[Logcheck-commits] Hannes von Haugwitz: i.d.s/login: ignore root logins on pseudo terminals
Gerfried Fuchs
alfie at alioth.debian.org
Thu Feb 25 19:20:31 UTC 2010
Module: logcheck
Branch: lenny-backports
Commit: 681285631486a056647274293d61bf0bf824644e
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=681285631486a056647274293d61bf0bf824644e
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Mon Feb 1 08:26:16 2010 +0100
i.d.s/login: ignore root logins on pseudo terminals
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/login | 1 +
2 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9a952e2..2f10047 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
logcheck (1.3.7) UNRELEASED; urgency=low
[ Hannes von Haugwitz ]
+ * ignore.d.server/login:
+ - added rule for root logins on pseudo terminals
* ignore.d.server/bind:
- added rules for "received notify for zone" and
"zone is up to date" message
diff --git a/rulefiles/linux/ignore.d.server/login b/rulefiles/linux/ignore.d.server/login
index 924dda8..996fb9a 100644
--- a/rulefiles/linux/ignore.d.server/login
+++ b/rulefiles/linux/ignore.d.server/login
@@ -1,2 +1,3 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login\[[0-9]+\]: ROOT LOGIN on '(/dev/)?tty[0-9]'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login: ROOT LOGIN pts/[0-9] FROM [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ newgrp\[[0-9]+\]: user '[[:alnum:]-]+' \(login '[[:alnum:]-]+' on (pts/[0-9]+|tty[0-9]+)\) (returned|switched) to group '[[:alnum:]-]+'$
More information about the Logcheck-commits
mailing list