LogCheck Issues

To: debian-security@lists.debian.org
Subject: LogCheck Issues
From: Rob VanFleet <rvf@linux.wku.edu>
Date: Fri, 14 Sep 2001 19:50:04 -0500
Message-id: <[🔎] 20010914194944.A29292@linux.wku.edu>
Mail-followup-to: Rob VanFleet <rvf@linux.wku.edu>, debian-security@lists.debian.org

I seem to be having a small problem with something in the
logcheck.ignore file.  The default setup for the logcheck package under
debian already contains this entry in logcheck.ignore to avoid reporting
this common cron job:

/USR/SBIN/CRON\[.*\]: (mail) CMD (  if \[ -x /usr/sbin/exim \]; then
/usr/sbin/exim -q >/dev/null 2>&1; fi)

which works fine, but there is another very similar (but different) cron
job that also runs which isn't caught by the above regex and is reported
by logcheck as an "Unusual System Event".  Here is one example:

/USR/SBIN/CRON[4922]: (mail) CMD (  if [ -x /usr/sbin/exim -a -f
/etc/exim.conf ]; then /usr/sbin/exim -q >/dev/null 2>&1; fi)

So I added the following regex to catch it:

/USR/SBIN/CRON\[.*\]: (mail) CMD (  if \[ -x /usr/sbin/exim -a -f
/etc/exim.conf \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi)

(after simply trying to add a '.*' between '/usr/sbin/exim' and ']'
unsuccessfully)

but to no avail.  I still recieve warnings about it, even though I
believe I am properly covering it.  Does anyone have an idea what I
might be doing wrong?

Thanks,
Rob

Reply to:

Follow-Ups:
- Re: LogCheck Issues
  - From: Oohara Yuuma <oohara@libra.interq.or.jp>

Prev by Date: Re: SSH install in Woody
Next by Date: GPG fingerprints
Previous by thread: enscript -e option a security risk?
Next by thread: Re: LogCheck Issues
Index(es):
- Date
- Thread