[Logcheck-commits] martin f. krafft: violations.d/su: match both, user-root and user: root styles (closes: #491694).

[Martin F. Krafft]

Module: logcheck
Branch: master
Commit: 47f141c4b165eb918573e758c8e49bd77899303a
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=47f141c4b165eb918573e758c8e49bd77899303a

Author: martin f. krafft <madduck at debian.org>
Date:   Sun Aug 31 19:38:26 2008 +0100

violations.d/su: match both, user-root and user:root styles (closes: #491694).

---

 debian/changelog                |    3 +++
 rulefiles/linux/violations.d/su |    4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 44d9d83..cf4b537 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -62,6 +62,9 @@ logcheck (1.3) unstable; urgency=low
     - expect shortcircuit status in scan messages; thanks to Marc Sherman
       (closes: #474239).
 
+  * violations.d/su:
+    - match both, user-root and user:root styles (closes: #491694).
+
   * Rulefiles are now installed with mode 644; the directories are still moe
     700, so the files are not publicly readable (unless the admin hardlinks
     them elsewhere).
diff --git a/rulefiles/linux/violations.d/su b/rulefiles/linux/violations.d/su
index 2ec19a9..a8d5889 100644
--- a/rulefiles/linux/violations.d/su
+++ b/rulefiles/linux/violations.d/su
@@ -1,4 +1,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ pts/[0-9]+ [[:alnum:]]+-root$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root-[[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ pts/[0-9]+ [[:alnum:]]+[-:]root$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root[-:][[:alnum:]]+$