Bug#343631: [Logcheck-devel] Bug#343631: logcheck-database: sudo: Ignore jobs from vc too?
Todd Troxell
ttroxell at debian.org
Tue Jan 10 11:39:22 UTC 2006
On Fri, Dec 16, 2005 at 09:56:39AM -0800, Bill Wohler wrote:
> Package: logcheck-database
> Version: 1.2.42
> Severity: normal
> Tags: patch
>
> Unless there is a good reason not to do so, logcheck may as well ignore
> sudo commands from the virtual consoles (/dev/vc/*) too. This affects
> the first line in /etc/logcheck/violations.ignore.d/logcheck-sudo.
> Here's a suggested replacement:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$
Thanks, Bill. Patched in CVS.
> p.s. Does the "patch" tag literally mean patch with some automation
> implications, or that a fix is included?
I am not sure what you mean by automation implications, but I suspect it's
not that specific.
The official defintiion is:
"A patch or some other easy procedure for fixing the bug is included in the
bug logs. If there's a patch, but it doesn't resolve the bug adequately or
causes some other problems, this tag should not be used."
Cheers,
--
Todd Troxell
http://rapidpacket.com/~xtat
More information about the Logcheck-devel
mailing list