diff options
| author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-06-13 14:10:51 +0200 |
|---|---|---|
| committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-06-13 14:10:51 +0200 |
| commit | 08aab8dbd7374248238eb5bc08137d3cadb36329 (patch) | |
| tree | b2af6f5ffcd8e539047e36c34f0d9dcd7b97ab01 | |
| parent | 620823f82ce1a3cb9cd9bd813438338183986828 (diff) | |
missing quantifier
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-auditd | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-auditd b/files/etc/logcheck/ignore.d.server/local-auditd index 3160455..04e218b 100644 --- a/files/etc/logcheck/ignore.d.server/local-auditd +++ b/files/etc/logcheck/ignore.d.server/local-auditd @@ -50,4 +50,4 @@ ^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?USER_END pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj=unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[[:alnum:]/]+" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:alnum:]:.]+) terminal=[^[:space:]]+ res=success' ^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?USER_LOGIN pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj=unconfined msg='op=login id=[[:digit:]]+ exe="[[:alnum:]/]+" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:alnum:]:.]+) terminal=[^[:space:]]+ res=success' ^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit\[[[:digit:]]+\]: )?USER_START pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj=unconfined msg='op=PAM:session_open grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[[:alnum:]/]+" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:alnum:]:.]+) terminal=[^[:space:]]+ res=success' -^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit: )?PROCTITLE proctitle=[[:xdigit:]]$ +^((\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ audit: )?PROCTITLE proctitle=[[:xdigit:]]+$ |