[Logcheck-devel] Bug#343631: logcheck-database: sudo: Ignore jobs from vc too?
Bill Wohler
wohler at newt.com
Fri Dec 16 17:56:39 UTC 2005
Package: logcheck-database
Version: 1.2.42
Severity: normal
Tags: patch
Unless there is a good reason not to do so, logcheck may as well ignore
sudo commands from the virtual consoles (/dev/vc/*) too. This affects
the first line in /etc/logcheck/violations.ignore.d/logcheck-sudo.
Here's a suggested replacement:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$
p.s. Does the "patch" tag literally mean patch with some automation
implications, or that a fix is included?
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (600, 'testing'), (80, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
Maintainer of comp.mail.mh FAQ and MH-E. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.
More information about the Logcheck-devel
mailing list