[Logcheck-devel] Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo
Raphael Manfredi
Raphael_Manfredi at pobox.com
Thu Sep 17 13:56:34 UTC 2009
Package: logcheck-database
Version: 1.3.3
Severity: normal
The violations.d/sudo pattern contains:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
This line is not catching explicit calls to /usr/bin/sudo since the
auth.log file will then contain:
Sep 17 15:50:54 tours /usr/bin/sudo: ram : TTY=pts/10 ; PWD=/home/ram ; USER=root ; COMMAND=/bin/su
which is not matched by the above pattern.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30.6
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
logcheck-database/conffile-cleanup: false
More information about the Logcheck-devel
mailing list