[Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d
CVS User maks-guest
logcheck-devel@lists.alioth.debian.org
Mon, 17 May 2004 11:18:12 -0600
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d
In directory haydn:/tmp/cvs-serv15175/rulefiles/linux/violations.ignore.d
Modified Files:
logcheck-sudo su
Log Message:
added better ignore pattern for succesfull sudo and su commands.
we still show authentication failures and strange sudo bin pathes.
now need to trace that bug in logcheck why we don't use the logcheck-foo
files in violations.ignore.d.
--- /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-sudo 2004/04/22 08:39:29 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-sudo 2004/05/17 17:18:12 1.3
@@ -1 +1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: [ \t]* [[:alnum:]]+ : TTY=(unknown|pts/[0-9]+) ; PWD=[^ ]+ ; USER=[^ ]+ ; COMMAND=[^ ]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: [ \t]* [[:alnum:]]+ : TTY=(unknown|pts/[0-9]+) ; PWD=[^ ]+ ; USER=[^ ]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$
--- /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/su 2004/04/21 23:35:10 1.2
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/su 2004/05/17 17:18:12 1.3
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root[-:][[:alnum:]-]+ ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by [[:alnum:]-]+\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$