[Logcheck-devel] Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication
Michel Messerschmidt
lists at michel-messerschmidt.de
Tue Jul 6 18:21:15 UTC 2010
Package: logcheck
Version: 1.3.10
Severity: normal
Tags: patch
Many of my logcheck reports are triggered by regular user authentication
against kerberos enabled services.
Here are rules to ignore authentication success messages for some common
daemons.
violations.ignore.d/logcheck-sudo:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5+\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
ignore.d.server/cups-lpd:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cupsd: pam_krb5\(cups:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
ignore.d.server/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_krb5\(sshd:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
ignore.d.workstation/gdm:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: pam_krb5\(gdm:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$
Regards,
Michel
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')onan!
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-vserver-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck depends on:
ii adduser 3.112 add and remove users and groups
ii cron 3.0pl1-113 process scheduling daemono ignore successful kerberos authentication
ii exim4 4.72-1 metapackage to ease Exim MTA (v4)
ii exim4-daemon-light [mail-tran 4.72-1 lightweight Exim MTA (v4) daemon
ii lockfile-progs 0.1.15 Programs for locking and unlocking
ii logtail 1.3.10 Print log file lines that have not
ii mime-construct 1.10 construct/send MIME messages from
ii rsyslog [system-log-daemon] 4.6.2-1 enhanced multi-threaded syslogd
Versions of packages logcheck recommends:
ii logcheck-database 1.3.10 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summary <none> (no description available)
-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
More information about the Logcheck-devel
mailing list