← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1577948] Re: unmatched entries for apparmor STATUS messages

 

This bug was fixed in the package logwatch - 7.5.2-1ubuntu1.1

---------------
logwatch (7.5.2-1ubuntu1.1) focal; urgency=medium

  [ Bryce Harrington ]
  * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
    dhcpd: Ignore lease age under threshold messages
    (LP: #1578001)
  * d/p/0019-exim-Handle-self-signed-certs-warnings.patch:
    exim: Handle self-signed certs warnings.
    (LP: #1892269)
  * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
    audit: Treat Denial-Errors same as Denied.
    (LP: #1577948)
  * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
    audit: Apparmor DENIED entries don't always include parent=N.
    (LP: #1577948)
  * d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch:
    pam_unix: Ignore issues about /etc/securetty being missing.
    (LP: #1890751)
  * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
    zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
    These are not installed by default in Ubuntu's logwatch packaging.
    (LP: #1890749)
  * d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch:
    secure: Ignore warnings about gnome-keyring-daemon items already
    registered.
    (LP: #1890752)
  * d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
    postfix: Handle backwards-compatible mode.
    (LP: #1583705)
  * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
    postfix: Ignore Resolved loghost to 127.0.0.1.
    (LP: #1583705)
  * d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
    Use $PATH to determine location of zpool and zfs.
    (LP: #1880211)

  [ Lucas Kanashiro ]
  * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch:
    audit: use the term ALLOWED instead of Grants.
    (LP: #1577948)

 -- Bryce Harrington <bryce@xxxxxxxxxxxxx>  Thu, 03 Sep 2020 04:22:00
+0000

** Changed in: logwatch (Ubuntu Focal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1577948

Title:
  unmatched entries for apparmor STATUS messages

Status in logwatch package in Ubuntu:
  Fix Released
Status in logwatch source package in Xenial:
  Fix Committed
Status in logwatch source package in Bionic:
  Fix Committed
Status in logwatch source package in Focal:
  Fix Released
Status in logwatch source package in Groovy:
  Fix Released

Bug description:
  [Impact]

  Various AppArmor messages aren't handled by logwatch, and thus end up
  in the "Unmatched Entries" section. Some of these are noteworthy,
  others are innocuous, but given the quantity and variety of them, they
  can clutter the log.  Common ones should be either ignored or matched
  and summarized, as appropriate.

  [Test Case]

  $ export CODENAME="focal"
  $ lxc launch ubuntu:${CODENAME} test-logwatch
  $ lxc exec test-logwatch -- bash

  # apt-get update
  # apt-get dist-upgrade -y
  # apt-get install -y logwatch

  # wget https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+attachment/5407058/+files/unmatched-entries-apparmor%3Akern.log
  # cat unmatched-entries-apparmor:kern.log >> /var/log/kern.log

  # logwatch --detail High --service all --range all --output stdout

  Without the fix, there will be unmatched entries shown for
  apparmor="STATUS" ... profile="unconfined"; with the fix they won't
  display.

  (Note: For testing it's not really necessary to trigger the original
  condition that produces the log entry, since for Logwatch the purpose
  is more about making sure the entry is detected and processed
  appropriately.)

  [Regression Potential]

  Since logwatch filters logs for errors pertinent to administrators,
  standard things to watch out for are undesired changes in this filtering
  behavior, such as flagging or failing to flag issues differently than
  before, other than the specific messages being filtered with this
  change.

  [Original Report]
  Under the "Kernel Audit" heading, the following apparmor lines appear as unmatched:

  **Unmatched Entries**
  audit: type=1400 audit(1462209116.753:18): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/named" pid=22094 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.641:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/freshclam" pid=1760 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.657:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=1759 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.657:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1759 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.657:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=1759 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.657:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=1759 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.657:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/clamd" pid=1765 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.673:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" pid=1767 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.677:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=1768 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.677:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd" pid=1768 comm="apparmor_parser"
  audit: type=1400 audit(1462209262.677:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=1768 comm="apparmor_parser"

  -----------------------------------------------------------------
  Description:    Ubuntu 16.04 LTS
  Release:        16.04

  logwatch:
    Installed: 7.4.2-1ubuntu1
    Candidate: 7.4.2-1ubuntu1
    Version table:
   *** 7.4.2-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+subscriptions