Re: setuid changes

To: debian-security@lists.debian.org
Subject: Re: setuid changes
From: Chris Boyle <chrisb@wincoll.ac.uk>
Date: Sat, 22 Sep 2001 14:23:09 +0100
Message-id: <[🔎] eirkm.A.GV.jDJr7@murphy>
In-reply-to: <[🔎] Pine.LNX.4.40.0109221423260.3198-100000@sunba>
References: <[🔎] Pine.LNX.4.40.0109221423260.3198-100000@sunba>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 22 Sep 2001 1:43 pm, Oyvind A. Holm wrote:
[snip]
> some kind of perl script which skips all the non-important info and
> leave all other in place. A script root can run which pulls out info
> from /var/log/* and other logs around the system.

There's a shell script called logcheck which does this, you can edit lists of 
regexps to ignore in /etc/logcheck (and a list of which logs to check), and 
then anything that's left is mailed.

I've used it for ages, the only problem I've ever had is that there's no 
ignore file against things otherwise marked (by another list of regexps) as 
"active system attacks", though it wasn't difficult to add that feature. Hmm, 
I'll file a wishlist bug on that when I get around to it.

- -- 
Chris Boyle - Winchester College - http://archives.wincoll.ac.uk/
ICQ: 24151961 - PGP: http://archives.wincoll.ac.uk/finger.php?q=chrisb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7rJDBRi6ArLfYbg8RAtwVAJ9M7+iBY0TUaNxM+HcyWHuTc0I2jwCaAt+r
m19/ZX7BDm49RunMl0Ko9nk=
=DRuq
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: setuid changes
  - From: "Oyvind A. Holm" <sunny@ba.no>

Prev by Date: Re: setuid changes
Next by Date: Re: password expire and sshd doesn't allow ppl to change it
Previous by thread: Re: setuid changes
Next by thread: Re: setuid changes
Index(es):
- Date
- Thread