[Logcheck-devel] Bug#449028: logcheck: has the test for 'admin' in violations.d/ ever caught anything on a Debian system?

Stephen Gran sgran at debian.org
Fri Nov 2 13:03:22 UTC 2007 

Package: logcheck
Version: 1.2.54
Severity: wishlist

Hi there,

I was just curious what the point of this rule was.  No 'admin' account is
installed on Debian systems, but frequently sites use an account named
something like this for, unsurprisingly, admin purposes.  This rule
means that every time the admin user does anything, it gets reported.
Is this actually helpful?  It just seems to add noise without signal to
my logcheck emails.

Thanks for considering,

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.utf-8, LC_CTYPE=en_US.utf-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf-8)

Versions of packages logcheck depends on:
ii  adduser          3.102                   Add and remove users and groups
ii  cron             3.0pl1-100              management of regular background p
ii  debconf          1.5.11                  Debian configuration management sy
ii  exim4-daemon-hea 4.63-17                 exim MTA (v4) daemon with extended
ii  grep             2.5.1.ds2-6             GNU grep, egrep and fgrep
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logtail          1.2.54                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  sysklogd [system 1.4.1-18                System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.54     database of system log rules for t

-- debconf information:
* logcheck/auto_create_logfiles: true
  logcheck/upgrade-note:
* logcheck/changes:
* logcheck/install-note:
* logcheck/email_address: root

-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20071102/fad5e11e/attachment.pgp

More information about the Logcheck-devel mailing list