Description of problem: In the SSHD section, it appears that logwatch doesn't know how to deal with messages due to the AllowUsers option of the OpenSSH server. Version-Release number of selected component (if applicable): logwatch-7.2.1-1.fc5 and openssh-server-4.3p2-4.11.fc5 How reproducible: Always. Steps to Reproduce: 1. Turn on the AllowUsers option in /etc/ssh/sshd_config to only allow a few selected users to log on the computer 2. Wait and see some bot trying random usernames on your server (or actually try yourself to connect using an existing but not allowed login) 3. Read the logwatch output: --------------------- SSHD Begin ------------------------ Illegal users from: 62.73.33.7: 1270 times 210.163.171.99: 1830 times Received disconnect: 11: Bye Bye : 3100 Time(s) **Unmatched Entries** User games from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s) User news from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s) User games from 210.163.171.99 not allowed because not listed in AllowUsers : 2 time(s) User root from 62.73.33.7 not allowed because not listed in AllowUsers : 206 time(s) User operator from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s) User vcsa from 210.163.171.99 not allowed because not listed in AllowUsers : 2 time(s) User sshd from 210.163.171.99 not allowed because not listed in AllowUsers : 2 time(s) [... goes on ...] ---------------------- SSHD End -------------------------
Fixed in logwatch-7.2.1-2.fc5.