Package: logcheck-database Version: 1.3.22 Severity: normal Tags: patch The current rule in /etc/logcheck/violations.ignore.d/logcheck-sudo does not work:
echo 'Mar 13 21:38:35 erode sudo: pam_unix(sudo:session): session opened for user root(uid=0) by md(uid=1000)' | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$' This is a fixed rule for sudo currently in bullseye: echo 'Mar 13 21:38:35 erode sudo: pam_unix(sudo:session): session opened for user root(uid=0) by md(uid=1000)' | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$' -- ciao, Marco
signature.asc
Description: PGP signature