[Logcheck-commits] Hannes von Haugwitz: v.i.d/logcheck-sudo: removed pid in krb auth rule
Hannes von Haugwitz
hvh-guest at alioth.debian.org
Thu Jul 8 07:52:22 UTC 2010
Module: logcheck
Branch: master
Commit: c9e42be13e128729668a72573d25b139075d1d12
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=c9e42be13e128729668a72573d25b139075d1d12
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Thu Jul 8 09:50:00 2010 +0200
v.i.d/logcheck-sudo: removed pid in krb auth rule
---
rulefiles/linux/violations.ignore.d/logcheck-sudo | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index 6fbc458..eeedf7d 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,4 +1,4 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo(\[[0-9]+\])?: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
More information about the Logcheck-commits
mailing list