Martin Mazur
2009-Sep-06 13:00 UTC
[Logcheck-devel] Bug#545318: logcheck-database: please add rule for newgrp messages
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Hello,
when newgrp (part of the package login) is used, I see messages
like this in my syslog:
Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on
tty1)
switched to group `backup'
Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1)
switched to group `backup'
Aug 27 19:28:19 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1)
returned to group `root'
Aug 27 19:32:37 srv1 newgrp[10132]: user `root' (login `mazur' on pts/0)
switched to group `backup'
Aug 27 19:34:01 srv1 newgrp[10155]: user `root' (login `mazur' on pts/0)
switched to group `backup'
Aug 27 19:34:18 srv1 newgrp[10155]: user `root' (login `mazur' on pts/0)
returned to group `backup'
Aug 27 19:34:22 srv1 newgrp[10132]: user `root' (login `mazur' on pts/0)
returned to group `root'
Aug 27 19:34:32 srv1 newgrp[10178]: user `root' (login `mazur' on pts/0)
switched to group `backup'
Aug 27 19:34:55 srv1 newgrp[10178]: user `root' (login `mazur' on pts/0)
returned to group `root'
The attached file contain a rule to ignore them. I've tested the rule and
it is working.
With best regards,
Martin
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
-- no debconf information
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ newgrp\[[0-9]+\]: user `[._[:alnum:]-]+'
\(login `[._[:alnum:]-]+' on (pts/[0-9]+|tty[0-9]+)\) (returned|switched) to
group `[._[:alnum:]-]+'$
Debian Bug Tracking System
2010-Jan-27 10:09 UTC
[Logcheck-devel] Bug#545318: marked as done (logcheck-database: please add rule for newgrp messages)
Your message dated Wed, 27 Jan 2010 10:07:21 +0000 with message-id <E1Na4nx-0007vL-AQ at ries.debian.org> and subject line Bug#545318: fixed in logcheck 1.3.6 has caused the Debian Bug report #545318, regarding logcheck-database: please add rule for newgrp messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 545318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545318 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Martin Mazur <debian at teclabs.eu> Subject: logcheck-database: please add rule for newgrp messages Date: Sun, 06 Sep 2009 15:00:21 +0200 Size: 3929 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20100127/06f5ebcb/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Hannes von Haugwitz <hannes at vonhaugwitz.com> Subject: Bug#545318: fixed in logcheck 1.3.6 Date: Wed, 27 Jan 2010 10:07:21 +0000 Size: 6689 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20100127/06f5ebcb/attachment-0001.eml>
Apparently Analagous Threads
- [Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.
- Adding an AD group to /etc/sudoers?
- OpenSSH-3.9p1 permanently_set_uid behavior on Linux
- Winbind / AIX 5.3 returns incomplete user informations
- unexpected groups 2000(BUILTIN\administrators) 2001(BUILTIN\users)?