Ubuntu
logwatch package

unmatched entries for apparmor STATUS messages

Bug #1577948 reported by Jared Fernandez
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
logwatch (Ubuntu)
Fix Released
High
Bryce Harrington
Xenial
Fix Released
High
Bryce Harrington
Bionic
Fix Released
High
Bryce Harrington
Focal
Fix Released
High
Bryce Harrington
Groovy
Fix Released
High
Bryce Harrington

Bug Description

[Impact]

Various AppArmor messages aren't handled by logwatch, and thus end up in the "Unmatched Entries" section. Some of these are noteworthy, others are innocuous, but given the quantity and variety of them, they can clutter the log. Common ones should be either ignored or matched and summarized, as appropriate.

[Test Case]

$ export CODENAME="focal"
$ lxc launch ubuntu:${CODENAME} test-logwatch
$ lxc exec test-logwatch -- bash

# apt-get update
# apt-get dist-upgrade -y
# apt-get install -y logwatch

# wget https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+attachment/5407058/+files/unmatched-entries-apparmor%3Akern.log
# cat unmatched-entries-apparmor:kern.log >> /var/log/kern.log

# logwatch --detail High --service all --range all --output stdout

Without the fix, there will be unmatched entries shown for apparmor="STATUS" ... profile="unconfined"; with the fix they won't display.

(Note: For testing it's not really necessary to trigger the original condition that produces the log entry, since for Logwatch the purpose is more about making sure the entry is detected and processed appropriately.)

[Regression Potential]

Since logwatch filters logs for errors pertinent to administrators,
standard things to watch out for are undesired changes in this filtering
behavior, such as flagging or failing to flag issues differently than
before, other than the specific messages being filtered with this
change.

[Original Report]
Under the "Kernel Audit" heading, the following apparmor lines appear as unmatched:

**Unmatched Entries**
audit: type=1400 audit(1462209116.753:18): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/named" pid=22094 comm="apparmor_parser"
audit: type=1400 audit(1462209262.641:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/freshclam" pid=1760 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/clamd" pid=1765 comm="apparmor_parser"
audit: type=1400 audit(1462209262.673:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" pid=1767 comm="apparmor_parser"
audit: type=1400 audit(1462209262.677:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=1768 comm="apparmor_parser"
audit: type=1400 audit(1462209262.677:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd" pid=1768 comm="apparmor_parser"
audit: type=1400 audit(1462209262.677:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=1768 comm="apparmor_parser"

-----------------------------------------------------------------
Description: Ubuntu 16.04 LTS
Release: 16.04

logwatch:
  Installed: 7.4.2-1ubuntu1
  Candidate: 7.4.2-1ubuntu1
  Version table:
 *** 7.4.2-1ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
        100 /var/lib/dpkg/status

See original description

Related branches

~bryce/ubuntu/+source/logwatch:merge-v7.5.5-1-hirsute
Lucas Kanashiro (community): Approve
Canonical Server packageset reviewers: Pending requested
Canonical Server: Pending requested
Diff: 709 lines (+533/-2)
5 files modified
debian/changelog (+422/-0)
debian/control (+4/-2)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/series (+4/-0)
~bryce/ubuntu/+source/logwatch:logwatch-merge-v7.5.4-1-hirsute
Bryce Harrington (community): Approve
Christian Ehrhardt  (community): Needs Fixing
Canonical Server: Pending requested
Diff: 1086 lines (+868/-2)
13 files modified
debian/changelog (+371/-0)
debian/control (+4/-2)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch (+32/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch (+73/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch (+69/-0)
debian/patches/series (+12/-0)
~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-xenial
Christian Ehrhardt  (community): Approve
Canonical Server: Pending requested
Sergio Durigan Junior: Pending requested
Canonical Server packageset reviewers: Pending requested
Diff: 419 lines (+355/-0)
10 files modified
debian/changelog (+33/-0)
debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch (+34/-0)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/series (+9/-0)
debian/patches/ssh-ignore-disconnected.patch (+23/-0)
~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-bionic
Christian Ehrhardt  (community): Approve
Canonical Server: Pending requested
Sergio Durigan Junior: Pending requested
Canonical Server packageset reviewers: Pending requested
Diff: 419 lines (+354/-0)
10 files modified
debian/changelog (+33/-0)
debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch (+34/-0)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/series (+8/-0)
debian/patches/ssh-ignore-disconnected.patch (+23/-0)
~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-focal
Christian Ehrhardt  (community): Approve
Canonical Server: Pending requested
Sergio Durigan Junior: Pending requested
Canonical Server packageset reviewers: Pending requested
Diff: 651 lines (+569/-0)
13 files modified
debian/changelog (+43/-0)
debian/patches/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch (+34/-0)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch (+32/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+28/-0)
debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch (+28/-0)
debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch (+73/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch (+69/-0)
debian/patches/series (+11/-0)
~bryce/ubuntu/+source/logwatch:fix-unmatched-entries-groovy
Seth Arnold (community): Approve
Canonical Server: Pending requested
Canonical Server Core Reviewers: Pending requested
Canonical Server packageset reviewers: Pending requested
Diff: 649 lines (+561/-1)
13 files modified
debian/changelog (+39/-0)
debian/control (+1/-1)
debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch (+42/-0)
debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch (+74/-0)
debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch (+32/-0)
debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch (+52/-0)
debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch (+51/-0)
debian/patches/0016-audit-Flag-apparmor-confinement-drops.patch (+62/-0)
debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch (+36/-0)
debian/patches/0018-audit-Handle-apparmor-errors-on-DENIED-messages.patch (+56/-0)
debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch (+73/-0)
debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch (+32/-0)
debian/patches/series (+11/-0)
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thank you already for taking the time to report this bug and helping to make Ubuntu better.

It is really great that you identified and split up all these issues, but given that up to now neither Debian nor Ubuntu add tremendous functional delta to the upstream logwatch content I think the right way to address is to file them upstream (https://sourceforge.net/p/logwatch/bugs/).

Despite on sourceforge they seem to be still active there - Debian as well as Ubuntu can eventually pick it up on the next merge then.

If you are so kind and file them upstream it would be great if you drop us a note here or even link the upstream bug via "also affects project" above in Launchpad.

Revision history for this message
Bryce Harrington (bryce) wrote :

Yes, on focal I see the same. Since it's kernel, won't see these in an lxc container, but on bare metal or maybe a vm they add lots of noise.

For Logwatch's purposes, all the apparmor="STATUS" messages should be filtered, as they're just informative.

(I suspect many of the apparmor="DENIED" messages relating to snaps and lxc could also be filtered, as they're by definition permission-limited zones, however they're unrelated to this bug.)

summary: - unmatched entries for apparmor
+ unmatched entries for apparmor STATUS messages
Changed in logwatch (Ubuntu):
importance: Undecided → High
status: New → Triaged
Revision history for this message
Bryce Harrington (bryce) wrote :

The issue here is that logwatch does match apparmor STATUS messages generally, but not when they have profile="unconfined" between operation and name.

I didn't find authoritative documentation on what this log entry means, but the answer to the following askubuntu post suggests this may be recording the disabling of an apparmor profile - something that may be of concern to sysadmins and thus should be flagged as noteworthy in the logwatch report.

https://askubuntu.com/questions/825274/apparmor-audit-logs-what-does-this-mean

Changed in logwatch (Ubuntu Xenial):
status: New → Triaged
Changed in logwatch (Ubuntu Bionic):
status: New → Triaged
Changed in logwatch (Ubuntu Focal):
status: New → Triaged
Changed in logwatch (Ubuntu Xenial):
importance: Undecided → High
Changed in logwatch (Ubuntu Bionic):
importance: Undecided → High
Changed in logwatch (Ubuntu Focal):
importance: Undecided → High
Revision history for this message
Seth Arnold (seth-arnold) wrote :

The log message is reporting the profiles have been loaded. This is a standard part of booting a full system, starting services, and some service-specific operations (such as libvirt or snapd demand-loading profiles as VMs or snaps are used).

There's other similar status messages:

apparmor="STATUS" operation="profile_replace"
apparmor="STATUS" operation="profile_remove"

Thanks

Revision history for this message
John Johansen (jjohansen) wrote :

To add to Seth's answer. unconfined generally doesn't log, the exceptions are when an unconfined tasks makes policy changes, and when there is an internal error on profile attachment.

Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks for the additional information. I've seen the snap profile_* messages in my logwatch output as unmatched, but want to understand them more before filtering them.

As to the general unconfined entries, how can we best distinguish between the normal behavior and exception cases?

Revision history for this message
Seth Arnold (seth-arnold) wrote : Re: [Bug 1577948] Re: unmatched entries for apparmor STATUS messages

On Thu, Aug 20, 2020 at 11:56:09PM -0000, Bryce Harrington wrote:
> Thanks for the additional information. I've seen the snap profile_*
> messages in my logwatch output as unmatched, but want to understand them
> more before filtering them.
>
> As to the general unconfined entries, how can we best distinguish
> between the normal behavior and exception cases?

Loading and reloading policies happens all the time and can probably be
filtered out in a log summarizing tool. (They might still be bad if an
attacker has replaced policies with ones that are wide-open.)

A quick skim through the kernel sources shows a lot of other possible
info= strings, too many to itemize them all, and also it'd take a while to
figure out which ones could happen with profile=unconfined.

If you want to filter out operation="profile_load" profile="unconfined"
and operation="profile_replace" profile="unconfined" lines, that'd
probably be a good start.

Thanks

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logwatch - 7.5.4-0ubuntu2

---------------
logwatch (7.5.4-0ubuntu2) groovy; urgency=medium

  [ Bryce Harrington ]
  * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
    dhcpd: Ignore lease age under threshold messages
    (LP: #1578001)
  * d/p/0019-exim-Handle-self-signed-certs-warnings.patch:
    exim: Handle self-signed certs warnings.
    (LP: #1892269)
  * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
    audit: Treat Denial-Errors same as Denied.
    (LP: #1577948)
  * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
    audit: Apparmor DENIED entries don't always include parent=N.
    (LP: #1577948)
  * d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch:
    pam_unix: Ignore issues about /etc/securetty being missing.
    (LP: #1890751)
  * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
    zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
    These are not installed by default in Ubuntu's logwatch packaging.
    (LP: #1890749)
  * d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch:
    secure: Ignore warnings about gnome-keyring-daemon items already
    registered.
    (LP: #1890752)
  * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
    postfix: Handle backwards-compatible mode.
    (LP: #1583705)
  * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
    postfix: Ignore Resolved loghost to 127.0.0.1.
    (LP: #1583705)
  * d/control: Update upstream's homepage
    (LP: #1891604)

  [ Lucas Kanashiro ]
  * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch:
    audit: use the term ALLOWED instead of Grants.

 -- Bryce Harrington <email address hidden> Fri, 21 Aug 2020 01:30:10 +0000

Changed in logwatch (Ubuntu Groovy):
status: Triaged → Fix Released
Revision history for this message
Bryce Harrington (bryce) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :
Bryce Harrington (bryce)
description: updated
Bryce Harrington (bryce)
description: updated
Bryce Harrington (bryce)
description: updated
Bryce Harrington (bryce)
Changed in logwatch (Ubuntu Xenial):
assignee: nobody → Bryce Harrington (bryce)
Changed in logwatch (Ubuntu Bionic):
assignee: nobody → Bryce Harrington (bryce)
Changed in logwatch (Ubuntu Focal):
assignee: nobody → Bryce Harrington (bryce)
Changed in logwatch (Ubuntu Groovy):
assignee: nobody → Bryce Harrington (bryce)
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Jared, or anyone else affected,

Accepted logwatch into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/logwatch/7.5.2-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in logwatch (Ubuntu Focal):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Jared, or anyone else affected,

Accepted logwatch into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/logwatch/7.4.3+git20161207-2ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in logwatch (Ubuntu Bionic):
status: Triaged → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Jared, or anyone else affected,

Accepted logwatch into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/logwatch/7.4.2-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in logwatch (Ubuntu Xenial):
status: Triaged → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Bryce Harrington (bryce) wrote :

Verified in LXC on xenial, bionic, and focal per the test case, that the messages are no longer under "Unmatched" but are still mentioned as matched entries.

Bryce Harrington (bryce)
tags: added: verification-done verification-done-bionic verification-done-focal verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logwatch - 7.5.2-1ubuntu1.1

---------------
logwatch (7.5.2-1ubuntu1.1) focal; urgency=medium

  [ Bryce Harrington ]
  * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
    dhcpd: Ignore lease age under threshold messages
    (LP: #1578001)
  * d/p/0019-exim-Handle-self-signed-certs-warnings.patch:
    exim: Handle self-signed certs warnings.
    (LP: #1892269)
  * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
    audit: Treat Denial-Errors same as Denied.
    (LP: #1577948)
  * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
    audit: Apparmor DENIED entries don't always include parent=N.
    (LP: #1577948)
  * d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch:
    pam_unix: Ignore issues about /etc/securetty being missing.
    (LP: #1890751)
  * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
    zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
    These are not installed by default in Ubuntu's logwatch packaging.
    (LP: #1890749)
  * d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch:
    secure: Ignore warnings about gnome-keyring-daemon items already
    registered.
    (LP: #1890752)
  * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
    postfix: Handle backwards-compatible mode.
    (LP: #1583705)
  * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
    postfix: Ignore Resolved loghost to 127.0.0.1.
    (LP: #1583705)
  * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
    Use $PATH to determine location of zpool and zfs.
    (LP: #1880211)

  [ Lucas Kanashiro ]
  * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch:
    audit: use the term ALLOWED instead of Grants.
    (LP: #1577948)

 -- Bryce Harrington <email address hidden> Thu, 03 Sep 2020 04:22:00 +0000

Changed in logwatch (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for logwatch has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logwatch - 7.4.3+git20161207-2ubuntu1.2

---------------
logwatch (7.4.3+git20161207-2ubuntu1.2) bionic; urgency=medium

  [ Bryce Harrington ]
  * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
    dhcpd: Ignore lease age under threshold messages
    (LP: #1578001)
  * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
    audit: Treat Denial-Errors same as Denied.
    (LP: #1577948)
  * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
    audit: Apparmor DENIED entries don't always include parent=N.
    (LP: #1577948)
  * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
    zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
    These are not installed by default in Ubuntu's logwatch packaging.
    (LP: #1890749)
  * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
    postfix: Handle backwards-compatible mode.
    (LP: #1583705)
  * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
    postfix: Ignore Resolved loghost to 127.0.0.1.
    (LP: #1583705)
  * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
    Use $PATH to determine location of zpool and zfs.
    (LP: #1880211)

  [ Karl Stenerud ]
  * d/p/ssh-ignore-disconnected.patch:
    sshd: ignore disconnected from user USER
    (LP: #1644057)

 -- Bryce Harrington <email address hidden> Thu, 03 Sep 2020 04:21:53 +0000

Changed in logwatch (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logwatch - 7.4.2-1ubuntu1.1

---------------
logwatch (7.4.2-1ubuntu1.1) xenial; urgency=medium

  [ Bryce Harrington ]
  * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
      dhcpd: Ignore lease age under threshold messages
      (LP: #1578001)
  * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
    audit: Treat Denial-Errors same as Denied.
    (LP: #1577948)
  * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
    audit: Apparmor DENIED entries don't always include parent=N.
    (LP: #1577948)
  * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
    zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
    These are not installed by default in Ubuntu's logwatch packaging.
    (LP: #1890749)
  * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
    postfix: Handle backwards-compatible mode.
    (LP: #1583705)
  * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
    postfix: Ignore Resolved loghost to 127.0.0.1.
    (LP: #1583705)
  * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
    Use $PATH to determine location of zpool and zfs.
    (LP: #1880211)

  [ Karl Stenerud ]
  * d/p/ssh-ignore-disconnected.patch:
    sshd: ignore disconnected from user USER
    (LP: #1644057)

 -- Bryce Harrington <email address hidden> Thu, 03 Sep 2020 04:21:50 +0000

Changed in logwatch (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.