Package: logcheck-database Version: 1.3.22 Severity: normal Tags: patch The current rule in /etc/logcheck/violations.ignore.d/logcheck-sudo does not work:
echo 'Mar 13 21:38:35 erode sudo: pam_unix(sudo:session): session opened for
user root(uid=0) by md(uid=1000)' | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+
sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [._[:alnum:]-]+
by ([[:alnum:]-]+)?\(uid=[0-9]+\)$'
This is a fixed rule for sudo currently in bullseye:
echo 'Mar 13 21:38:35 erode sudo: pam_unix(sudo:session): session opened for
user root(uid=0) by md(uid=1000)' | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+
sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user
[._[:alnum:]-]+\(uid=[0-9]+\) by ([[:alnum:]-]+)?\(uid=[0-9]+\)$'
--
ciao,
Marco
signature.asc
Description: PGP signature
