Package: logcheck-database
Version: 1.2.42
Severity: normal
Tags: patch
Unless there is a good reason not to do so, logcheck may as well ignore
sudo commands from the virtual consoles (/dev/vc/*) too. This affects
the first line in /etc/logcheck/violations.ignore.d/logcheck-sudo.
Here's a suggested replacement:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ :
TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ;
COMMAND=/(usr|etc|bin|sbin)/.*$
p.s. Does the "patch" tag literally mean patch with some automation
implications, or that a fix is included?
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (600, 'testing'), (80, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to
en_US)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--
Bill Wohler <[EMAIL PROTECTED]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD
Maintainer of comp.mail.mh FAQ and MH-E. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
