[Logcheck-devel] Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo

Raphael Manfredi Raphael_Manfredi at pobox.com
Thu Sep 17 13:56:34 UTC 2009


Package: logcheck-database
Version: 1.3.3
Severity: normal

The violations.d/sudo pattern contains:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$

This line is not catching explicit calls to /usr/bin/sudo since the
auth.log file will then contain:

Sep 17 15:50:54 tours /usr/bin/sudo:      ram : TTY=pts/10 ; PWD=/home/ram ; USER=root ; COMMAND=/bin/su

which is not matched by the above pattern.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.6
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

-- debconf information:
  logcheck-database/conffile-cleanup: false





More information about the Logcheck-devel mailing list