[Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d
CVS User maks-guest
logcheck-devel@lists.alioth.debian.org
Thu, 02 Dec 2004 13:03:55 -0700
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d
In directory haydn:/tmp/cvs-serv31929/rulefiles/linux/violations.ignore.d
Modified Files:
logcheck-sudo
Log Message:
don't report tty sudo usage as security event,
it's more probably a local admin.
--- /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-sudo 2004/09/28 14:57:54 1.8
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-sudo 2004/12/02 20:03:55 1.9
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|pts/[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|pts/[0-9]+|tty[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$