Bug#254681: [Logcheck-devel] Bug#254681: logcheck-database: su from cron job

maks attems debian at sternwelten.at
Wed Jun 16 13:04:03 UTC 2004


tag 254681 pending
thanks

On Wed, 16 Jun 2004, Lee Maguire wrote:

> The updatedb process for find runs as part of cron.daily, and runs as
> nobody.  Since it is a cron job there is no associated terminal ("???"),
> it is flagged as a security event by logcheck:
> 
> Jun 16 06:25:01 localhost su[30985]: + ??? root:nobody
> 
> I have added the following to /etc/logcheck/violations.ignore.d/local-su
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:nobody$

nice, just added to cvs, will be in next release!
a+ maks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040616/0f082d10/attachment.pgp 


More information about the Logcheck-devel mailing list