[Logcheck-devel] Bug#441180: logcheck-database: pam change needs change in logcheck-database
Stephen Gran
sgran at debian.org
Fri Sep 7 10:41:08 UTC 2007
Package: logcheck-database
Version: 1.2.60
Severity: normal
Tags: patch
diff -u /etc/logcheck/violations.ignore.d/logcheck-su logcheck-su
--- logcheck-su 2007-09-07 11:36:15.000000000 +0100
+++ logcheck-su 2007-09-07 11:36:04.000000000 +0100
@@ -1,7 +1,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by [[:alnum:]-]+\(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by [[:alnum:]-]+\(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[_[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for [[:alnum:]-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_authenticate: Authentication failure$
diff -u /etc/logcheck/ignore.d.paranoid/cron cron
--- cron 2007-09-07 11:36:49.000000000 +0100
+++ cron 2007-09-07 11:33:33.000000000 +0100
@@ -4,5 +4,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_[[:alnum:]]+\(cron:session\): session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_[[:alnum:]]+\(cron:session\): session closed for user [[:alnum:]-]+$
Thanks,
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-1-686 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran at debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20070907/53c11329/attachment.pgp
More information about the Logcheck-devel
mailing list