Your message dated Mon, 7 Jul 2008 20:29:36 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#464895: logcheck-database: ignore PAM session messages
from sudo
has caused the Debian Bug report #464895,
regarding logcheck-database: ignore PAM session messages from sudo
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
464895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464895
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch
The new pam_unix module logs session calls via syslog, resulting in new
log messagse for each sudo job that calls the pam_unix session handler.
(This was previously sent only to the mailing list. Putting it into the
BTS so that it's not lost since it doesn't appear to have been applied
yet.)
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
>From c2785e1ecb0d3948c47aeb01cdcb2369ca1d3110 Mon Sep 17 00:00:00 2001
From: Russ Allbery <[EMAIL PROTECTED]>
Date: Wed, 26 Dec 2007 20:01:07 -0800
Subject: [PATCH] Ignore PAM session messages from sudo.
The new pam_unix module logs session calls via syslog, resulting in new
log messagse for each sudo job that calls the pam_unix session handler.
---
rulefiles/linux/violations.ignore.d/logcheck-sudo | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo
b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index 79dcad1..771def3 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,2 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ;
COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
\(command continued\).*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_unix\(sudo:session\): session
opened for user [_[:alnum:].-]+ by [_[:alnum:].-]+\(uid=[[:digit:]]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_unix\(sudo:session\): session
closed for user [_[:alnum:].-]+$
--
1.5.3.8
--- End Message ---
--- Begin Message ---
* Russ Allbery <[EMAIL PROTECTED]> [2008-02-09 18:46:29 CET]:
> The new pam_unix module logs session calls via syslog, resulting in new
> log messagse for each sudo job that calls the pam_unix session handler.
* Frédéric Brière <[EMAIL PROTECTED]> [2008-03-16 06:20:33 CET]:
> # Commit 373ade876a9d50dbdc7c74b4cf4bb5ca036c0bdf
> tag 464895 pending
That commit was part of the 1.2.64 release - thus I'm closing the bug
with that version.
So long,
Rhonda
--- End Message ---
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
