Sorry, Paul, I was wrong with my last response to your problem. In fact your are getting false positives from logcheck, because the log entries contained the string BAD (case-indipendant)
Logcheck is preconfigured to flag any lines containing BAD as security violations. :-) Greetings Michael P Ferwerda wrote: >I recently turned on logcheck for the first time and am getting the following >security violations. It isn't clear to me why they are security violations. Should >I be shutting this access off in some fashion? >[...] > >>Security Violations >>=-=-=-=-=-=-=-=-=-= >>Oct 24 08:48:29 www sendmail[4114]: IAA04112: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp, >relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action okay, >completed) >>[...] >> _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
