Your message dated Fri, 03 Sep 2010 08:48:27 +0000
with message-id <[email protected]>
and subject line Bug#593482: fixed in logcheck 1.3.13
has caused the Debian Bug report #593482,
regarding Please update violations.ignore.d/logcheck-sudo to ignore regular
messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
593482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593482
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: logcheck
Version: 1.3.11
Severity: normal
Tags: patch
logcheck does not filter some sudo log messages that I consider false
positives.
One message is caused by executing "sudo -l":
Aug 18 16:14:24 rio sudo: mic : TTY=pts/1 ; PWD=/home/mic ; USER=root ;
COMMAND=list
The other message is caused by system shutdown through slim:
Aug 17 14:24:26 rio sudo: root : TTY=console ; PWD=/ ; USER=root ;
COMMAND=/sbin/shutdown -h now SliM F11 initiated system shutdown
This change works for me:
--- logcheck/violations.ignore.d/logcheck-sudo (revision 286)
+++ logcheck/violations.ignore.d/logcheck-sudo (working copy)
@@ -1,5 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user
[[:alnum:]-]+ authenticated as [[:alnum:]...@[.a-z]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ;
COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ;
USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
\(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session closed for user [[:alnum:]-]+$
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.112 add and remove users and groups
ii cron 3.0pl1-113 process scheduling daemon
ii exim4-daemon-light [mail-tran 4.72-1 lightweight Exim MTA (v4) daemon
ii lockfile-progs 0.1.15 Programs for locking and unlocking
ii logtail 1.3.11 Print log file lines that have not
ii mime-construct 1.11 construct/send MIME messages from
ii rsyslog [system-log-daemon] 4.6.4-1 enhanced multi-threaded syslogd
Versions of packages logcheck recommends:
ii logcheck-database 1.3.11 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summary <none> (no description available)
-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.13
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.13_all.deb
to main/l/logcheck/logcheck-database_1.3.13_all.deb
logcheck_1.3.13.dsc
to main/l/logcheck/logcheck_1.3.13.dsc
logcheck_1.3.13.tar.gz
to main/l/logcheck/logcheck_1.3.13.tar.gz
logcheck_1.3.13_all.deb
to main/l/logcheck/logcheck_1.3.13_all.deb
logtail_1.3.13_all.deb
to main/l/logcheck/logtail_1.3.13_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <[email protected]> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 03 Sep 2010 09:59:52 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.13
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <[email protected]>
Changed-By: Hannes von Haugwitz <[email protected]>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail - Print log file lines that have not been read (deprecated)
Closes: 593482 594605
Changes:
logcheck (1.3.13) unstable; urgency=low
.
* ignore.d.server/pure-ftpd:
- fixed user name pattern in logout message, thanks to Simon Breuss
(LP: #619119)
* violations.ignore.d/logcheck-sudo:
- match COMMAND=list and TTY=console, thanks to Michel Messerschmidt for
the patch (closes: #593482)
* ignore.d.server/amavisd-new:
- applied changes by Christian Dröge (closes: #594605):
- IPv6 support for IP addresses
- allow PASSED SPAM in log
- optional minus sign after "Hits:"
- optional quarantine in log line
- optional Message-ID
Checksums-Sha1:
15cb07891caa982e9bd43d39839ddf1cb9c99442 1296 logcheck_1.3.13.dsc
9cde00b5ecf296c65ccc3cd260989daf256d960b 162167 logcheck_1.3.13.tar.gz
e9c59fe6f0431374cd2ef7bebe3da566c7e1f10d 77292 logcheck_1.3.13_all.deb
717bbb3cf0ce42ec3ee6425dee3ede6c86fd820e 119274
logcheck-database_1.3.13_all.deb
e1ea36de77bd78eb29dba913a97c2ba2072acc62 59490 logtail_1.3.13_all.deb
Checksums-Sha256:
6276cb5f2943729f4c2275e4f6d4070fad9741431861f6a666ea1ff98528396c 1296
logcheck_1.3.13.dsc
199e062eb98292eb5345b916689ec734d97b6c6c42d472a5cd4fb99dd5197f6b 162167
logcheck_1.3.13.tar.gz
bb4450eedc28542c4eb3e398e483b241363f6908d04fbde7884de5e753babd78 77292
logcheck_1.3.13_all.deb
54e05551ccae85f7ae0c5aa88cdd2e78a7214511f7ed201cb3f338a1cb05c2ed 119274
logcheck-database_1.3.13_all.deb
d5fbcce017346c2439e9b7c091468b37ab413db95015ad9df6a071d086d6fb56 59490
logtail_1.3.13_all.deb
Files:
eae2aa54206c7e00ccbcdd6791313704 1296 admin optional logcheck_1.3.13.dsc
e2ff14f522bf2e30d5947c85fed44973 162167 admin optional logcheck_1.3.13.tar.gz
40dfb3bfc9a0783d1f39be660c485ea4 77292 admin optional logcheck_1.3.13_all.deb
ebed4d4d5c444a4323a670d8f523b5c9 119274 admin optional
logcheck-database_1.3.13_all.deb
0b70c4974f161f43f583a0a522635526 59490 admin optional logtail_1.3.13_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyAsT4ACgkQiz0NKp2eEfWexQCgjOGy8tdUMswbjFdPhgGu+tQG
iZQAoKDP5bgSZhgX9w0VKtLWb+x5YK4g
=2Lsj
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
