Also /etc/logcheck/violations.ignore.d/logcheck-su.
Does not work:
echo 'Mar 14 06:25:09 erode su: (to uucp) root on none' | egrep '^\w{3} [
:0-9]{11} [._[:alnum:]-]+ su: \(to [._[:alnum:]-]+\) [._[:alnum:]-]+ on
pts/[0-9]{1,2}$'
Fixed:
echo 'Mar 14 06:25:09 erode su: (to uucp) root on none'
Package: logcheck-database
Version: 1.3.22
Severity: normal
Tags: patch
The current rule in /etc/logcheck/violations.ignore.d/logcheck-sudo does
not work:
echo 'Mar 13 21:38:35 erode sudo: pam_unix(sudo:session): session opened for
user root(uid=0) by md(uid=1000)' | egrep '^\w{3} [ :0-9]{11} [
2 matches
Mail list logo
