[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Lame Server messages
- Subject: Re: [cobalt-security] Lame Server messages
- From: enrique <enriquevega@xxxxxxx>
- Date: Thu, 6 Sep 2001 12:10:28 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Friday, August 31, 2001, at 01:28 PM, Graeme Fowler wrote:
logcheck.violations.ignore -- This file contains words that are reverse
searched against the logcheck.violations file. If these words are found,
that entry is not reported.
Graeme, for some reason I'm not able to get the
logcheck.violations.ignore to work. I'm wondering if it is a egrep
problem? Here is my ignore file:
[root@www admin]# less /usr/local/etc/logcheck.violations.ignore
stat=Deferred
Lame server
bad referral
(localhost[127.0.0.1]) - FTP
(localhost[127.0.0.1]) - no such user 'anonymous'
And here are a couple of lines from the mailed output:
Sep 6 04:14:34 www named[405]: Lame server on '130.141.220.210.in-
addr.arpa' (in '141.220.210.in-addr.arpa'?): [211.47.45.23].53
'nis2.hitel.net'
Sep 6 04:15:06 www proftpd[9099]: www.xxx.net (localhost[127.0.0.1]) -
FTP session opened.
Sep 6 04:15:06 www proftpd[9099]: www.xxx.net (localhost[127.0.0.1]) -
no such user 'anonymous'
I don't understand why these entries are not being ignored. The only
thing I can think of is that egrep is not working. The default
logcheck.sh states in part:
# Linux, FreeBSD, BSDI, Sun, HPUX, etc.
GREP=egrep
Could egrep not be working? Is this why my entries in
logcheck.violations.ignore are not being recognized?
enrique