Bug 222263 - SSHD section of logwatch doesn't parse AllowUsers messages
Summary: SSHD section of logwatch doesn't parse AllowUsers messages
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-11 08:24 UTC by FX
Modified: 2007-11-30 22:11 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2007-01-16 09:32:16 UTC


Attachments (Terms of Use)

Description FX 2007-01-11 08:24:50 UTC
Description of problem:
In the SSHD section, it appears that logwatch doesn't know how to deal with
messages due to the AllowUsers option of the OpenSSH server.

Version-Release number of selected component (if applicable):
logwatch-7.2.1-1.fc5 and openssh-server-4.3p2-4.11.fc5

How reproducible:
Always.

Steps to Reproduce:
1. Turn on the AllowUsers option in /etc/ssh/sshd_config to only allow a few
selected users to log on the computer
2. Wait and see some bot trying random usernames on your server (or actually try
yourself to connect using an existing but not allowed login)
3. Read the logwatch output:

 --------------------- SSHD Begin ------------------------ 

 Illegal users from:
    62.73.33.7: 1270 times
    210.163.171.99: 1830 times
 
 Received disconnect:
    11: Bye Bye : 3100 Time(s)
 
 **Unmatched Entries**
 User games from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s)
 User news from 62.73.33.7 not allowed because not listed in AllowUsers : 1 time(s)
 User games from 210.163.171.99 not allowed because not listed in AllowUsers : 2
time(s)
 User root from 62.73.33.7 not allowed because not listed in AllowUsers : 206
time(s)
 User operator from 62.73.33.7 not allowed because not listed in AllowUsers : 1
time(s)
 User vcsa from 210.163.171.99 not allowed because not listed in AllowUsers : 2
time(s)
 User sshd from 210.163.171.99 not allowed because not listed in AllowUsers : 2
time(s)
 [... goes on ...]
 
 ---------------------- SSHD End -------------------------

Comment 1 Ivana Varekova 2007-01-16 09:32:16 UTC
Fixed in logwatch-7.2.1-2.fc5.


Note You need to log in before you can comment on or make changes to this bug.