Bug#316167: [Logcheck-devel] Bug#316167: logcheck-database: ignore on sudo doesn't belong in violations.ignore.d

maximilian attems debian at sternwelten.at
Sat Jul 2 10:28:47 UTC 2005


hello stephen,

On Tue, 28 Jun 2005, Stephen Gran wrote:

> I would like to be able to selectively ignore sudo on some systems
> and not on others without being forced to just rm a conffile.  The file
> /etc/logcheck/violations.ignore.d/logcheck-sudo (ISTM) is better placed
> in /etc/logcheck/ignore.d.server.  THat way, a paranoid installation
> would still see them, but a normal one wouldn't have to.

no it can't be placed there below, as security events don't have the
three level filtering.

easier than removing would be for your side to change it's regex so
that it doesn't match any more sudo log lines.
because otherwise you'll have to redo that on each upgrade.
and so you'll get asked if you want to revert your change.

this rule was added through popular request (see changelog for bug nr).
if you give some of your users sudo access take care what you give them.

i'll wait for a response from your side, but i see not much chance
to changing that. 
 
--
maks






More information about the Logcheck-devel mailing list