[Logcheck-commits] martin f. krafft: violations.d/su: match both, user-root and user: root styles (closes: #491694).
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 18:44:04 UTC 2008
Module: logcheck
Branch: viol-merge
Commit: 47f141c4b165eb918573e758c8e49bd77899303a
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=47f141c4b165eb918573e758c8e49bd77899303a
Author: martin f. krafft <madduck at debian.org>
Date: Sun Aug 31 19:38:26 2008 +0100
violations.d/su: match both, user-root and user:root styles (closes: #491694).
---
debian/changelog | 3 +++
rulefiles/linux/violations.d/su | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 44d9d83..cf4b537 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -62,6 +62,9 @@ logcheck (1.3) unstable; urgency=low
- expect shortcircuit status in scan messages; thanks to Marc Sherman
(closes: #474239).
+ * violations.d/su:
+ - match both, user-root and user:root styles (closes: #491694).
+
* Rulefiles are now installed with mode 644; the directories are still moe
700, so the files are not publicly readable (unless the admin hardlinks
them elsewhere).
diff --git a/rulefiles/linux/violations.d/su b/rulefiles/linux/violations.d/su
index 2ec19a9..a8d5889 100644
--- a/rulefiles/linux/violations.d/su
+++ b/rulefiles/linux/violations.d/su
@@ -1,4 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ pts/[0-9]+ [[:alnum:]]+-root$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root-[[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ pts/[0-9]+ [[:alnum:]]+[-:]root$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root[-:][[:alnum:]]+$
More information about the Logcheck-commits
mailing list