[Logcheck-commits] Hannes von Haugwitz: v.i.d/logcheck-su: ignore successful kerberos auth
Gerfried Fuchs
alfie at alioth.debian.org
Mon Aug 2 20:44:17 UTC 2010
Module: logcheck
Branch: lenny-backports
Commit: c3be68232ab878bf14a6ec707a3557c94413162d
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=c3be68232ab878bf14a6ec707a3557c94413162d
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Thu Jul 8 09:44:33 2010 +0200
v.i.d/logcheck-su: ignore successful kerberos auth
---
debian/changelog | 2 ++
rulefiles/linux/violations.ignore.d/logcheck-su | 1 +
2 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 565ca8f..1f576d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ logcheck (1.3.11) UNRELEASED; urgency=low
by i.d.s/libpam-krb5
* ignore.d.workstation/login:
- removed successful krb auth rule, rule is covered by i.d.s/libpam-krb5
+ * violations.ignore.d/logcheck-su:
+ - ignore successful kerberos authentication
[ martin f. krafft ]
* ignore.d.server/postfix:
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-su b/rulefiles/linux/violations.ignore.d/logcheck-su
index e8fa4d5..7d518e1 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-su
+++ b/rulefiles/linux/violations.ignore.d/logcheck-su
@@ -1,3 +1,4 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_krb5\(su:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (/dev/)?(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
More information about the Logcheck-commits
mailing list