This one time, at band camp, maximilian attems said: > hello stephen, > > On Tue, 28 Jun 2005, Stephen Gran wrote: > > > I would like to be able to selectively ignore sudo on some systems > > and not on others without being forced to just rm a conffile. The file > > /etc/logcheck/violations.ignore.d/logcheck-sudo (ISTM) is better placed > > in /etc/logcheck/ignore.d.server. THat way, a paranoid installation > > would still see them, but a normal one wouldn't have to. > > no it can't be placed there below, as security events don't have the > three level filtering.
Is that not changeable? I honestly don't know, not having looked at the code for logcheck. I would have thought that sudo was an expected thing on a multi admin machine, and not on (say) a single user desktop. So that is why I was thinking it made sense in a different report level. > easier than removing would be for your side to change it's regex so > that it doesn't match any more sudo log lines. > because otherwise you'll have to redo that on each upgrade. > and so you'll get asked if you want to revert your change. dpkg should respect the absence of a conffile as well, I would hope. It is supposed to. > this rule was added through popular request (see changelog for bug nr). > if you give some of your users sudo access take care what you give them. I see several bugs relating to regex problems in the sudo ignore, but not about the placement of the sudo ignore. > i'll wait for a response from your side, but i see not much chance > to changing that. If the report level for sudo is wrong (which it doesn't seem to be - it seems to be forced thre by the use of violations.d/sudo), then I guess it is unfixable with my idea. If it could be reported as a system event rather than a security event, I would love to see it moved. Thanks, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
