Bug#511483: logcheck-database: please add rules for rkhunter
package: logcheck-database # think it's reasonable to add rkhunter rules - although the ones in this bug need updates severity 511483 normal tags 511481 - wontfix
Bug#511483: logcheck-database: please add rules for rkhunter
On Tue, 2009-08-18 at 18:37 -0400, Frédéric Brière wrote: I don't think there's much interest by the logcheck maintainers in adding support for non-syslog logfiles. (Especially since they all tend to have their own crappy syntax.) I thought it would already include some filters for non-syslog stuff? This should give a critical warning: Rootkit Hunter: Please inspect this machine, because it may be infected -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#511483: logcheck-database: please add rules for rkhunter
On Sun, Jan 11, 2009 at 03:09:06PM +0100, Christoph Anton Mitterer wrote: Could you please add rules for rkhunter: I don't think there's much interest by the logcheck maintainers in adding support for non-syslog logfiles. (Especially since they all tend to have their own crappy syntax.) This should give a critical warning: Rootkit Hunter: Please inspect this machine, because it may be infected. This may be a silly question, but why don't you use rkhunter's MAIL-ON-WARNING option instead? -- nobse bleh... last night I had a dream... someone NMU'ed vim... nightmare -- in #debian-devel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#511483: logcheck-database: please add rules for rkhunter
Package: logcheck-database Severity: wishlist Hi. Could you please add rules for rkhunter: This email is sent by logcheck. If you no longer wish to receive such mails, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). System Events =-=-=-=-=-=-= 0 Lines skipped (already processed) 0 Patterns to ignore 0 Ignored lines 1 lcg-lrz-admin Rootkit Hunter: Rootkit hunter check started (version 1.3.2) 1 lcg-lrz-admin Rootkit Hunter: Scanning took 2 minutes and 13 seconds 1 lcg-lrz-admin Rootkit Hunter: Please inspect this machine, because it may be infected. So lines like these: Rootkit Hunter: Rootkit hunter check started (version 1.3.2) Rootkit Hunter: Scanning took 2 minutes and 13 seconds could be ignored. This should give a critical warning: Rootkit Hunter: Please inspect this machine, because it may be infected. Perhaps this should also be applied upstream? Thanks, Chris. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash smime.p7s Description: S/MIME cryptographic signature