Raphael Manfredi
2009-Sep-17 13:56 UTC
[Logcheck-devel] Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo
Package: logcheck-database
Version: 1.3.3
Severity: normal
The violations.d/sudo pattern contains:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
This line is not catching explicit calls to /usr/bin/sudo since the
auth.log file will then contain:
Sep 17 15:50:54 tours /usr/bin/sudo: ram : TTY=pts/10 ; PWD=/home/ram ;
USER=root ; COMMAND=/bin/su
which is not matched by the above pattern.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30.6
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
logcheck-database/conffile-cleanup: false
Hannes von Haugwitz
2010-Jan-19 13:50 UTC
[Logcheck-devel] Bug#547182: Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo
tags #547182 +unreproducible +moreinfo thanks Hi, I tried to reproduce this in squeeze and sid with no success. The log line contains only sudo not the full path /usr/bin/sudo. So I'm tagging this bug as unreproducible. Please provide more info about howto reproduce this behaviour, if its still reproducible by you. Thanks, Hannes
Debian Bug Tracking System
2010-Jan-19 13:54 UTC
[Logcheck-devel] Processed: Re: Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo
Processing commands for control at bugs.debian.org:> tags #547182 +unreproducible +moreinfoBug #547182 [logcheck-database] logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo Added tag(s) unreproducible. Bug #547182 [logcheck-database] logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo Added tag(s) moreinfo.> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)