group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #37151
[Bug 1577948] Re: unmatched entries for apparmor STATUS messages
This bug was fixed in the package logwatch - 7.5.2-1ubuntu1.1
---------------
logwatch (7.5.2-1ubuntu1.1) focal; urgency=medium
[ Bryce Harrington ]
* d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
dhcpd: Ignore lease age under threshold messages
(LP: #1578001)
* d/p/0019-exim-Handle-self-signed-certs-warnings.patch:
exim: Handle self-signed certs warnings.
(LP: #1892269)
* d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch:
audit: Treat Denial-Errors same as Denied.
(LP: #1577948)
* d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch:
audit: Apparmor DENIED entries don't always include parent=N.
(LP: #1577948)
* d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch:
pam_unix: Ignore issues about /etc/securetty being missing.
(LP: #1890751)
* d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch:
zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing.
These are not installed by default in Ubuntu's logwatch packaging.
(LP: #1890749)
* d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch:
secure: Ignore warnings about gnome-keyring-daemon items already
registered.
(LP: #1890752)
* d/p/0012-postfix-Handle-backwards-compatible-mode.patch:
postfix: Handle backwards-compatible mode.
(LP: #1583705)
* d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch:
postfix: Ignore Resolved loghost to 127.0.0.1.
(LP: #1583705)
* d/p/0010-00-debspecific-disable-su-reporting-in-secure.diff.patch:
Use $PATH to determine location of zpool and zfs.
(LP: #1880211)
[ Lucas Kanashiro ]
* d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch:
audit: use the term ALLOWED instead of Grants.
(LP: #1577948)
-- Bryce Harrington <bryce@xxxxxxxxxxxxx> Thu, 03 Sep 2020 04:22:00
+0000
** Changed in: logwatch (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1577948
Title:
unmatched entries for apparmor STATUS messages
Status in logwatch package in Ubuntu:
Fix Released
Status in logwatch source package in Xenial:
Fix Committed
Status in logwatch source package in Bionic:
Fix Committed
Status in logwatch source package in Focal:
Fix Released
Status in logwatch source package in Groovy:
Fix Released
Bug description:
[Impact]
Various AppArmor messages aren't handled by logwatch, and thus end up
in the "Unmatched Entries" section. Some of these are noteworthy,
others are innocuous, but given the quantity and variety of them, they
can clutter the log. Common ones should be either ignored or matched
and summarized, as appropriate.
[Test Case]
$ export CODENAME="focal"
$ lxc launch ubuntu:${CODENAME} test-logwatch
$ lxc exec test-logwatch -- bash
# apt-get update
# apt-get dist-upgrade -y
# apt-get install -y logwatch
# wget https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+attachment/5407058/+files/unmatched-entries-apparmor%3Akern.log
# cat unmatched-entries-apparmor:kern.log >> /var/log/kern.log
# logwatch --detail High --service all --range all --output stdout
Without the fix, there will be unmatched entries shown for
apparmor="STATUS" ... profile="unconfined"; with the fix they won't
display.
(Note: For testing it's not really necessary to trigger the original
condition that produces the log entry, since for Logwatch the purpose
is more about making sure the entry is detected and processed
appropriately.)
[Regression Potential]
Since logwatch filters logs for errors pertinent to administrators,
standard things to watch out for are undesired changes in this filtering
behavior, such as flagging or failing to flag issues differently than
before, other than the specific messages being filtered with this
change.
[Original Report]
Under the "Kernel Audit" heading, the following apparmor lines appear as unmatched:
**Unmatched Entries**
audit: type=1400 audit(1462209116.753:18): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/named" pid=22094 comm="apparmor_parser"
audit: type=1400 audit(1462209262.641:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/freshclam" pid=1760 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=1759 comm="apparmor_parser"
audit: type=1400 audit(1462209262.657:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/clamd" pid=1765 comm="apparmor_parser"
audit: type=1400 audit(1462209262.673:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" pid=1767 comm="apparmor_parser"
audit: type=1400 audit(1462209262.677:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=1768 comm="apparmor_parser"
audit: type=1400 audit(1462209262.677:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd" pid=1768 comm="apparmor_parser"
audit: type=1400 audit(1462209262.677:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=1768 comm="apparmor_parser"
-----------------------------------------------------------------
Description: Ubuntu 16.04 LTS
Release: 16.04
logwatch:
Installed: 7.4.2-1ubuntu1
Candidate: 7.4.2-1ubuntu1
Version table:
*** 7.4.2-1ubuntu1 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+subscriptions