Stephen Gran
2005-Jun-28 22:02 UTC
[Logcheck-devel] Bug#316167: logcheck-database: ignore on sudo doesn't belong in violations.ignore.d
Package: logcheck-database Version: 1.2.39 Severity: wishlist Hello, I would like to be able to selectively ignore sudo on some systems and not on others without being forced to just rm a conffile. The file /etc/logcheck/violations.ignore.d/logcheck-sudo (ISTM) is better placed in /etc/logcheck/ignore.d.server. THat way, a paranoid installation would still see them, but a normal one wouldn't have to. Thanks, -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy -- debconf information: * logcheck-database/conffile-cleanup: true * logcheck-database/rules-directories-note: * logcheck-database/security_level: server * logcheck-database/standard-rename-note: -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran at debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050628/96707679/attachment.pgp
maximilian attems
2005-Jul-02 10:28 UTC
Bug#316167: [Logcheck-devel] Bug#316167: logcheck-database: ignore on sudo doesn't belong in violations.ignore.d
hello stephen, On Tue, 28 Jun 2005, Stephen Gran wrote:> I would like to be able to selectively ignore sudo on some systems > and not on others without being forced to just rm a conffile. The file > /etc/logcheck/violations.ignore.d/logcheck-sudo (ISTM) is better placed > in /etc/logcheck/ignore.d.server. THat way, a paranoid installation > would still see them, but a normal one wouldn't have to.no it can't be placed there below, as security events don't have the three level filtering. easier than removing would be for your side to change it's regex so that it doesn't match any more sudo log lines. because otherwise you'll have to redo that on each upgrade. and so you'll get asked if you want to revert your change. this rule was added through popular request (see changelog for bug nr). if you give some of your users sudo access take care what you give them. i'll wait for a response from your side, but i see not much chance to changing that. -- maks