[Logcheck-devel] Bug#254681: logcheck-database: su from cron job

Lee Maguire lee-debian at hexkey.co.uk
Wed Jun 16 10:10:24 UTC 2004


Package: logcheck-database
Version: 1.2.22a
Severity: normal

The updatedb process for find runs as part of cron.daily, and runs as
nobody.  Since it is a cron job there is no associated terminal ("???"),
it is flagged as a security event by logcheck:

Jun 16 06:25:01 localhost su[30985]: + ??? root:nobody

I have added the following to /etc/logcheck/violations.ignore.d/local-su

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:nobody$






More information about the Logcheck-devel mailing list