[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck bug in pattern matching for su

On Mon, 21 Jul 2008 13:40:41 +0200
martin f krafft <madduck@debian.org> wrote:

> also sprach Pavlos Parissis <p_pavlos@freemail.gr> [2008.07.21.1147 +0200]:
> > the issue resides in 3rd and 4th line, the - character should be
> > : for matching user:root and root:user strings.
> 
> So maybe su changed the format *again*. You should file a wishlist
> bug asking for [-:] to be used instead of plain -, ideally providing
> a patch against the git HEAD, along with sample log output.
> Instructions and additional information are here:
> 
>   http://wiki.logcheck.org/index.cgi/RuleSubmission
>   http://logcheck.org/git.html

Thanks Martin for the confirmation on the bug.

I'll file the bug report against logcheck-database packages and not to logcheck
because /etc/logcheck/violations.d/su is provided by logcheck-database.
# dpkg -S /etc/logcheck/violations.d/su
logcheck-database: /etc/logcheck/violations.d/su

Unfortunately, I can't use git at the moment thus I will include the comments
which I wrote in this thread.

Cheers,
Pavlos
Reply to: