Your message dated Fri, 03 Sep 2010 08:48:27 +0000 with message-id <e1orrwh-0005gl...@franck.debian.org> and subject line Bug#593482: fixed in logcheck 1.3.13 has caused the Debian Bug report #593482, regarding Please update violations.ignore.d/logcheck-sudo to ignore regular messages to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 593482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593482 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: logcheck Version: 1.3.11 Severity: normal Tags: patch logcheck does not filter some sudo log messages that I consider false positives. One message is caused by executing "sudo -l": Aug 18 16:14:24 rio sudo: mic : TTY=pts/1 ; PWD=/home/mic ; USER=root ; COMMAND=list The other message is caused by system shutdown through slim: Aug 17 14:24:26 rio sudo: root : TTY=console ; PWD=/ ; USER=root ; COMMAND=/sbin/shutdown -h now SliM F11 initiated system shutdown This change works for me: --- logcheck/violations.ignore.d/logcheck-sudo (revision 286) +++ logcheck/violations.ignore.d/logcheck-sudo (working copy) @@ -1,5 +1,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]...@[.a-z]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-vserver-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logcheck depends on: ii adduser 3.112 add and remove users and groups ii cron 3.0pl1-113 process scheduling daemon ii exim4-daemon-light [mail-tran 4.72-1 lightweight Exim MTA (v4) daemon ii lockfile-progs 0.1.15 Programs for locking and unlocking ii logtail 1.3.11 Print log file lines that have not ii mime-construct 1.11 construct/send MIME messages from ii rsyslog [system-log-daemon] 4.6.4-1 enhanced multi-threaded syslogd Versions of packages logcheck recommends: ii logcheck-database 1.3.11 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summary <none> (no description available) -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- no debconf informationsignature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.13 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.13_all.deb to main/l/logcheck/logcheck-database_1.3.13_all.deb logcheck_1.3.13.dsc to main/l/logcheck/logcheck_1.3.13.dsc logcheck_1.3.13.tar.gz to main/l/logcheck/logcheck_1.3.13.tar.gz logcheck_1.3.13_all.deb to main/l/logcheck/logcheck_1.3.13_all.deb logtail_1.3.13_all.deb to main/l/logcheck/logtail_1.3.13_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 593...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 03 Sep 2010 09:59:52 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.13 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read (deprecated) Closes: 593482 594605 Changes: logcheck (1.3.13) unstable; urgency=low . * ignore.d.server/pure-ftpd: - fixed user name pattern in logout message, thanks to Simon Breuss (LP: #619119) * violations.ignore.d/logcheck-sudo: - match COMMAND=list and TTY=console, thanks to Michel Messerschmidt for the patch (closes: #593482) * ignore.d.server/amavisd-new: - applied changes by Christian Dröge (closes: #594605): - IPv6 support for IP addresses - allow PASSED SPAM in log - optional minus sign after "Hits:" - optional quarantine in log line - optional Message-ID Checksums-Sha1: 15cb07891caa982e9bd43d39839ddf1cb9c99442 1296 logcheck_1.3.13.dsc 9cde00b5ecf296c65ccc3cd260989daf256d960b 162167 logcheck_1.3.13.tar.gz e9c59fe6f0431374cd2ef7bebe3da566c7e1f10d 77292 logcheck_1.3.13_all.deb 717bbb3cf0ce42ec3ee6425dee3ede6c86fd820e 119274 logcheck-database_1.3.13_all.deb e1ea36de77bd78eb29dba913a97c2ba2072acc62 59490 logtail_1.3.13_all.deb Checksums-Sha256: 6276cb5f2943729f4c2275e4f6d4070fad9741431861f6a666ea1ff98528396c 1296 logcheck_1.3.13.dsc 199e062eb98292eb5345b916689ec734d97b6c6c42d472a5cd4fb99dd5197f6b 162167 logcheck_1.3.13.tar.gz bb4450eedc28542c4eb3e398e483b241363f6908d04fbde7884de5e753babd78 77292 logcheck_1.3.13_all.deb 54e05551ccae85f7ae0c5aa88cdd2e78a7214511f7ed201cb3f338a1cb05c2ed 119274 logcheck-database_1.3.13_all.deb d5fbcce017346c2439e9b7c091468b37ab413db95015ad9df6a071d086d6fb56 59490 logtail_1.3.13_all.deb Files: eae2aa54206c7e00ccbcdd6791313704 1296 admin optional logcheck_1.3.13.dsc e2ff14f522bf2e30d5947c85fed44973 162167 admin optional logcheck_1.3.13.tar.gz 40dfb3bfc9a0783d1f39be660c485ea4 77292 admin optional logcheck_1.3.13_all.deb ebed4d4d5c444a4323a670d8f523b5c9 119274 admin optional logcheck-database_1.3.13_all.deb 0b70c4974f161f43f583a0a522635526 59490 admin optional logtail_1.3.13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkyAsT4ACgkQiz0NKp2eEfWexQCgjOGy8tdUMswbjFdPhgGu+tQG iZQAoKDP5bgSZhgX9w0VKtLWb+x5YK4g =2Lsj -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel