Andrzej Zięba
2009-Oct-17 13:42 UTC
[Logcheck-devel] Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and should be changed to something like this:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
/dev/(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
Regards,
Andrzej
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.30-2-686
Debian Release: squeeze/sid
990 testing security.debian.org
990 testing ftp.icm.edu.pl
--- Package information. ---
Package's Depends field is empty.
Package's Recommends field is empty.
Package's Suggests field is empty.
--
Andrzej Zi?ba
Pruszcz Gda?ski
Poland
Debian Bug Tracking System
2009-Dec-10 19:21 UTC
[Logcheck-devel] Bug#551340: marked as done ([logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match)
Your message dated Thu, 10 Dec 2009 19:19:23 +0000 with message-id <E1NIoXr-0000O1-Gi at ries.debian.org> and subject line Bug#551340: fixed in logcheck 1.3.4 has caused the Debian Bug report #551340, regarding [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 551340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551340 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?UTF-8?B?QW5kcnplaiBaacSZYmE=?= <a-zieba at go2.pl> Subject: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match Date: Sat, 17 Oct 2009 15:42:54 +0200 Size: 2880 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20091210/89ffac4f/attachment-0002.eml> -------------- next part -------------- An embedded message was scrubbed... From: Gerfried Fuchs <rhonda at debian.at> Subject: Bug#551340: fixed in logcheck 1.3.4 Date: Thu, 10 Dec 2009 19:19:23 +0000 Size: 8647 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20091210/89ffac4f/attachment-0003.eml>
Reasonably Related Threads
- Bug#526911: logcheck: Please set rsyslog as default system log daemon
- Bug#254681: logcheck-database: su from cron job not necessarily to "nobody"
- Bug#542265: sendmail-base and logcheck-database: error when trying to install together
- Bug#368313: logcheck-database: new postfix violations ignore rule
- Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...