.4.6-5.debian.tar.xz 67ef1e29e21f50fcc5bcefb140dc57160250f401 7645 crowdsec_1.4.6-5_source.buildinfo Checksums-Sha256: a98f878a00a902fd652ca936ce9f600fe0abf4198351fd3e106e10854e7c9050 4936 crowdsec_1.4.6-5.dsc c167f5659622628a97a16f7295da7a73e53419cac54762eeda83e147494a91dc 30716 crowdsec_1.4.6-5.debian.tar.xz 0692a3eed9a1088ce3c052151afa134e82dd12b196e4f838fa645de39f5b8a42 7645 crowdsec_1.4.6-5_source.buildinfo Files: 5766856a93abd3617a2c2678ad78b114 4936 golang optional crowdsec_1.4.6-5.dsc e89b185c383a3769ff8044338a76ece6 30716 golang optional crowdsec_1.4.6-5.debian.tar.xz d0de92315c8eb0089e7e11e0401ce93d 7645 golang optional crowdsec_1.4.6-5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmSwGKIQHGtpYmlAZGVi aWFuLm9yZwAKCRD/kUrwwrNVICsTD/9lPOM9XnsrUeeP3MERMSFIFuxY94WV+pi8 vVEWr/nuqXImQwxz0GmMDJHBl0tdsh5Rr+4nIvQkYTcoPglXyyl+pBVa0dW810yI BXG7GxrJQcd/Jw5/d2IxG1KPktgB+FNAKXddMWND4XFXckmxl1u/oLyWMaOVrz31 QYKpWAbhfO7QcG6bNJsM6CyCCByI5K+uGBuuvP54h7Bh7/87mtOIWS1YWmIsGJhH U3q6sb79970rjNKf4TBYZqrcYphn3ztgx21EgkDtp9HcjK5elguTe0i2NC5KiDTM GyXYyq2UHllJTlkkvqdBylJPQlGGWqR6/FzDgqdsRwsP4of6KmDG6+dXCM9Nhilb XJDl/Yi3CmTcftVj9pM2uZpYOPLnjFOGIvBfdppvIYYUD8blqZb1dhGNoYy6SmLe Vl+Objta3KTnbgr1XKP3B86XrJdH82wC8oD6+2FAV1rW3BnOxBXeyGCd0N80n7G8 J1YedTGE9fbpVoenTwSiN8lthcNmG0siQnHBgh8vkUftR+FrUYh+ieDiSQ2o3wjk G+U/xdJQbJpWvaeqa2wYni1fg4qlJR0a2aNKICQ412bogBdmy9mWIDLpCdRjRoWN 0dMr8WJCQQOPCxcl7JTz6n60jUS/0X8u0HBjrCFUQA6/1d/OGEgFpivfkKl1ZfQV XGLSE9imvA== =ynnl -----END PGP SIGNATURE-----
--- End Message ---
