Bill Wohler
2005-Dec-16 17:56 UTC
[Logcheck-devel] Bug#343631: logcheck-database: sudo: Ignore jobs from vc too?
Package: logcheck-database
Version: 1.2.42
Severity: normal
Tags: patch
Unless there is a good reason not to do so, logcheck may as well ignore
sudo commands from the virtual consoles (/dev/vc/*) too. This affects
the first line in /etc/logcheck/violations.ignore.d/logcheck-sudo.
Here's a suggested replacement:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ :
TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ;
COMMAND=/(usr|etc|bin|sbin)/.*$
p.s. Does the "patch" tag literally mean patch with some automation
implications, or that a fix is included?
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (600, 'testing'), (80, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to
en_US)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--
Bill Wohler <wohler at newt.com> http://www.newt.com/wohler/ GnuPG
ID:610BD9AD
Maintainer of comp.mail.mh FAQ and MH-E. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.
Todd Troxell
2006-Jan-10 11:39 UTC
Bug#343631: [Logcheck-devel] Bug#343631: logcheck-database: sudo: Ignore jobs from vc too?
On Fri, Dec 16, 2005 at 09:56:39AM -0800, Bill Wohler wrote:> Package: logcheck-database > Version: 1.2.42 > Severity: normal > Tags: patch > > Unless there is a good reason not to do so, logcheck may as well ignore > sudo commands from the virtual consoles (/dev/vc/*) too. This affects > the first line in /etc/logcheck/violations.ignore.d/logcheck-sudo. > Here's a suggested replacement: > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$Thanks, Bill. Patched in CVS.> p.s. Does the "patch" tag literally mean patch with some automation > implications, or that a fix is included?I am not sure what you mean by automation implications, but I suspect it's not that specific. The official defintiion is: "A patch or some other easy procedure for fixing the bug is included in the bug logs. If there's a patch, but it doesn't resolve the bug adequately or causes some other problems, this tag should not be used." Cheers, -- Todd Troxell http://rapidpacket.com/~xtat