[Logcheck-commits] Hannes von Haugwitz: ignore.d.server/login: added rule to match newgrp messages (closes: #545318)

[Gerfried Fuchs]

Module: logcheck
Branch: lenny-backports
Commit: 6b3bc4040dd37613a9f130d03fdb59db0ee2683b
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=6b3bc4040dd37613a9f130d03fdb59db0ee2683b

Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date:   Wed Jan 20 15:24:42 2010 +0100

ignore.d.server/login: added rule to match newgrp messages (closes: #545318)

---

 debian/changelog                      |    1 +
 rulefiles/linux/ignore.d.server/login |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b27794f..b5d6a70 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,7 @@ logcheck (1.3.6) UNRELEASED; urgency=low
     - ignore ext4 mount message
   * ignore.d.server/login
     - adjusted login rule to also match /dev/ prefix
+    - added rule to match newgrp messages, thanks to Martin Mazur (closes: #545318)
   * ignore.d.workstation/ifplugd
     - added rules for ifplugd.action script execution
   * ignore.d.workstation/ppp
diff --git a/rulefiles/linux/ignore.d.server/login b/rulefiles/linux/ignore.d.server/login
index 8c52b89..924dda8 100644
--- a/rulefiles/linux/ignore.d.server/login
+++ b/rulefiles/linux/ignore.d.server/login
@@ -1 +1,2 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login\[[0-9]+\]: ROOT LOGIN  on '(/dev/)?tty[0-9]'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ newgrp\[[0-9]+\]: user '[[:alnum:]-]+' \(login '[[:alnum:]-]+' on (pts/[0-9]+|tty[0-9]+)\) (returned|switched) to group '[[:alnum:]-]+'$