[Logcheck-commits] Hannes von Haugwitz: Adjusted su rules to also match /dev/ prefix
Hannes von Haugwitz
hvh-guest at alioth.debian.org
Mon Aug 24 08:12:23 UTC 2009
Module: logcheck
Branch: master
Commit: 2b384cabcc90dea48259796bc26dc10afb914bb2
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=2b384cabcc90dea48259796bc26dc10afb914bb2
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Mon Aug 24 09:48:46 2009 +0200
Adjusted su rules to also match /dev/ prefix
This reflects the changes in pkg-shadow's revision 2929.
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/su | 2 +-
rulefiles/linux/violations.ignore.d/logcheck-su | 2 +-
3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e051dde..805b832 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
logcheck (1.3.4) experimental; urgency=low
[ Hannes von Haugwitz ]
+ * ignore.d.server/su, violations.ignore.d/logcheck-su
+ - adjusted su rules to also match /dev/ prefix
* Added rule for apcupsd (closes: #535976)
[ Frédéric Brière ]
diff --git a/rulefiles/linux/ignore.d.server/su b/rulefiles/linux/ignore.d.server/su
index 1c9be43..e054f38 100644
--- a/rulefiles/linux/ignore.d.server/su
+++ b/rulefiles/linux/ignore.d.server/su
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (/dev/)?(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for [[:alnum:]-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-su b/rulefiles/linux/violations.ignore.d/logcheck-su
index f28373d..e8fa4d5 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-su
+++ b/rulefiles/linux/violations.ignore.d/logcheck-su
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (/dev/)?(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
More information about the Logcheck-commits
mailing list