From e4c63b0148b40a7cecaedfdc39606caa2dd82706 Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Mon, 8 Jul 2013 01:38:49 +0200 Subject: [PATCH] rm -rf logcheck YES \o/ --- Base/needed.xml | 5 - Bundler/logcheck.xml | 10 -- .../ignore.d.server/local-crans/info.xml | 3 - .../ignore.d.server/local-crans/local-crans | 169 ------------------ .../ignore.d.server/local-ignore/info.xml | 3 - .../ignore.d.server/local-ignore/local-ignore | 151 ---------------- Cfg/etc/logcheck/logcheck.conf/info.xml | 3 - Cfg/etc/logcheck/logcheck.conf/logcheck.conf | 95 ---------- Metadata/groups.xml | 1 - Rules/rules.xml | 5 - 10 files changed, 445 deletions(-) delete mode 100644 Bundler/logcheck.xml delete mode 100644 Cfg/etc/logcheck/ignore.d.server/local-crans/info.xml delete mode 100644 Cfg/etc/logcheck/ignore.d.server/local-crans/local-crans delete mode 100644 Cfg/etc/logcheck/ignore.d.server/local-ignore/info.xml delete mode 100644 Cfg/etc/logcheck/ignore.d.server/local-ignore/local-ignore delete mode 100644 Cfg/etc/logcheck/logcheck.conf/info.xml delete mode 100644 Cfg/etc/logcheck/logcheck.conf/logcheck.conf diff --git a/Base/needed.xml b/Base/needed.xml index 5edc374..2a4b4c6 100644 --- a/Base/needed.xml +++ b/Base/needed.xml @@ -7,11 +7,6 @@ - - - - - diff --git a/Bundler/logcheck.xml b/Bundler/logcheck.xml deleted file mode 100644 index 3cd8405..0000000 --- a/Bundler/logcheck.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - diff --git a/Cfg/etc/logcheck/ignore.d.server/local-crans/info.xml b/Cfg/etc/logcheck/ignore.d.server/local-crans/info.xml deleted file mode 100644 index 37272a1..0000000 --- a/Cfg/etc/logcheck/ignore.d.server/local-crans/info.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/Cfg/etc/logcheck/ignore.d.server/local-crans/local-crans b/Cfg/etc/logcheck/ignore.d.server/local-crans/local-crans deleted file mode 100644 index 1f82206..0000000 --- a/Cfg/etc/logcheck/ignore.d.server/local-crans/local-crans +++ /dev/null @@ -1,169 +0,0 @@ -amavis\[.*\]: \(.*\) INFO: -amavis\[.*\]: .*>, mail_id: .*, Hits: -, queued_as: .*, .* ms$ -amavis\[.*\]: \(.*\) Passed BAD-HEADER, -amavis\[.*\]: \(.*\) Passed CLEAN, -arpwatch: -bcfg2-server\[.*\]: -comptes_inactifs: -dovecot: auth(default): Master requested auth for nonexisting client -dovecot: IMAP(.*): ((Connection closed)|(Disconnected in)) -dovecot: POP3(.*): ((Connection closed)|(Disconnected in)) -dovecot: ((imap)|(pop3))-login: Aborted login -dovecot: ((imap)|(pop3))-login: Can't connect to auth server at default: Resource temporary unavailable -dovecot: ((imap)|(pop3))-login: Disconnected: Inactivity: -dovecot: ((imap)|(pop3))-login: Timeout waiting for handshake from auth server. -firewall: -A ADMIN_VLAN -j REJECT -firewall: -A BLACKLIST_((DST -d)|(SRC -s)) 138.231.1.* -j REJECT --reject-with icmp-host-prohibited -firewall: -A FILTRE_P2P -i crans -o crans -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --apple -j LOG --log-prefix "IPP2P=AppleJuice " -firewall: -A FILTRE_P2P -m ipp2p --apple -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --ares -j LOG --log-prefix "IPP2P=Ares " -firewall: -A FILTRE_P2P -m ipp2p --ares -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --bit -j LOG --log-prefix "IPP2P=Bittorrent " -firewall: -A FILTRE_P2P -m ipp2p --bit -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --dc -j LOG --log-prefix "IPP2P=DirectConnect " -firewall: -A FILTRE_P2P -m ipp2p --dc -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --edk -j LOG --log-prefix "IPP2P=eDonkey " -firewall: -A FILTRE_P2P -m ipp2p --edk -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --gnu -j LOG --log-prefix "IPP2P=GNUtella " -firewall: -A FILTRE_P2P -m ipp2p --gnu -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --kazaa -j LOG --log-prefix "IPP2P=KaZaa " -firewall: -A FILTRE_P2P -m ipp2p --kazaa -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --soul -j LOG --log-prefix "IPP2P=SoulSeek " -firewall: -A FILTRE_P2P -m ipp2p --soul -j RETURN -firewall: -A FILTRE_P2P -m ipp2p --winmx -j RETURN -firewall: -A FORWARD -i crans -d 10.231.136.0/24 -j ADMIN_VLAN -firewall: -A FORWARD -i ens -d 10.231.136.0/24 -j REJECT -firewall: -A FORWARD -i ens -j BLACKLIST_DST -firewall: -A FORWARD -i lo -j ACCEPT -firewall: -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -firewall: -A FORWARD -o ens -j BLACKLIST_SRC -firewall: -A FORWARD -p icmp -j ACCEPT -firewall: -A FORWARD -s ! 138.231.136.0/28 -d ! 138.231.136.0/28 -j FILTRE_P2P -firewall: class add dev ((crans)|(ens)) parent 1:1 classid 1:.* htb rate .* ceil .* -firewall: class add dev ((crans)|(ens)) parent 1:.* classid 1:.* htb rate .* ceil -firewall: -F|X$ -firewall: -I FORWARD -m mark --mark 0x2 -j ACCEPT -firewall: -A OUTPUT -m owner --uid-owner .* -firewall: -N ((ADMIN_VLAN)|(BLACKLIST_((SRC)|(DST)))) -firewall: -N FILTRE_P2P -firewall: qdisc add dev ((crans)|(ens)) parent 1:.* handle .*: sfq perturb 10 -firewall: qdisc add dev ((crans)|(ens)) root handle 1: htb r2q 1 -firewall: qdisc del dev ((crans)|(ens)) root -firewall: -t mangle -A POSTROUTING -m mark ! --mark 0x1 -j ACCEPT -firewall: -t mangle -A POSTROUTING -o ((crans -d)|(ens -s)) 138.231.1.*.0/24 -j SUBNET-138.231.1.*.0/24 -firewall: -t mangle -A POSTROUTING -o ((crans -d)|(ens -s)) 138.231.1((36)|(48)).0/21 -j CLASSIFY --set-class 1:9998 -firewall: -t mangle -A PREROUTING -m mark --mark 0x2 -j ACCEPT -firewall: -t mangle -A PREROUTING -p tcp --destination-port 80 -s 138.231.136.0/21 -d ! 138.231.148.0/21 -j MARK --set-mark 0x2 -firewall: -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark -firewall: -t mangle -A PREROUTING -p tcp -m ipp2p --bit -j MARK --set-mark 0x1 -firewall: -t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT -firewall: -t mangle -A PREROUTING -p tcp -m mark --mark 0x1 -j CONNMARK --save-mark -firewall: -t mangle -A PREROUTING -s 138.231.136.0/28 -j RETURN -firewall: -t mangle -A PREROUTING -s 138.231.136.0/28 -j RETURN -firewall: -t mangle -A SUBNET-138.231.1...0/24 -o crans -d 138.231.1.* -j CLASSIFY --set-class 1:.* -firewall: -t mangle -A SUBNET-138.231.1...0/24 -o ens ( )*-s 138.231.1.* -j CLASSIFY --set-class 1:.* -firewall: -t mangle -A SUBNET-138.231.1...0/24 -o ens ( )*-s 138.231.1.* -m mark --mark 0x1 -j CLASSIFY --set-class 1:.* -firewall: -t (mangle)|(nat) -F|X -firewall: -t mangle -N SUBNET-138.231.1...0/24 -firewall: -t nat -A LOG_FLOOD -j DROP -firewall: -t nat -A LOG_FLOOD -m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix Flood: -firewall: -t nat -A LOG_VIRUS -j DROP -firewall: -t nat -A LOG_VIRUS -m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix Virus: -firewall: -t nat -A PREROUTING -d 138.231.136.0/28 -j ACCEPT -firewall: -t nat -A PREROUTING -d 224.0.0.0/4 -j DROP -firewall: -t nat -A PREROUTING -i ens -j ACCEPT -firewall: -t nat -A PREROUTING -i ens -j RESEAUX_NON_ROUTABLES_SRC -firewall: -t nat -A PREROUTING -i ens -p udp --destination 138.231.136.1 --destination-port 53 -j DNAT --to-destination 138.231.136.3 -firewall: -t nat -A PREROUTING -i lo -j ACCEPT -firewall: -t nat -A PREROUTING -i tun-ovh -j ACCEPT -firewall: -t nat -A PREROUTING -j RESEAUX_NON_ROUTABLES_DST -firewall: -t nat -A PREROUTING -j TEST_MAC-IP -firewall: -t nat -A PREROUTING -p tcp -m mark --mark 0x2 -j DNAT --to-destination 10.231.136.9:3128 -firewall: -t nat -A PREROUTING -s 138.231.136.0/28 -j ACCEPT -firewall: -t nat -A PREROUTING -s ! 138.231.136.0/28 -j TEST_VIRUS_FLOOD -firewall: -t nat -A TEST_MAC-IP -j DROP -firewall: -t nat -A TEST_VIRUS_FLOOD -[ds] .* -j LOG_VIRUS -firewall: -t nat -A TEST_VIRUS_FLOOD -j LOG_FLOOD -firewall: -t nat -A TEST_VIRUS_FLOOD -m hashlimit --hashlimit 20 --hashlimit-mode srcip --hashlimit-name flood -j RETURN -firewall: -t nat -A TEST_VIRUS_FLOOD -p tcp --dport 135 -j LOG_VIRUS -firewall: -t nat -A TEST_VIRUS_FLOOD -p tcp --dport 445 -j LOG_VIRUS -firewall: -t nat -D TEST_MAC-IP -s 138.231.1.* -m mac --mac-source .* -j RETURN -firewall: -t nat -I TEST_MAC-IP -s .* -m mac --mac-source .* -j RETURN -firewall: -t nat -L TEST_MAC-IP -n -firewall: -t nat -N ((TEST_MAC-IP)|(RESEAUX_NON_ROUTABLES_((SRC)|(DST)))) -firewall: -t nat -N ((TEST_VIRUS_FLOOD)|(LOG_((VIRUS)|(FLOOD)))) -firewall: -t nat -P OUTPUT ACCEPT -firewall: -t nat -P PREROUTING ACCEPT -firewall: -t nat -P PREROUTING ACCEPT -firewall: -t nat -P PREROUTING ACCEPT -generate\[.*\]: autodisc_upload\(.*\) -generate\[.*\]: .*blacklist.*\(.*\) -generate\[.*\]: bloq\(.*\) -generate\[.*\]: classify\(.*\) -generate\[.*\]: conf_wifi_ng\(.*\) -generate\[.*\]: .*-dhcp\(.*\) -generate\[.*\]: dns\(.*\) -generate\[.*\]: firewall\(.*\) -generate\[.*\]: .*macip\(.*\) -generate\[.*\]: .*p2p\(.*\) -generate\[.*\]: surveillance_machines\(.*\) -generate\[.*\]: .*virus\(.*\) -HORDE\[.*\]: \[.*\] DB Error: connect failed: \[nativecode=.*nable to .*connect -HORDE\[.*\]: \[imp\] FAILED LOGIN -innd: o:incoming.conf:flush cache -innd: SERVER reload incoming.conf flush cache -in.ident2\[.*\]:.* -nacctd: config: added headerinfo \(.*:.*:.*\) -nacctd: config: added iflist -nacctd: config: added ignore network \(netmask 255.0.0.0\) -nacctd: config: added ignore network \(netnumber 127.0.0.0\) -nacctd: config: disabled field -nacctd: config: set debugfile to -nacctd: config: set debugging level to -nacctd: config: set dumpfile to -nacctd: config: set fdelay to -nacctd: config: set filename to -nacctd: config: set flushing to -nacctd: config: set ignoremask to 255.255.255.0 -nacctd: net accounting daemon forked -nacctd: net accounting daemon started -nacctd: net accounting daemon terminating \(.*\) -nacctd: no old dumpfile \(.*\) exists -nnrpd\[.*\]: .* can't read: -nnrpd\[.*\]: .* no_success_auth -nnrpd\[.*\]: .* timeout short -nnrpd\[.*\]: .* times user .* system .* idle .* elapsed -ntpd\[.*\]: -postfix/bounce\[.*\]: .*: sender delay notification: -slapd\[.*\]: -spamd\[.*\]: auto-whitelist: open of auto-whitelist file failed: -spamd\[.*\]: bayes: cannot open bayes databases -spamd\[.*\]: config: failed to parse line, skipping, in -spamd\[.*\]: config: failed to parse, now a plugin, skipping, in -spamd\[.*\]: config: not parsing, 'allow_user_rules' is 0: -spamd\[.*\]: spamd: handle_user unable to find user: -sqlgrey: dbaccess: .* the database system is starting up -sqlgrey: grey: -sqlgrey: perf: -sqlgrey: spam: -sqlgrey: whitelist: -squid\[.*\]: Accepting proxy HTTP connections at -squid\[.*\]: Accepting SNMP messages on port -squid\[.*\]: aclParseAclLine: WARNING: empty ACL: -squid\[.*\]: Configuring Parent -squid\[.*\]: ctx: enter level 0: -squid\[.*\]: Extension method '.*' added, enum= -squid\[.*\]: Failed to parse request headers: -squid\[.*\]: FD .* Closing SNMP socket -squid\[.*\]: httpProcessReplyHeader: -squid\[.*\]: httpProcessReplyHeader: Too large reply header -squid\[.*\]: httpReadReply: Excess data from -squid\[.*\]: httpReadReply: Excess data from -squid\[.*\]: httpReadReply: Request not yet fully sent -squid\[.*\]: \^I/var/spool/squid -squid\[.*\]: parseHttpRequest: Can't get request method -squid\[.*\]: parseHttpRequest: Missing URL -squid\[.*\]: Reconfiguring Squid Cache -squid\[.*\]: WARNING: http.c:.*: HTTP header too large -squid\[.*\]: WARNING: suspicious CR characters in HTTP header diff --git a/Cfg/etc/logcheck/ignore.d.server/local-ignore/info.xml b/Cfg/etc/logcheck/ignore.d.server/local-ignore/info.xml deleted file mode 100644 index 37272a1..0000000 --- a/Cfg/etc/logcheck/ignore.d.server/local-ignore/info.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/Cfg/etc/logcheck/ignore.d.server/local-ignore/local-ignore b/Cfg/etc/logcheck/ignore.d.server/local-ignore/local-ignore deleted file mode 100644 index 683b13b..0000000 --- a/Cfg/etc/logcheck/ignore.d.server/local-ignore/local-ignore +++ /dev/null @@ -1,151 +0,0 @@ -apcupsd\[.*\]: apcupsd shutdown succeeded -authsrv.*AUTHENTICATE -automount.*: attempting to mount entry -automount.*: do_mount -automount.*: expanded entry: -automount.*: lookup(file): -automount.*: mount(generic): calling mkdir -automount.*: mount(generic): calling mount -automount.*: parse(sun): -cracklib: updating dictionary .* .* words\. -cron.*CMD -CRON.*CMD -cron.*RELOAD -cron.*STARTUP -exiting on signal 15 -fetchnews.*: connected to -fetchnews.*: .*: no new articles -fetchnews.*: Read server info from -fetchnews.*: verbosity level -ftpd.*ANONYMOUS FTP LOGIN -ftpd.*FTP LOGIN FROM -ftpd.*retrieved -ftpd.*stored -ftp-gw.*: exit host -ftp-gw.*: permit host -http-gw.*: exit host -http-gw.*: permit host -icmplogd: ping from ([[:graph:]]* )?[[][[:graph:]]*[]] -identd.*: started -in.ftpd\[.*\]: connect from .* -init: Switching to runlevel: -in.qpopper.*: connect from -kernel: -kernel: VFS: Disk change detected on device -last message repeated .* times -mail.local --- MARK -- ---- MARK -- -named\[.*\]: .* -named\[.*\]: answer queries -named\[.*\]: approved AXFR from .* for -named\[.*\]: Cleaned cache of -named\[.*\]: deleting interface -named\[.*\]: Lame delegation -named\[.*\]: Lame server on '.*' \(in '.*'?\): \[.*\]\..* '.*' -named\[.*\]: listening on \[.*\]\.53 \(.*\) -named\[.*\]: NSTATS .* .* A=.*( PTR=.*)?( AAAA=.*)? -named\[.*\]: NSTATS .* .* A=.*( SOA=.*)?( MX=.*)? AAAA=.*( AXFR=.*)? -named\[.*\]: points to a CNAME -named\[.*\]: reloading -named\[.*\]: Response from -named\[.*\]: Sent NOTIFY for -named\[.*\]: starting -named\[.*\]: suppressing duplicate notify -named\[.*\]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.* -named-xfer\[.*\]: send AXFR query 0 to 138\.231\.136\.6 -named\[.*\]: XSTATS .* .* RR=.* RNXD=.* RFwdR=.* RDupR=.* RFail=.* RFErr=.* RErr=.* RAXFR=.* RLame=.* ROpts=.* SSysQ=.* SAns=.* SFwdQ=.* SDupQ=.* SErr=.* RQ=.* RIQ=.* RFwdQ=.* RDupQ=.* RTCP=.* SFwdR=.* SFail=.* SFErr=.* SNaAns=.* SNXD=.* -named\[.*\]: XX+/127\.0\.0\.1/.*/A/IN -named\[.*\]: XX+/192\.168\.*/.*/A/IN -named\[.*\]: zone transfer \(AXFR\) of .* to -netacl.*: exit host -netacl.*: permit host -net-snmp\[.*\]: Connection from 138\.231\.136\.6 -PAM_.*: .* session closed for user .* -PAM_.*: .* session opened for user .* -PAM_unix\[.*\]: \(cron\) session closed for user .* -PAM_unix\[.*\]: \(cron\) session opened for user .* -popper: -ERR POP server at -popper: -ERR Unknown command: "uidl". -popper.*Unable -portsentry\[.*\]: adminalert -postfix.*alias database.*rebuilt -postfix.*aliases.*longest -postfix/cleanup\[.*\]: .*: .*message-id= -postfix.*from= -postfix/local\[.*\]: .*: to=.*, relay= -postfix.*lost input channel -postfix/master -postfix.*message-id= -postfix/pickup\[.*\]: .*: uid=.* from= -postfix.*putoutmsg -postfix/qmgr\[.*\]: .*: from= -postfix/qmgr\[.*\]: .*, status=deferred -postfix.*return to sender -postfix/smtp -postfix/smtpd\[.*\]: .*: client= -postfix/smtpd\[.*\]: connect from -postfix/smtpd\[.*\]: disconnect from -postfix/smtp\[.*\]: .*: to=.*, relay= -postfix.*status= -postfix.*timeout waiting -postfix.*User Unknown -pppd\[.*\]: rcvd \[LCP EchoRep id=.* magic=.*\] -pppd\[.*\]: rcvd \[LCP EchoReq id=.* magic=.*\] -pppd\[.*\]: sent \[LCP EchoRep id=.* magic=.*\] -pppd\[.*\]: sent \[LCP EchoReq id=.* magic=.*\] -proftpd.*FTP session closed. -qmail.*delivery -qmail.*end msg -qmail.*info msg -qmail.*new msg -qmail.*starting delivery -rlogin-gw.*: exit host -rlogin-gw.*: permit host -root 1 -sendmail.*alias database.*rebuilt -sendmail.*aliases.*longest -sendmail.*from= -sendmail.*lost input channel -sendmail.*message-id= -sendmail.*putoutmsg -sendmail.*return to sender -sendmail.*stat= -sendmail.*timeout waiting -sendmail.*User Unknown -smapd.*daemon running -smapd.*delivered -smap.*host= -smbd.*: connect from -squid.*NETDB state saved; -squid\[.*\]: sslReadServer: FD .*: read failure: .* Connection reset by peer -squid\[.*\]: sslReadServer: FD .*: read failure: .* Connexion ré-initialisée par le correspondant -squid\[.*\]: this be aioCancel -squid\[.*\]: urlParse: Illegal character in hostname .* -squid\[.*\]: urlParse: URL too large .* -sshd\[.*\]: Accepted publickey for .* from .* port .* ssh2 -sshd.*: fatal: Connection closed by remote host. -sshd.*log: Closing connecting to -sshd.*: log: .* from localhost -sshd.*log: Generating new .* key. -sshd.*log: key generation complete. -sshd.*log: Password authentication for .* accepted. -sshd.*log: RSA authentication for .* accepted. -sshd.*: log: RSA key generation complete. -su\[.*\]: \+ .* root- -syslogd.*: restart. -syslogd.*: restart (remote reception). -syslogd.*: restart \(remote reception\)\. -syslog-ng\[.*\]: new configuration initialized -syslog-ng\[.*\]: SIGHUP received, restarting syslog-ng -syslog-ng\[.*\]: STATS: dropped 0 -tcplogd: (port [[:digit:]]+|(www|ftp|auth|socks|imap2|smtp)) connection attempt from -telnetd.*ttloop: peer died -texpire.*: .* articles deleted -tn-gw.*: exit host -tn-gw.*: permit host -/USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi) -/USR/SBIN/CRON\[.*\]: \(mail\) CMD \( if \[ -x /usr/sbin/exim \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi\) -x-gw.*: exit host -x-gw.*: permit host -xntpd.*Previous time adjustment didn't complete diff --git a/Cfg/etc/logcheck/logcheck.conf/info.xml b/Cfg/etc/logcheck/logcheck.conf/info.xml deleted file mode 100644 index 37272a1..0000000 --- a/Cfg/etc/logcheck/logcheck.conf/info.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/Cfg/etc/logcheck/logcheck.conf/logcheck.conf b/Cfg/etc/logcheck/logcheck.conf/logcheck.conf deleted file mode 100644 index 7488e27..0000000 --- a/Cfg/etc/logcheck/logcheck.conf/logcheck.conf +++ /dev/null @@ -1,95 +0,0 @@ -# The following variable settings are the initial default values, -# which can be uncommented and modified to alter logcheck's behaviour - -# Controls the format of date-/time-stamps in subject lines: -# Alternatively, set the format to suit your locale - -#DATE="$(date +'%Y-%m-%d %H:%M')" - -# Controls the presence of boilerplate at the top of each message: -# Alternatively, set to "0" to disable the introduction. -# -# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt -# are present their contents will be read and used as the header and -# footer of any generated mails. - -# Controls the level of filtering: -INTRO=0 - -# Controls the level of filtering: -# Can be Set to "workstation", "server" or "paranoid" for different -# levels of filtering. Defaults to server if not set. - -REPORTLEVEL="server" - -# Controls the address mail goes to: -# *NOTE* the script does not set a default value for this variable! -# Should be set to an offsite "emailaddress@some.domain.tld" - -SENDMAILTO="root" - -# Send the results as attachment or not. -# 0=not as attachment; 1=as attachment; 2=as gzip attachment -# Default is 0 - -MAILASATTACH=2 - -# Should the hostname in the subject of generated mails be fully qualified? - -FQDN=1 - -# Controls whether "sort -u" is used on log entries (which will -# eliminate duplicates but destroy the original ordering); the -# default is to use "sort -k 1,3 -s": -# Alternatively, set to "1" to enable unique sorting - -#SORTUNIQ=0 - -# Controls whether /etc/logcheck/cracking.ignore.d is scanned for -# exceptions to the rules in /etc/logcheck/cracking.d: -# Alternatively, set to "1" to enable cracking.ignore support - -SUPPORT_CRACKING_IGNORE=1 - -# Controls the base directory for rules file location -# This must be an absolute path - -#RULEDIR="/etc/logcheck" - -# Controls if syslog-summary is run over each section. -# Alternatively, set to "1" to enable extra summary. -# HINT: syslog-summary needs to be installed. - -SYSLOGSUMMARY=1 - -# Controls Subject: lines on logcheck reports: - -#ATTACKSUBJECT="Security Alerts" -#SECURITYSUBJECT="Security Events" -#EVENTSSUBJECT="System Events" - -# Controls [logcheck] prefix on Subject: lines - -#ADDTAG="no" - -# Set a different location for temporary files than /tmp -# this is useful if your /tmp is small and you are getting -# errors such as: -# cp: writing `/tmp/logcheck.y12449/checked': No space left on device -# /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device -# mail: /tmp/mail.RsXXXXpc2eAx: No space left on device -# Null message body; hope that's ok -# -# If this is happening, likely you will want to change the following to be some other -# location, such as /var/tmp - -TMP="/tmp" - -# Kludge affreux pour que logcheck n'envoie pas de message -# en cas de fail de kill pour cause de process inexistant -kill () { - temp=$(bash -c "kill $* 2>&1" | grep -v "Aucun processus de ce type") - if [ -n "$temp" ]; then - echo $temp; 1>&2 - fi -} diff --git a/Metadata/groups.xml b/Metadata/groups.xml index 3f08f61..f5cf661 100644 --- a/Metadata/groups.xml +++ b/Metadata/groups.xml @@ -495,7 +495,6 @@ - diff --git a/Rules/rules.xml b/Rules/rules.xml index 2567f05..e16c947 100644 --- a/Rules/rules.xml +++ b/Rules/rules.xml @@ -34,9 +34,4 @@ command="ln -s /etc/init.d/attendre-vert /etc/rcS.d/S41attendre-vert" /> - - - - -