[Logcheck-devel] Bug#360120: logcheck-database: logcheck-sudo should treat sudoedit no worse than "sudo vi"

Thu Mar 30 17:48:04 UTC 2006

Package: logcheck-database
Version: 1.2.43a
Severity: normal
Tags: patch


Hi,
logcheck does not report invocations of "sudo $EDITOR /some/file", while it
does report "sudoedit /some/file". That's obviously inconsistent.
The patch below fixes it (by ignoring sudoedit, too).
regards,
    Jan

--- logcheck-sudo       2006-03-30 16:53:48.000000000 +0200
+++ /etc/logcheck/violations.ignore.d/logcheck-sudo     2006-03-30
16:55:35.000000000 +0200
@@ -1,2 +1,2 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=/(usr|etc|bin|sbin)/.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:]-]+ : TTY=(unknown|(pts/|tty|vc/)[0-9]+) ; PWD=.+ ; USER=[^[:space:]]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.15-1-k7
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.72     Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:





