Bug#547182: [Logcheck-devel] Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo

[Hannes von Haugwitz]

tags #547182 +unreproducible +moreinfo
thanks

Hi,

I tried to reproduce this in squeeze and sid with no success. The log 
line contains only sudo not the full path /usr/bin/sudo. So I'm tagging 
this bug as unreproducible.


Please provide more info about howto reproduce this behaviour, if its 
still reproducible by you.


Thanks,

Hannes



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#547182: logcheck-database: violations.d/sudo not catching calls to /usr/bin/sudo

[Raphael Manfredi]

Package: logcheck-database
Version: 1.3.3
Severity: normal

The violations.d/sudo pattern contains:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$

This line is not catching explicit calls to /usr/bin/sudo since the
auth.log file will then contain:

Sep 17 15:50:54 tours /usr/bin/sudo:  ram : TTY=pts/10 ; PWD=/home/ram ; 
USER=root ; COMMAND=/bin/su

which is not matched by the above pattern.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.6
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

-- debconf information:
  logcheck-database/conffile-cleanup: false



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org