Package: logcheck-database
Version: 1.4.3
Severity: normal
Hi,
I'm getting logcheck entries like:
Jul 23 06:02:01 myhost CRON[566969]: pam_unix(cron:session): session opened for
user logcheck(uid=124) by logcheck(uid=0)
The relevant mis-matching line is in paranoid.d/cron:
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ CRON\[[0-9]+\]:
pam_[[:alnum:]]+\(cron:session\): session (opened|closed) for user
[[:alnum:]-]+(\(uid=[[:digit:]]+\))?( by \(uid=[0-9]+\))?$
Notice the "by" now has a username
The fix is pretty easy, add an optional second username. Below is my
line to remove that message:
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ CRON\[[0-9]+\]:
pam_[[:alnum:]]+\(cron:session\): session (opened|closed) for user
[[:alnum:]-]+(\(uid=[[:digit:]]+\))?( by ([[:alnum:]-]+)?\(uid=[0-9]+\))?$
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.9.8-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
