[Logcheck-devel] Bug#254681: logcheck-database: su from cron job
Lee Maguire
lee-debian at hexkey.co.uk
Wed Jun 16 10:10:24 UTC 2004
Package: logcheck-database
Version: 1.2.22a
Severity: normal
The updatedb process for find runs as part of cron.daily, and runs as
nobody. Since it is a cron job there is no associated terminal ("???"),
it is flagged as a security event by logcheck:
Jun 16 06:25:01 localhost su[30985]: + ??? root:nobody
I have added the following to /etc/logcheck/violations.ignore.d/local-su
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:nobody$
More information about the Logcheck-devel
mailing list