[Logcheck-commits] Frédéric Brière : ignore.d.server/scponly: added the exhaustive list of commands allowed
Frédéric Brière
fbriere-guest at alioth.debian.org
Tue Aug 18 22:07:41 UTC 2009
Module: logcheck
Branch: master
Commit: 73edcb87644831073c8b7e63a6cf1f8f7fbdb647
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=73edcb87644831073c8b7e63a6cf1f8f7fbdb647
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Tue Aug 18 18:06:20 2009 -0400
ignore.d.server/scponly: added the exhaustive list of commands allowed
This, together with the previous commit, closes: #506333
---
debian/changelog | 3 ++-
rulefiles/linux/ignore.d.server/scponly | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index cc08720..00a00d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,8 +22,9 @@ logcheck (1.3.4) experimental; urgency=low
- added "authentication succeeded' rule
* ignore.d.server/dhcp:
- interface names can have underscore in them (closes: #518422)
- * ignore.d.server/scponly:
+ * ignore.d.server/scponly: (closes: #506333)
- added missing process name before PID
+ - added the exhaustive list of commands allowed by scponly
-- Frédéric Brière <fbriere at fbriere.net> Mon, 17 Aug 2009 11:48:08 -0400
diff --git a/rulefiles/linux/ignore.d.server/scponly b/rulefiles/linux/ignore.d.server/scponly
index d547bef..52785bd 100644
--- a/rulefiles/linux/ignore.d.server/scponly
+++ b/rulefiles/linux/ignore.d.server/scponly
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scponly\[[0-9]+\]: running: /(usr/)?bin/(groups|ls|mkdir|mv|pwd|rm|rsync|scp).* \(username: [._[:alnum:]-]+\([0-9]+\), IP/port: [.:[:alnum:]]+ [0-9]+ 22\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scponly\[[0-9]+\]: running: (/(usr/)?bin/(ls|chmod|chown|chgrp|mkdir|rmdir|scp|ln|mv|rm|groups|pwd|echo|passwd)|cd|/usr/lib/sftp-server).* \(username: [._[:alnum:]-]+\([0-9]+\), IP/port: [.:[:alnum:]]+ [0-9]+ 22\)$
More information about the Logcheck-commits
mailing list