On Sun, Sep 15, 2002 at 01:09:50PM +1200, Nick Phillips wrote:
> On Sun, Sep 15, 2002 at 01:59:08AM +0200, Erich Schubert wrote:
>
> > If logcheck could remove it's generic catchall-clauses (where most of
> > these hits are then ignored by additional clauses afterwards)
> > by replacing them with some tighter regular expressions
> > (such as "^[a-z]* security-warning (medium|high|critical)" )
> > this certainly is an improvment.
I'm going to be auditing both the standard violations and cracking
files in logcheck in the near future. As many of the definitions are
historic cruft (i.e. do not need to checking for failed logins for
sybase and oracle user's)
If anyone has opinions about any entries that they think should be
removed from these files (or added for that matter), please file a
bug against logcheck-database with your reasoning. [1]
--
Jon
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor Who"
[1] Or we can discuss it on the debian-logcheck mailing list when it's
created (See Bug#155698).
Attachment:
pgpPuq7DiP7kU.pgp
Description: PGP signature