similar to: Bug#428428: patch for cron ignore rule

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar

Package: logcheck Version: 1.2.54 Followup-For: Bug #330220 root at ns2:/# ls -l /var/lock/ total 4 drwxr-xr-x 2 root root 4096 2007-01-30 15:40 logcheck I think chmod 775 on that file would fix this problem... -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked

Package: logcheck-database Version: 1.2.54 Severity: minor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-dp0 Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends

Hi there, I know this is the classic RTFM list question but... I've really tried hard on this and no result! This is what I'm receving from logcheck: System Events =-=-=-=-=-=-= Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):

Package: logcheck Version: 1.2.32 Severity: wishlist /etc/cron.daily/sysklogd restarts syslogd at the end of the script. This causes a daily log message, currently missed by logcheck: Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception). I'm currently using this regex in ignore.server.d/local-syslogd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote

Package: logcheck Version: 1.2.51 Severity: normal Logcheck has an implicit assumption that the default locale should be used by grep when processing log files. However, that's not always the case. For example, I use the locale "en_US.UTF-8", and consequently grep assumes that its inputs are encoded as UTF-8. But the log files appear to be encoded as ISO 8859-1, which means that

Package: logcheck Version: 1.2.23 Severity: normal Hello, I have: # /bin/cat ignore.d.server/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$ and: # /bin/cat ignore.d.paranoid/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

I am troubleshooting a new cron line that is triggering logcheck. Other cron entries do not trigger logcheck, even though they are logged in /var/log/syslog This is a security trigger, and I know it is because of certain words in the cron entry. What I can't figure out is which entry in logcheck is ignoring the other cron events? Here is a cron log from syslog that does not

Package: logcheck Version: 1.2.43a Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have messages like these in my logs: Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57 Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57

Package: logcheck Version: 1.2.43a Severity: minor /etc/logcheck/ignore.d.server/ntp contains: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local clock by [.0-9]+s$ However, this will not match negative corrections such as: System Events =-=-=-=-=-=-= Mar 5 01:44:55 billchase ntpd[6171]: adjusting local clock by -0.190112s Mar 5 01:55:20 billchase ntpd[6171]: adjusting local

On 2019-02-19 3:47 pm, Rowland Penny via samba wrote: > On Tue, 19 Feb 2019 15:25:51 -0500 >> What exactly does "START AGAIN" imply? Just chmod? > > 'ls' shows the correct ownership and Unix permissions: > > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 programs > > But 'getfacl' show something different: > > getfacl:

Package: logcheck Version: 1.2.43a Severity: normal -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: i386 (i586) Kernel: Linux 2.6.10 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 Versions of packages logcheck depends on: ii adduser 3.77 Add and remove

Package: logcheck Version: 1.2.35 Severity: minor Current manual reads: EXAMPLES logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID: logcheck -o -t Check the logfiles without updating the offset. Print everything to STDOUT I believe this shuold be formatted as: EXAMPLES logcheck can be invoked directly thanks

Hello. I'm having a problem using rsync to copy my root partition to a new disk. This disk has a previous copy on it, and rsync seems determined to (unnecessarily) delete files from it. Worse, despite the fact that the files DO exist on the source, it does not update the destination, leaving me with less than I had before?! Here's my usage: ] server# /usr/local/bin/rsync -naxv --delete

First, thanks for making my life much more secure! Second, note that I just went from ssh 1.2.27 to openssh 2.3.0p1 and found that server-side scp was broken: make install put scp in /usr/local/bin yet the server-side PATH doesn't include /usr/local/bin... ssh-server# pwd /usr/local/src/openssh-2.3.0p1 ssh-server# ./configure --sysconfdir=/etc --with-ssl-dir=../openssl-0.9.6 \

On Tue, 19 Feb 2019 16:13:27 -0500 Marco Shmerykowsky <marco at sce-engineers.com> wrote: > > On 2019-02-19 3:47 pm, Rowland Penny via samba wrote: > > On Tue, 19 Feb 2019 15:25:51 -0500 > > >> What exactly does "START AGAIN" imply? Just chmod? > > > > 'ls' shows the correct ownership and Unix permissions: > > > >

On Tue, 19 Feb 2019 16:42:44 -0500 Marco Shmerykowsky <marco at sce-engineers.com> wrote: > > > --- > Marco J. Shmerykowsky, P.E. > marco at sce-engineers.com > > -------------------------------------------- > Shmerykowsky Consulting Engineers > Structural Analysis & Design > 102 West 38th Street, 2nd Floor > New York, New

I'm getting an inkling on the problem. In my OLD WinNT style Domain setup, I copies all my files to another windows machine. I then setup the new server and once I established a connection which I thought was stable, I copied all the files back to the new server on the AD Domain. I strongly suspect that the problem has to do with the resulting ACLs and permissions from copying between the

From: Simon Deziel <simon.deziel at gmail.com> Fixes LP: #806537 Signed-off-by: Simon Deziel <simon.deziel at gmail.com> --- rulefiles/linux/ignore.d.server/openvpn | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn index 2b4bfd6..d80f42f 100644 ---

Hello all! I try mondo/mindi for some days now but it does not work and I don't know the reason. It is an intel Suse-8.0 Client and I use the Suse-8.0 packages from ftp.mondorescue.org. dhcp and tftp work fine. mondoarchive works, but I don't find any initrd.img for pxe/nfs. All initrd I have found ask for a CDROM and as they cannot find any they ask for a floppy when starting the pxe