Bug 222263 - SSHD section of logwatch doesn't parse AllowUsers messages
SSHD section of logwatch doesn't parse AllowUsers messages
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-11 03:24 EST by FX
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-16 04:32:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description FX 2007-01-11 03:24:50 EST
Description of problem:
In the SSHD section, it appears that logwatch doesn't know how to deal with
messages due to the AllowUsers option of the OpenSSH server.

Version-Release number of selected component (if applicable):
logwatch-7.2.1-1.fc5 and openssh-server-4.3p2-4.11.fc5

How reproducible:
Always.

Steps to Reproduce:
1. Turn on the AllowUsers option in /etc/ssh/sshd_config to only allow a few
selected users to log on the computer
2. Wait and see some bot trying random usernames on your server (or actually try
yourself to connect using an existing but not allowed login)
3. Read the logwatch output:

 --------------------- SSHD Begin ------------------------ 

 Illegal users from:
    62.73.33.7: 1270 times
    210.163.171.99: 1830 times
 
 Received disconnect:
    11: Bye Bye : 3100 Time(s)
 
 **Unmatched Entries**
 User games from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s)
 User news from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s)
 User games from 210.163.171.99 not allowed because not listed in AllowUsers : 2
time(s)
 User root from 62.73.33.7 not allowed because not listed in AllowUsers : 206
time(s)
 User operator from 62.73.33.7 not allowed because not listed in AllowUsers : 1
time(s)
 User vcsa from 210.163.171.99 not allowed because not listed in AllowUsers : 2
time(s)
 User sshd from 210.163.171.99 not allowed because not listed in AllowUsers : 2
time(s)
 [... goes on ...]
 
 ---------------------- SSHD End -------------------------
Comment 1 Ivana Varekova 2007-01-16 04:32:16 EST
Fixed in logwatch-7.2.1-2.fc5.

Note You need to log in before you can comment on or make changes to this bug.