** Description changed:
[Impact]
Exim issues a warning when self-signed certificates are used, but these
messages aren't handled by logwatch, and thus end up in the "Unmatched Entries"
section, one per event. It is not uncommon to run Exim with self-signed
certificates, since it will behave that way by default on a simple
installation, however they are worth mentioning in the log output since it
could indicate a mis-configuration if signed certs were intended, so should be
matched and summarized.
[Test Case]
$ export CODENAME="focal"
$ lxc launch ubuntu:${CODENAME} test-logwatch
$ lxc exec test-logwatch -- bash
# apt-get update
# apt-get dist-upgrade -y
+ # apt-get install -y exim4
# apt-get install -y logwatch
# wget
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+attachment/5407060/+files/unmatched-entries-exim%3Aexim4.mainlog.1
# cat unmatched-entries-exim:exim4.mainlog.1 >> /var/log/exim4/mainlog.1
# logwatch --detail High --service all --range all --output stdout
Without the fix, there will be unmatched entries with "BAD FORMAT"
alerts; with the fix there will be a calmer mention that self-signed
certs are in use.
(Note: For testing it's not really necessary to trigger the original
condition that produces the log entry, since for Logwatch the purpose is
more about making sure the entry is detected and processed
appropriately.)
[Regression Potential]
Since logwatch filters logs for errors pertinent to administrators,
standard things to watch out for are undesired changes in this filtering
behavior, such as flagging or failing to flag issues differently than
before, other than the specific messages being filtered with this
change.
-
[Original Report]
On focal with exim installed, I'm seeing unmatched entries about self-signed
certs:
***** BAD FORMAT (Possible data corruption or Exim bug) *****
Suggested action: either install a certificate or change
tls_advertise_hosts option
...
**Unmatched Entries**
2020-04-24 20:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 2 Time(s)
2020-04-24 21:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 21:30:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
2020-04-24 22:00:42 Warning: No server certificate defined; will use a
selfsigned one.: 1 Time(s)
The logs show:
2020-04-25 10:00:42 Warning: No server certificate defined; will use a
selfsigned one.
Suggested action: either install a certificate or change tls_advertise_hosts
option
2020-04-25 10:00:42 Start queue run: pid=3512600
2020-04-25 10:00:42 End queue run: pid=3512600
So the 'BAD FORMAT' is simply a continuation of the warning line
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892269
Title:
Unmatched entry for exim with selfsigned certificate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
