[Logcheck-commits] Frédéric Brière : ignore.d.server/scponly: added the exhaustive list of commands allowed

[Frédéric Brière]

Module: logcheck
Branch: master
Commit: 73edcb87644831073c8b7e63a6cf1f8f7fbdb647
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=73edcb87644831073c8b7e63a6cf1f8f7fbdb647

Author: Frédéric Brière <fbriere at fbriere.net>
Date:   Tue Aug 18 18:06:20 2009 -0400

ignore.d.server/scponly: added the exhaustive list of commands allowed

This, together with the previous commit, closes: #506333

---

 debian/changelog                        |    3 ++-
 rulefiles/linux/ignore.d.server/scponly |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index cc08720..00a00d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,8 +22,9 @@ logcheck (1.3.4) experimental; urgency=low
     - added "authentication succeeded' rule
   * ignore.d.server/dhcp:
     - interface names can have underscore in them (closes: #518422)
-  * ignore.d.server/scponly:
+  * ignore.d.server/scponly: (closes: #506333)
     - added missing process name before PID
+    - added the exhaustive list of commands allowed by scponly
 
  -- Frédéric Brière <fbriere at fbriere.net>  Mon, 17 Aug 2009 11:48:08 -0400
 
diff --git a/rulefiles/linux/ignore.d.server/scponly b/rulefiles/linux/ignore.d.server/scponly
index d547bef..52785bd 100644
--- a/rulefiles/linux/ignore.d.server/scponly
+++ b/rulefiles/linux/ignore.d.server/scponly
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scponly\[[0-9]+\]: running: /(usr/)?bin/(groups|ls|mkdir|mv|pwd|rm|rsync|scp).* \(username: [._[:alnum:]-]+\([0-9]+\), IP/port: [.:[:alnum:]]+ [0-9]+ 22\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scponly\[[0-9]+\]: running: (/(usr/)?bin/(ls|chmod|chown|chgrp|mkdir|rmdir|scp|ln|mv|rm|groups|pwd|echo|passwd)|cd|/usr/lib/sftp-server).* \(username: [._[:alnum:]-]+\([0-9]+\), IP/port: [.:[:alnum:]]+ [0-9]+ 22\)$