Russ Allbery
2008-Feb-09 17:46 UTC
[Logcheck-devel] Bug#464895: logcheck-database: ignore PAM session messages from sudo
Package: logcheck-database Version: 1.2.63 Severity: wishlist Tags: patch The new pam_unix module logs session calls via syslog, resulting in new log messagse for each sudo job that calls the pam_unix session handler. (This was previously sent only to the mailing list. Putting it into the BTS so that it's not lost since it doesn't appear to have been applied yet.) -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- debconf information: * logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: logcheck-database/conffile-cleanup: false -------------- next part -------------->From c2785e1ecb0d3948c47aeb01cdcb2369ca1d3110 Mon Sep 17 00:00:00 2001From: Russ Allbery <rra at debian.org> Date: Wed, 26 Dec 2007 20:01:07 -0800 Subject: [PATCH] Ignore PAM session messages from sudo. The new pam_unix module logs session calls via syslog, resulting in new log messagse for each sudo job that calls the pam_unix session handler. --- rulefiles/linux/violations.ignore.d/logcheck-sudo | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo index 79dcad1..771def3 100644 --- a/rulefiles/linux/violations.ignore.d/logcheck-sudo +++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo @@ -1,2 +1,4 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_unix\(sudo:session\): session opened for user [_[:alnum:].-]+ by [_[:alnum:].-]+\(uid=[[:digit:]]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_unix\(sudo:session\): session closed for user [_[:alnum:].-]+$ -- 1.5.3.8
Debian Bug Tracking System
2008-Jul-07 18:30 UTC
[Logcheck-devel] Bug#464895: marked as done (logcheck-database: ignore PAM session messages from sudo)
Your message dated Mon, 7 Jul 2008 20:29:36 +0200 with message-id <20080707182936.GA15963 at edna.gwendoline.at> and subject line Re: Bug#464895: logcheck-database: ignore PAM session messages from sudo has caused the Debian Bug report #464895, regarding logcheck-database: ignore PAM session messages from sudo to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 464895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464895 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Russ Allbery <rra at debian.org> Subject: logcheck-database: ignore PAM session messages from sudo Date: Sat, 09 Feb 2008 09:46:29 -0800 Size: 4120 Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080707/af6628b7/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: Gerfried Fuchs <rhonda at deb.at> Subject: Re: Bug#464895: logcheck-database: ignore PAM session messages from sudo Date: Mon, 7 Jul 2008 20:29:36 +0200 Size: 2313 Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080707/af6628b7/attachment-0001.eml