[Logcheck-devel] Bug#440123: ignore.d.server/logcheck: please update for pam 0.99+

[Aaron M. Ucko]

Upon closer inspection, a number of other files also contain old PAM
patterns; could you please update them as well?

# fgrep -nH -e '\(pam_' /etc/logcheck/*/*
/etc/logcheck/ignore.d.paranoid/cron:7:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by 
\(uid=[0-9]+\)$
/etc/logcheck/ignore.d.paranoid/cron:8:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
/etc/logcheck/ignore.d.paranoid/ssh:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+ by 
([[:alnum:]-]+)?\(uid=[0-9]+\)$
/etc/logcheck/ignore.d.paranoid/ssh:2:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [^[:space:]]+$
/etc/logcheck/ignore.d.server/dovecot:14:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ dovecot-auth: \(pam_unix\) check pass; user unknown$
/etc/logcheck/ignore.d.server/logcheck:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
([[:alnum:]]+\[[0-9]+\])?: \(pam_[[:alnum:]]+\) session opened for user 
[.[:alnum:]-]+ by (root|LOGIN)?\(uid=0\)$
/etc/logcheck/ignore.d.server/logcheck:2:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
([[:alnum:]]+\[[0-9]+\])?: \(pam_[[:alnum:]]+\) session closed for user 
[.[:alnum:]-]+$
/etc/logcheck/ignore.d.server/proftpd:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by 
\(uid=[0-9]+\))?$
/etc/logcheck/ignore.d.server/saslauthd:3:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) check pass; user 
unknown$
/etc/logcheck/ignore.d.server/ssh:19:^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ 
sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
/etc/logcheck/ignore.d.server/ssh:20:^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ 
sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for 
\[[-_.[:alnum:]]*\]$
/etc/logcheck/ignore.d.workstation/francine:1:^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+ francine: \(pam_unix\) session (opened|closed) for user [a-z]+( 
by LOGIN\(uid=0\))?$
/etc/logcheck/ignore.d.workstation/gdm:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
gdm\[[0-9]+\]: [[:alnum:]]+: \(pam_securetty\) access denied: tty ':0' is not 
secure !$
/etc/logcheck/ignore.d.workstation/kdm:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
kdm: :0\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ 
by \(uid=[0-9]+\)$
/etc/logcheck/ignore.d.workstation/kdm:2:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
kdm: :0\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
/etc/logcheck/ignore.d.workstation/wdm:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
wdm: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by 
\(uid=[0-9]+\)$
/etc/logcheck/ignore.d.workstation/wdm:2:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
wdm: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
/etc/logcheck/ignore.d.workstation/xdm:1:^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session opened for user 
[[:alnum:]-]+ by \(uid=[0-9]+\)$
/etc/logcheck/ignore.d.workstation/xdm:2:^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+[[:space:]]+: \(pam_[[:alnum:]]+\) session closed for user 
[[:alnum:]-]+$
/etc/logcheck/violations.d/su:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
su\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
/etc/logcheck/violations.d/sudo:1:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ 
sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
/etc/logcheck/violations.ignore.d/logcheck-dovecot:1:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= 
uid=0 euid=0 tty=dovecot ruser= rhost=$
/etc/logcheck/violations.ignore.d/logcheck-passwd:1:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ passwd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; 
logname=[-._[:alnum:]]+ uid=[[:digit:]]+ euid=0 tty= ruser= rhost= 
[[:space:]]*user=[-._[:alnum:]]+$
/etc/logcheck/violations.ignore.d/logcheck-proftpd:1:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ proftpd: \(pam_unix\) authentication failure; logname= uid=0 
euid=0 tty= ruser= rhost=[-_.:[:alnum:]]+  user=[-_.[:alnum:]]+$
/etc/logcheck/violations.ignore.d/logcheck-saslauthd:3:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; 
logname= uid=0 euid=0 tty= ruser= rhost= [[:space:]]*user=[-._[:alnum:]]+$
/etc/logcheck/violations.ignore.d/logcheck-ssh:11:^\w{3} [ :[:digit:]]{11} 
[._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; 
logname= uid=0 euid=0 tty=ssh ruser= 
rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
/etc/logcheck/violations.ignore.d/logcheck-su:2:^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user 
[[:alnum:]-]+ by \(uid=[0-9]+\)$
/etc/logcheck/violations.ignore.d/logcheck-su:3:^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user 
[[:alnum:]-]+ by [[:alnum:]-]+\(uid=[0-9]+\)$
/etc/logcheck/violations.ignore.d/logcheck-su:4:^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user 
[[:alnum:]-]+$

Thanks!

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger [EMAIL PROTECTED] (NOT a valid e-mail address) for more info.


_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel