[Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d

CVS User maks-guest logcheck-devel@lists.alioth.debian.org
Thu, 02 Dec 2004 13:03:55 -0700


Update of /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d
In directory haydn:/tmp/cvs-serv31929/rulefiles/linux/violations.ignore.d

Modified Files:
	logcheck-sudo 
Log Message:

don't report tty sudo usage as security event,
it's more probably a local admin.


--- /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-sudo	2004/09/28 14:57:54	1.8
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-sudo	2004/12/02 20:03:55	1.9
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|pts/[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|pts/[0-9]+|tty[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$