[Logcheck-commits] Hannes von Haugwitz: v.i.d/logcheck-sudo: match COMMAND=list and TTY= console
Gerfried Fuchs
rhonda at alioth.debian.org
Mon Sep 27 19:38:31 UTC 2010
Module: logcheck
Branch: lenny-backports
Commit: 388daabadd876d68c060e3bbb0a40459fe8cb0fc
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=388daabadd876d68c060e3bbb0a40459fe8cb0fc
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Wed Sep 1 07:58:36 2010 +0200
v.i.d/logcheck-sudo: match COMMAND=list and TTY=console
closes: #593482
---
debian/changelog | 3 +++
rulefiles/linux/violations.ignore.d/logcheck-sudo | 2 +-
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 8a68163..e63d7b7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ logcheck (1.3.13) UNRELEASED; urgency=low
* ignore.d.server/pure-ftpd:
- fixed user name pattern in logout message, thanks to Simon Breuss
(LP: #619119)
+ * violations.ignore.d/logcheck-sudo:
+ - match COMMAND=list and TTY=console, thanks to Michel Messerschmidt for
+ the patch (closes: #593482)
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Tue, 31 Aug 2010 18:17:54 +0200
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index eeedf7d..92c3dd4 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,5 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
More information about the Logcheck-commits
mailing list