[Logcheck-commits] Hannes von Haugwitz: v.i.d/logcheck-sudo: ignore successful krb auth
Hannes von Haugwitz
hvh-guest at alioth.debian.org
Wed Jul 7 18:19:18 UTC 2010
Module: logcheck
Branch: master
Commit: 5ee636160e83df82ee4c9bd1a04603a988ccd3ff
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=5ee636160e83df82ee4c9bd1a04603a988ccd3ff
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Wed Jul 7 20:07:11 2010 +0200
v.i.d/logcheck-sudo: ignore successful krb auth
see: #588285
---
debian/changelog | 3 +++
rulefiles/linux/violations.ignore.d/logcheck-sudo | 1 +
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index f6e7869..1c5bea9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,9 @@ logcheck (1.3.11) UNRELEASED; urgency=low
* ignore.d.server/libpam-krb5: new
- ignore successful kerberos authentication, thanks to
Russ Allbery (closes: #588285)
+ * violations.ignore.d/logcheck-sudo:
+ - ignore successful kerberos authentication, thanks to
+ Michel Messerschmidt (see: #588285)
[ martin f. krafft ]
* ignore.d.server/postfix:
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index 1b9413a..6fbc458 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,3 +1,4 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[0-9]+\])?: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
More information about the Logcheck-commits
mailing list