On Mon, 06 Oct 2003, Noah L. Meyerhans wrote: > > You don't have much evidence that it's a security issue at this point. > Logcheck's "active system attack" messages rarely indicate such a thing. > Don't do anything drastic like reinstall the system until you've got > better evidence that you've been cracked. In this case, I doubt you > have. > Speaking of which, has anyone found a way to configure the active system attack key words? There is a user on my system whose email has the word "attacK' in it so that triggers logcheck, and I've tried every different exclusion file and regexp there is to make it ignore it, but I can't.... so I get a logcheck email everytime this guy gets or sends an email. Its gotten to the point that logcheck is becoming totally useless (ie. I wont read them because I put little value in the information that they contain). I've tried searching the web, and contacting the package maintainer, but no results. Thanks, micah
Attachment:
pgpJWFTBsh9VQ.pgp
Description: PGP signature