Christoph Anton Mitterer
2009-Jan-11 14:09 UTC
[Logcheck-devel] Bug#511483: logcheck-database: please add rules for rkhunter
Package: logcheck-database Severity: wishlist Hi. Could you please add rules for rkhunter:>This email is sent by logcheck. If you no longer wish to receive >such mails, you can either deinstall the logcheck package or modify >its configuration file (/etc/logcheck/logcheck.conf). > >System Events >=-=-=-=-=-=-> 0 Lines skipped (already processed) > 0 Patterns to ignore > 0 Ignored lines > 1 lcg-lrz-admin Rootkit Hunter: Rootkit hunter check started (version 1.3.2) > 1 lcg-lrz-admin Rootkit Hunter: Scanning took 2 minutes and 13 seconds > 1 lcg-lrz-admin Rootkit Hunter: Please inspect this machine, because it may be infected.So lines like these: Rootkit Hunter: Rootkit hunter check started (version 1.3.2) Rootkit Hunter: Scanning took 2 minutes and 13 seconds could be ignored. This should give a critical warning: Rootkit Hunter: Please inspect this machine, because it may be infected. Perhaps this should also be applied upstream? Thanks, Chris. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5108 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090111/b999c9d9/attachment.bin
Frédéric Brière
2009-Aug-18 22:37 UTC
[Logcheck-devel] Bug#511483: logcheck-database: please add rules for rkhunter
On Sun, Jan 11, 2009 at 03:09:06PM +0100, Christoph Anton Mitterer wrote:> Could you please add rules for rkhunter:I don't think there's much interest by the logcheck maintainers in adding support for non-syslog logfiles. (Especially since they all tend to have their own crappy syntax.)> This should give a critical warning: > Rootkit Hunter: Please inspect this machine, because it may be infected.This may be a silly question, but why don't you use rkhunter's MAIL-ON-WARNING option instead? -- < nobse> bleh... last night I had a dream... someone NMU'ed vim... nightmare -- in #debian-devel