[SECURITY UPDATE] logcheck ignore database v0.11

tier1.jp released logcheck ignore database v0.11 for Debian GNU/Linux stretch and buster.

Security Issue

We've noticed that settings which allow logcheck to send its summary mails to normal users which is used daily, can cause a security issue which leaks restricted dmesg information.

  1. Processes running under those users can virtually see dmesg, which could provide important information for attackers via those processes.
    • Debian Linux Kernel does not allow dmesg for normal users (CONFIG_SECURITY_DMESG_RESTRICT=y # kernel.dmesg_restrict=1).
user$ dmesg
dmesg: read kernel buffer failed: Operation not permitted
  1. Both Debian and our logcheck ignore database did not suppress those dmesg outputs enough.
    • /var/mail/USER can contain dmesg output.
  2. We've started to add suppression rules for those important dmesg information, such as address range, port numbers, etc.
    • We've just started and it is not enough now.
    • It only covers very partial amd64 machine outputs.


Please update our ignore database ASAP, if you are using.

  1. Do not add daily normal users into logcheck recipient lists.
    • At least who does developments tasks.
  2. Restrict web access.
    • Never execute anything from the Internet directly.
    • Use browser tracking protections as much as possible.
  3. Create special (but normal) user [1] to receive those logcheck summary mails.
[1]who does nothing but to read summary mails.


The tar file is available at the software page.

published: MODIFIED: