[Logcheck-devel] Bug#588285: logcheck: Additional rules to ignore successful kerberos authentication

Michel Messerschmidt lists at michel-messerschmidt.de
Tue Jul 6 18:21:15 UTC 2010 

Package: logcheck
Version: 1.3.10
Severity: normal
Tags: patch

Many of my logcheck reports are triggered by regular user authentication
against kerberos enabled services.
Here are rules to ignore authentication success messages for some common
daemons.

violations.ignore.d/logcheck-sudo:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5+\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$

ignore.d.server/cups-lpd:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cupsd: pam_krb5\(cups:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$

ignore.d.server/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_krb5\(sshd:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$

ignore.d.workstation/gdm:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: pam_krb5\(gdm:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]@-]+$


Regards,
Michel

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')onan!
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-vserver-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser                       3.112      add and remove users and groups
ii  cron                          3.0pl1-113 process scheduling daemono ignore successful kerberos authentication                                                                                       
ii  exim4                         4.72-1     metapackage to ease Exim MTA (v4)
ii  exim4-daemon-light [mail-tran 4.72-1     lightweight Exim MTA (v4) daemon
ii  lockfile-progs                0.1.15     Programs for locking and unlocking
ii  logtail                       1.3.10     Print log file lines that have not
ii  mime-construct                1.10       construct/send MIME messages from
ii  rsyslog [system-log-daemon]   4.6.2-1    enhanced multi-threaded syslogd

Versions of packages logcheck recommends:
ii  logcheck-database             1.3.10     database of system log rules for t

Versions of packages logcheck suggests:
pn  syslog-summary                <none>     (no description available)

-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'

-- no debconf information

More information about the Logcheck-devel mailing list