[Logcheck-commits] [logcheck] 01/01: v.i.d/logcheck-sudo: match 'GROUP=' field
Hannes von Haugwitz
hvhaugwitz at moszumanska.debian.org
Sun Jan 22 18:54:29 UTC 2017
This is an automated email from the git hooks/post-receive script.
hvhaugwitz pushed a commit to branch master
in repository logcheck.
commit e5f9a9d536dd14c179dc6beaebaab5a942c5b72c
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Sun Jan 22 19:52:27 2017 +0100
v.i.d/logcheck-sudo: match 'GROUP=' field
closes: #815114
---
debian/changelog | 2 ++
rulefiles/linux/violations.ignore.d/logcheck-sudo | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index c0c049b..ef0456e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -29,6 +29,8 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
- match 'freq=', 'address=' and 'uuid=' wpa_action messages
- match CTRL-EVENT-SUBNET-STATUS-UPDATE message
- match predictable network interface names
+ * violations.ignore.d/logcheck-sudo:
+ - match 'GROUP=' field (closes: #815114)
* debian/control:
- add alternate dependency on cron-daemon, thanks to Felix Zielcke for the
patch (closes: #786815)
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index 92c3dd4..d06e242 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,5 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+( ; GROUP=[._[:alnum:]-]+)? ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git
More information about the Logcheck-commits
mailing list