On Sun, Mar 16, 2008 at 09:36:51PM -0400, Frédéric Brière wrote: > > Logcheck (and bastille) should be aware about which uid are reserved for > > system accounts and act properly. > > It's not logcheck's place to know about system accounts. Whether or not > Bastille should log this is another matter, about which I cannot > comment.
It is logcheck's task to not warn users about useless messages. System account expiration is useless. Bastille does not log this, this bug shows up because Bastille doesn't know the uid range used for system accounts in Debian and makes them expire as if they were user accounts. > I would agree, though, that if Bastille already reports this information > in some way (say, via email), then it's redundant to report it again. > However, even after looking at the source, I can't figure out what > Bastille logs, and whether it displays it elsewhere. I'm sorry, you don't understand Bastille's task. Bastille does not log or report any security information. It helps the admin secure down a host by making configuration changes. There a two bugs here: - Bastille should not make system accounts expire, since that is useless and spams the logs. - logcheck shouldn't sent the admin the logs related to expiration of system accounts since this expiration will never happen. > CC'ing Bastille's maintainer, in case he can shed some light. Hope I did. Regards Javier
signature.asc
Description: Digital signature
