Miltiadis Chrisomallos
2015-Mar-13 22:30 UTC
[Logcheck-devel] Bug#780441: logcheck/PAM interaction ignore domain names as user
Package: logcheck
Severity: normal
Dear Maintainer,
the default "/etc/logcheck/ignore.d.server/su"
has the following
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:]-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\?
root:[_[:alnum:]-]+$
but sometimes the session closed for user .... is the hostname and has
"."
inside
like these
Mar 13 07:16:01 api su[57408]: Successful su for mydomain.com by root
Mar 13 01:52:01 api su[47132]: + ??? root:mydomain.com
Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session opened for
user mydomain.com by (uid=0)
Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session closed for
user mydomain.com
so think it must be changed like the following
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:].-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:].-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:].-]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\?
root:[_[:alnum:].-]+$
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Debian Bug Tracking System
2017-Jan-25 22:09 UTC
[Logcheck-devel] Bug#780441: marked as done (logcheck/PAM interaction ignore domain names as user)
Your message dated Wed, 25 Jan 2017 22:05:36 +0000 with message-id <E1cWVhA-0002vy-SN at fasolo.debian.org> and subject line Bug#780441: fixed in logcheck 1.3.18 has caused the Debian Bug report #780441, regarding logcheck/PAM interaction ignore domain names as user to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Miltiadis Chrisomallos <miltos.c at gmail.com> Subject: logcheck/PAM interaction ignore domain names as user Date: Sat, 14 Mar 2015 00:30:38 +0200 Size: 3561 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20170125/3e44960d/attachment.mht> -------------- next part -------------- An embedded message was scrubbed... From: Hannes von Haugwitz <hannes at vonhaugwitz.com> Subject: Bug#780441: fixed in logcheck 1.3.18 Date: Wed, 25 Jan 2017 22:05:36 +0000 Size: 7772 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20170125/3e44960d/attachment-0001.mht>