Public bug reported:
Binary package hint: logcheck
Since hardy (apparently), these are the entries in
/etc/logcheck/violations.d.server/sudo
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo\[[0-9]+\]:
pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: .*$
This means that we get an email from logcheck any time someone used
sudo. This may be suitable on debian I guess, but it's not suitable on
an ubuntu server where sudo is the primary mode of administration.
I have no problem with failed authentication logs, but an entry for
every single use of sudo is pretty inconvenient on an Ubuntu server as
that is normal behaviour.
** Affects: logcheck (Ubuntu)
Importance: Undecided
Status: New
--
every sudo log is a violation
https://bugs.launchpad.net/bugs/243693
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
