[Logcheck-commits] Hannes von Haugwitz: i.d.s/login: ignore root login on serial terminals
Hannes von Haugwitz
hvh-guest at alioth.debian.org
Thu Feb 17 11:01:05 UTC 2011
Module: logcheck
Branch: master
Commit: 607840bbe7a7c7fb4244f76d12fb2e9775e10147
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=607840bbe7a7c7fb4244f76d12fb2e9775e10147
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Thu Feb 17 11:44:03 2011 +0100
i.d.s/login: ignore root login on serial terminals
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/login | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 05ea8b8..4e8162a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,6 +20,8 @@ logcheck (1.3.14) unstable; urgency=low
- mention logcheck-test in 'TESTING RULES' section
* ignore.d.workstation/wpasupplicant:
- match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message
+ * ignore.d.server/login:
+ - adjusted rule to match serial terminals
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Thu, 17 Feb 2011 06:43:37 +0100
diff --git a/rulefiles/linux/ignore.d.server/login b/rulefiles/linux/ignore.d.server/login
index 996fb9a..756bdaa 100644
--- a/rulefiles/linux/ignore.d.server/login
+++ b/rulefiles/linux/ignore.d.server/login
@@ -1,3 +1,3 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login\[[0-9]+\]: ROOT LOGIN on '(/dev/)?tty[0-9]'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login\[[0-9]+\]: ROOT LOGIN on '(/dev/)?ttyS?[0-9]'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ login: ROOT LOGIN pts/[0-9] FROM [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ newgrp\[[0-9]+\]: user '[[:alnum:]-]+' \(login '[[:alnum:]-]+' on (pts/[0-9]+|tty[0-9]+)\) (returned|switched) to group '[[:alnum:]-]+'$
More information about the Logcheck-commits
mailing list