rm -rf logcheck

YES \o/

Base/needed.xml

@@ -7,11 +7,6 @@
 	 <Package name="python-netaddr"/>
 	 <Package name="udev"/>
 
-	 <Path name="/etc/logcheck/cracking.ignore.d/local-crans" type="symlink"/>
-	 <Path name="/etc/logcheck/cracking.ignore.d/local-ignore" type="symlink"/>
-	 <Path name="/etc/logcheck/violations.ignore.d/local-crans" type="symlink"/>
-	 <Path name="/etc/logcheck/violations.ignore.d/local-ignore" type="symlink"/>
- 
     <!-- fichier de preferences pour darcs -->
     <Path name="/etc/crans/darcs_defaults"/>
 

Bundler/logcheck.xml

@@ -1,10 +0,0 @@
-<Bundle name="logcheck">
-  <Path name="/etc/cron.d/logcheck"/>
-  <Path name="/etc/logcheck/ignore.d.server/local-crans"/>
-  <Path name="/etc/logcheck/ignore.d.server/local-ignore"/>
-  <Path name="/etc/logcheck/logcheck.conf"/>
-  <Python name="/etc/logcheck/logcheck.logfiles"/>
-  <Package name="logcheck"/>
-  <Package name="logcheck-database"/>
-  <Package name="syslog-summary"/>
-</Bundle>

Cfg/etc/logcheck/ignore.d.server/local-crans/info.xml

@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='logcheck' perms='0644'/>
-</FileInfo>

Cfg/etc/logcheck/ignore.d.server/local-crans/local-crans

@@ -1,169 +0,0 @@
-amavis\[.*\]: \(.*\) INFO: 
-amavis\[.*\]: .*>, mail_id: .*, Hits: -, queued_as: .*, .* ms$
-amavis\[.*\]: \(.*\) Passed BAD-HEADER, 
-amavis\[.*\]: \(.*\) Passed CLEAN, 
-arpwatch:
-bcfg2-server\[.*\]: 
-comptes_inactifs:
-dovecot: auth(default): Master requested auth for nonexisting client
-dovecot: IMAP(.*): ((Connection closed)|(Disconnected in))
-dovecot: POP3(.*): ((Connection closed)|(Disconnected in))
-dovecot: ((imap)|(pop3))-login: Aborted login
-dovecot: ((imap)|(pop3))-login: Can't connect to auth server at default: Resource temporary unavailable
-dovecot: ((imap)|(pop3))-login: Disconnected: Inactivity:
-dovecot: ((imap)|(pop3))-login: Timeout waiting for handshake from auth server.
-firewall: -A ADMIN_VLAN -j REJECT
-firewall: -A BLACKLIST_((DST -d)|(SRC -s)) 138.231.1.* -j REJECT --reject-with icmp-host-prohibited
-firewall: -A FILTRE_P2P -i crans -o crans -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --apple -j LOG --log-prefix "IPP2P=AppleJuice "
-firewall: -A FILTRE_P2P -m ipp2p --apple -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --ares -j LOG --log-prefix "IPP2P=Ares "
-firewall: -A FILTRE_P2P -m ipp2p --ares -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --bit -j LOG --log-prefix "IPP2P=Bittorrent "
-firewall: -A FILTRE_P2P -m ipp2p --bit -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --dc -j LOG --log-prefix "IPP2P=DirectConnect "
-firewall: -A FILTRE_P2P -m ipp2p --dc -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --edk -j LOG --log-prefix "IPP2P=eDonkey "
-firewall: -A FILTRE_P2P -m ipp2p --edk -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --gnu -j LOG --log-prefix "IPP2P=GNUtella "
-firewall: -A FILTRE_P2P -m ipp2p --gnu -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --kazaa -j LOG --log-prefix "IPP2P=KaZaa "
-firewall: -A FILTRE_P2P -m ipp2p --kazaa -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --soul -j LOG --log-prefix "IPP2P=SoulSeek "
-firewall: -A FILTRE_P2P -m ipp2p --soul -j RETURN
-firewall: -A FILTRE_P2P -m ipp2p --winmx -j RETURN
-firewall: -A FORWARD -i crans -d 10.231.136.0/24 -j ADMIN_VLAN
-firewall: -A FORWARD -i ens -d 10.231.136.0/24 -j REJECT
-firewall: -A FORWARD -i ens -j BLACKLIST_DST
-firewall: -A FORWARD -i lo -j ACCEPT
-firewall: -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-firewall: -A FORWARD -o ens -j BLACKLIST_SRC
-firewall: -A FORWARD -p icmp -j ACCEPT
-firewall: -A FORWARD -s ! 138.231.136.0/28 -d ! 138.231.136.0/28 -j FILTRE_P2P
-firewall: class add dev ((crans)|(ens)) parent 1:1 classid 1:.* htb rate .* ceil .*
-firewall: class add dev ((crans)|(ens)) parent 1:.* classid 1:.* htb rate .* ceil
-firewall: -F|X$
-firewall: -I FORWARD -m mark --mark 0x2 -j ACCEPT
-firewall: -A OUTPUT -m owner --uid-owner .*
-firewall: -N ((ADMIN_VLAN)|(BLACKLIST_((SRC)|(DST))))
-firewall: -N FILTRE_P2P
-firewall: qdisc add dev ((crans)|(ens)) parent 1:.* handle .*: sfq perturb 10
-firewall: qdisc add dev ((crans)|(ens)) root handle 1: htb r2q 1
-firewall: qdisc del dev ((crans)|(ens)) root
-firewall: -t mangle -A POSTROUTING -m mark ! --mark 0x1 -j ACCEPT
-firewall: -t mangle -A POSTROUTING -o ((crans -d)|(ens   -s)) 138.231.1.*.0/24 -j SUBNET-138.231.1.*.0/24
-firewall: -t mangle -A POSTROUTING -o ((crans -d)|(ens -s)) 138.231.1((36)|(48)).0/21 -j CLASSIFY --set-class 1:9998
-firewall: -t mangle -A PREROUTING -m mark --mark 0x2 -j ACCEPT
-firewall: -t mangle -A PREROUTING -p tcp --destination-port 80 -s 138.231.136.0/21 -d ! 138.231.148.0/21 -j MARK --set-mark 0x2
-firewall: -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
-firewall: -t mangle -A PREROUTING -p tcp -m ipp2p --bit -j MARK --set-mark 0x1
-firewall: -t mangle -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT
-firewall: -t mangle -A PREROUTING -p tcp -m mark --mark 0x1 -j CONNMARK --save-mark
-firewall: -t mangle -A PREROUTING -s 138.231.136.0/28 -j RETURN
-firewall: -t mangle -A PREROUTING -s 138.231.136.0/28 -j RETURN
-firewall: -t mangle -A SUBNET-138.231.1...0/24 -o crans -d 138.231.1.* -j CLASSIFY --set-class 1:.*
-firewall: -t mangle -A SUBNET-138.231.1...0/24 -o ens ( )*-s 138.231.1.* -j CLASSIFY --set-class 1:.*
-firewall: -t mangle -A SUBNET-138.231.1...0/24 -o ens ( )*-s 138.231.1.* -m mark --mark 0x1 -j CLASSIFY --set-class 1:.*
-firewall: -t (mangle)|(nat) -F|X
-firewall: -t mangle -N SUBNET-138.231.1...0/24
-firewall: -t nat -A LOG_FLOOD -j DROP
-firewall: -t nat -A LOG_FLOOD -m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix  Flood:
-firewall: -t nat -A LOG_VIRUS -j DROP
-firewall: -t nat -A LOG_VIRUS -m limit --limit 1/s --limit-burst 1 -j LOG --log-level notice --log-prefix  Virus:
-firewall: -t nat -A PREROUTING -d 138.231.136.0/28 -j ACCEPT
-firewall: -t nat -A PREROUTING -d 224.0.0.0/4 -j DROP
-firewall: -t nat -A PREROUTING -i ens -j ACCEPT
-firewall: -t nat -A PREROUTING -i ens -j RESEAUX_NON_ROUTABLES_SRC
-firewall: -t nat -A PREROUTING -i ens -p udp --destination 138.231.136.1 --destination-port 53 -j DNAT --to-destination 138.231.136.3
-firewall: -t nat -A PREROUTING -i lo -j ACCEPT
-firewall: -t nat -A PREROUTING -i tun-ovh -j ACCEPT
-firewall: -t nat -A PREROUTING -j RESEAUX_NON_ROUTABLES_DST
-firewall: -t nat -A PREROUTING -j TEST_MAC-IP
-firewall: -t nat -A PREROUTING -p tcp -m mark --mark 0x2 -j DNAT --to-destination 10.231.136.9:3128
-firewall: -t nat -A PREROUTING -s 138.231.136.0/28 -j ACCEPT
-firewall: -t nat -A PREROUTING -s ! 138.231.136.0/28 -j TEST_VIRUS_FLOOD
-firewall: -t nat -A TEST_MAC-IP -j DROP
-firewall: -t nat -A TEST_VIRUS_FLOOD -[ds] .* -j LOG_VIRUS
-firewall: -t nat -A TEST_VIRUS_FLOOD -j LOG_FLOOD
-firewall: -t nat -A TEST_VIRUS_FLOOD -m hashlimit --hashlimit 20 --hashlimit-mode srcip --hashlimit-name flood -j RETURN
-firewall: -t nat -A TEST_VIRUS_FLOOD -p tcp --dport 135 -j LOG_VIRUS
-firewall: -t nat -A TEST_VIRUS_FLOOD -p tcp --dport 445 -j LOG_VIRUS
-firewall: -t nat -D TEST_MAC-IP -s 138.231.1.* -m mac --mac-source .* -j RETURN
-firewall: -t nat -I TEST_MAC-IP -s .* -m mac --mac-source .* -j RETURN
-firewall: -t nat -L TEST_MAC-IP -n
-firewall: -t nat -N ((TEST_MAC-IP)|(RESEAUX_NON_ROUTABLES_((SRC)|(DST))))
-firewall: -t nat -N ((TEST_VIRUS_FLOOD)|(LOG_((VIRUS)|(FLOOD))))
-firewall: -t nat -P OUTPUT ACCEPT
-firewall: -t nat -P PREROUTING ACCEPT
-firewall: -t nat -P PREROUTING ACCEPT
-firewall: -t nat -P PREROUTING ACCEPT
-generate\[.*\]: autodisc_upload\(.*\)
-generate\[.*\]: .*blacklist.*\(.*\)
-generate\[.*\]: bloq\(.*\)
-generate\[.*\]: classify\(.*\)
-generate\[.*\]: conf_wifi_ng\(.*\)
-generate\[.*\]: .*-dhcp\(.*\)
-generate\[.*\]: dns\(.*\)
-generate\[.*\]: firewall\(.*\)
-generate\[.*\]: .*macip\(.*\)
-generate\[.*\]: .*p2p\(.*\)
-generate\[.*\]: surveillance_machines\(.*\)
-generate\[.*\]: .*virus\(.*\)
-HORDE\[.*\]: \[.*\] DB Error: connect failed:  \[nativecode=.*nable to .*connect
-HORDE\[.*\]: \[imp\] FAILED LOGIN
-innd: o:incoming.conf:flush cache
-innd: SERVER reload incoming.conf flush cache
-in.ident2\[.*\]:.*
-nacctd: config: added headerinfo \(.*:.*:.*\)
-nacctd: config: added iflist
-nacctd: config: added ignore network \(netmask 255.0.0.0\)
-nacctd: config: added ignore network \(netnumber 127.0.0.0\)
-nacctd: config: disabled field
-nacctd: config: set debugfile to
-nacctd: config: set debugging level to
-nacctd: config: set dumpfile to
-nacctd: config: set fdelay to
-nacctd: config: set filename to
-nacctd: config: set flushing to
-nacctd: config: set ignoremask to 255.255.255.0
-nacctd: net accounting daemon forked
-nacctd: net accounting daemon started
-nacctd: net accounting daemon terminating \(.*\)
-nacctd: no old dumpfile \(.*\) exists
-nnrpd\[.*\]: .* can't read:
-nnrpd\[.*\]: .* no_success_auth
-nnrpd\[.*\]: .* timeout short
-nnrpd\[.*\]: .* times user .* system .* idle .* elapsed
-ntpd\[.*\]: 
-postfix/bounce\[.*\]: .*: sender delay notification: 
-slapd\[.*\]: 
-spamd\[.*\]: auto-whitelist: open of auto-whitelist file failed: 
-spamd\[.*\]: bayes: cannot open bayes databases 
-spamd\[.*\]: config: failed to parse line, skipping, in 
-spamd\[.*\]: config: failed to parse, now a plugin, skipping, in 
-spamd\[.*\]: config: not parsing, 'allow_user_rules' is 0: 
-spamd\[.*\]: spamd: handle_user unable to find user: 
-sqlgrey: dbaccess: .* the database system is starting up
-sqlgrey: grey:
-sqlgrey: perf:
-sqlgrey: spam:
-sqlgrey: whitelist:
-squid\[.*\]: Accepting proxy HTTP connections at 
-squid\[.*\]: Accepting SNMP messages on port 
-squid\[.*\]: aclParseAclLine: WARNING: empty ACL: 
-squid\[.*\]: Configuring Parent 
-squid\[.*\]: ctx: enter level  0: 
-squid\[.*\]: Extension method '.*' added, enum=
-squid\[.*\]: Failed to parse request headers: 
-squid\[.*\]: FD .* Closing SNMP socket
-squid\[.*\]: httpProcessReplyHeader: 
-squid\[.*\]: httpProcessReplyHeader: Too large reply header
-squid\[.*\]: httpReadReply: Excess data from 
-squid\[.*\]: httpReadReply: Excess data from 
-squid\[.*\]: httpReadReply: Request not yet fully sent 
-squid\[.*\]: \^I/var/spool/squid
-squid\[.*\]: parseHttpRequest: Can't get request method
-squid\[.*\]: parseHttpRequest: Missing URL
-squid\[.*\]: Reconfiguring Squid Cache 
-squid\[.*\]: WARNING: http.c:.*: HTTP header too large
-squid\[.*\]: WARNING: suspicious CR characters in HTTP header

Cfg/etc/logcheck/ignore.d.server/local-ignore/info.xml

@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='logcheck' perms='0644'/>
-</FileInfo>

Cfg/etc/logcheck/ignore.d.server/local-ignore/local-ignore

@@ -1,151 +0,0 @@
-apcupsd\[.*\]: apcupsd shutdown succeeded
-authsrv.*AUTHENTICATE
-automount.*: attempting to mount entry
-automount.*: do_mount
-automount.*: expanded entry:
-automount.*: lookup(file): 
-automount.*: mount(generic): calling mkdir
-automount.*: mount(generic): calling mount
-automount.*: parse(sun):
-cracklib: updating dictionary .* .* words\.
-cron.*CMD
-CRON.*CMD
-cron.*RELOAD
-cron.*STARTUP
-exiting on signal 15
-fetchnews.*: connected to
-fetchnews.*: .*: no new articles
-fetchnews.*: Read server info from
-fetchnews.*: verbosity level
-ftpd.*ANONYMOUS FTP LOGIN
-ftpd.*FTP LOGIN FROM
-ftpd.*retrieved
-ftpd.*stored
-ftp-gw.*: exit host
-ftp-gw.*: permit host
-http-gw.*: exit host
-http-gw.*: permit host
-icmplogd: ping from ([[:graph:]]* )?[[][[:graph:]]*[]]
-identd.*: started
-in.ftpd\[.*\]: connect from .*
-init: Switching to runlevel:
-in.qpopper.*: connect from
-kernel:
-kernel: VFS: Disk change detected on device
-last message repeated .* times
-mail.local
--- MARK --
---- MARK --
-named\[.*\]: .*
-named\[.*\]: answer queries
-named\[.*\]: approved AXFR from .* for
-named\[.*\]: Cleaned cache of
-named\[.*\]: deleting interface
-named\[.*\]: Lame delegation
-named\[.*\]: Lame server on '.*' \(in '.*'?\): \[.*\]\..* '.*'
-named\[.*\]: listening on \[.*\]\.53 \(.*\)
-named\[.*\]: NSTATS .* .* A=.*( PTR=.*)?( AAAA=.*)?
-named\[.*\]: NSTATS .* .* A=.*( SOA=.*)?( MX=.*)? AAAA=.*( AXFR=.*)?
-named\[.*\]: points to a CNAME
-named\[.*\]: reloading
-named\[.*\]: Response from
-named\[.*\]: Sent NOTIFY for
-named\[.*\]: starting
-named\[.*\]: suppressing duplicate notify
-named\[.*\]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.*
-named-xfer\[.*\]: send AXFR query 0 to 138\.231\.136\.6
-named\[.*\]: XSTATS .* .* RR=.* RNXD=.* RFwdR=.* RDupR=.* RFail=.* RFErr=.* RErr=.* RAXFR=.* RLame=.* ROpts=.* SSysQ=.* SAns=.* SFwdQ=.* SDupQ=.* SErr=.* RQ=.* RIQ=.* RFwdQ=.* RDupQ=.* RTCP=.* SFwdR=.* SFail=.* SFErr=.* SNaAns=.* SNXD=.*
-named\[.*\]: XX+/127\.0\.0\.1/.*/A/IN
-named\[.*\]: XX+/192\.168\.*/.*/A/IN
-named\[.*\]: zone transfer \(AXFR\) of .* to
-netacl.*: exit host
-netacl.*: permit host
-net-snmp\[.*\]: Connection from 138\.231\.136\.6
-PAM_.*: .* session closed for user .*
-PAM_.*: .* session opened for user .*
-PAM_unix\[.*\]: \(cron\) session closed for user .*
-PAM_unix\[.*\]: \(cron\) session opened for user .*
-popper: -ERR POP server at
-popper: -ERR Unknown command: "uidl".
-popper.*Unable
-portsentry\[.*\]: adminalert
-postfix.*alias database.*rebuilt
-postfix.*aliases.*longest
-postfix/cleanup\[.*\]: .*: .*message-id=
-postfix.*from=
-postfix/local\[.*\]: .*: to=.*, relay=
-postfix.*lost input channel
-postfix/master
-postfix.*message-id=
-postfix/pickup\[.*\]: .*: uid=.* from=
-postfix.*putoutmsg
-postfix/qmgr\[.*\]: .*: from=
-postfix/qmgr\[.*\]: .*, status=deferred
-postfix.*return to sender
-postfix/smtp
-postfix/smtpd\[.*\]: .*: client=
-postfix/smtpd\[.*\]: connect from
-postfix/smtpd\[.*\]: disconnect from
-postfix/smtp\[.*\]: .*: to=.*, relay=
-postfix.*status=
-postfix.*timeout waiting
-postfix.*User Unknown
-pppd\[.*\]: rcvd \[LCP EchoRep id=.* magic=.*\]
-pppd\[.*\]: rcvd \[LCP EchoReq id=.* magic=.*\]
-pppd\[.*\]: sent \[LCP EchoRep id=.* magic=.*\]
-pppd\[.*\]: sent \[LCP EchoReq id=.* magic=.*\]
-proftpd.*FTP session closed.
-qmail.*delivery
-qmail.*end msg
-qmail.*info msg
-qmail.*new msg
-qmail.*starting delivery
-rlogin-gw.*: exit host
-rlogin-gw.*: permit host
-root 1
-sendmail.*alias database.*rebuilt
-sendmail.*aliases.*longest
-sendmail.*from=
-sendmail.*lost input channel
-sendmail.*message-id=
-sendmail.*putoutmsg
-sendmail.*return to sender
-sendmail.*stat=
-sendmail.*timeout waiting
-sendmail.*User Unknown
-smapd.*daemon running
-smapd.*delivered
-smap.*host=
-smbd.*: connect from
-squid.*NETDB state saved;
-squid\[.*\]: sslReadServer: FD .*: read failure: .* Connection reset by peer
-squid\[.*\]: sslReadServer: FD .*: read failure: .* Connexion ré-initialisée par le correspondant
-squid\[.*\]: this be aioCancel
-squid\[.*\]: urlParse: Illegal character in hostname .*
-squid\[.*\]: urlParse: URL too large .*
-sshd\[.*\]: Accepted publickey for .* from .* port .* ssh2
-sshd.*: fatal: Connection closed by remote host.
-sshd.*log: Closing connecting to 
-sshd.*: log: .* from localhost
-sshd.*log: Generating new .* key.
-sshd.*log: key generation complete.
-sshd.*log: Password authentication for .* accepted.
-sshd.*log: RSA authentication for .* accepted.
-sshd.*: log: RSA key generation complete.
-su\[.*\]: \+ .* root-
-syslogd.*: restart.
-syslogd.*: restart (remote reception).
-syslogd.*: restart \(remote reception\)\.
-syslog-ng\[.*\]: new configuration initialized
-syslog-ng\[.*\]: SIGHUP received, restarting syslog-ng
-syslog-ng\[.*\]: STATS: dropped 0
-tcplogd: (port [[:digit:]]+|(www|ftp|auth|socks|imap2|smtp)) connection attempt from
-telnetd.*ttloop:  peer died
-texpire.*: .* articles deleted
-tn-gw.*: exit host
-tn-gw.*: permit host
-/USR/SBIN/CRON\[.*\]: (mail) CMD (  if \[ -x /usr/sbin/exim \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi) 
-/USR/SBIN/CRON\[.*\]: \(mail\) CMD \(  if \[ -x /usr/sbin/exim \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi\)
-x-gw.*: exit host
-x-gw.*: permit host
-xntpd.*Previous time adjustment didn't complete

Cfg/etc/logcheck/logcheck.conf/info.xml

@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='logcheck' perms='0644'/>
-</FileInfo>

Cfg/etc/logcheck/logcheck.conf/logcheck.conf

@@ -1,95 +0,0 @@
-# The following variable settings are the initial default values,
-# which can be uncommented and modified to alter logcheck's behaviour
-
-# Controls the format of date-/time-stamps in subject lines:
-# Alternatively, set the format to suit your locale
-
-#DATE="$(date +'%Y-%m-%d %H:%M')"
-
-# Controls the presence of boilerplate at the top of each message:
-# Alternatively, set to "0" to disable the introduction.
-#
-# If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
-# are present their contents will be read and used as the header and
-# footer of any generated mails.
-
-# Controls the level of filtering: 
-INTRO=0
-
-# Controls the level of filtering: 
-# Can be Set to "workstation", "server" or "paranoid" for different
-# levels of filtering. Defaults to server if not set.
-
-REPORTLEVEL="server"
-
-# Controls the address mail goes to:
-# *NOTE* the script does not set a default value for this variable!
-# Should be set to an offsite "emailaddress@some.domain.tld"
-
-SENDMAILTO="root"
-
-# Send the results as attachment or not.
-# 0=not as attachment; 1=as attachment; 2=as gzip attachment
-# Default is 0
-
-MAILASATTACH=2
-
-# Should the hostname in the subject of generated mails be fully qualified?
-
-FQDN=1
-
-# Controls whether "sort -u" is used on log entries (which will
-# eliminate duplicates but destroy the original ordering); the
-# default is to use "sort -k 1,3 -s":
-# Alternatively, set to "1" to enable unique sorting
-
-#SORTUNIQ=0
-
-# Controls whether /etc/logcheck/cracking.ignore.d is scanned for
-# exceptions to the rules in /etc/logcheck/cracking.d:
-# Alternatively, set to "1" to enable cracking.ignore support
-
-SUPPORT_CRACKING_IGNORE=1
-
-# Controls the base directory for rules file location
-# This must be an absolute path
-
-#RULEDIR="/etc/logcheck"
-
-# Controls if syslog-summary is run over each section.
-# Alternatively, set to "1" to enable extra summary.
-# HINT: syslog-summary needs to be installed.
-
-SYSLOGSUMMARY=1
-
-# Controls Subject: lines on logcheck reports:
-
-#ATTACKSUBJECT="Security Alerts"
-#SECURITYSUBJECT="Security Events"
-#EVENTSSUBJECT="System Events"
-
-# Controls [logcheck] prefix on Subject: lines
-
-#ADDTAG="no"
-
-# Set a different location for temporary files than /tmp
-# this is useful if your /tmp is small and you are getting
-# errors such as:
-# cp: writing `/tmp/logcheck.y12449/checked': No space left on device
-# /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device
-# mail: /tmp/mail.RsXXXXpc2eAx: No space left on device
-# Null message body; hope that's ok
-#
-# If this is happening, likely you will want to change the following to be some other
-# location, such as /var/tmp
-
-TMP="/tmp"
-
-# Kludge affreux pour que logcheck n'envoie pas de message
-# en cas de fail de kill pour cause de process inexistant
-kill () {
-    temp=$(bash -c "kill $* 2>&1" | grep -v "Aucun processus de ce type")
-    if [ -n "$temp" ]; then
-        echo $temp; 1>&2
-    fi
-}

Metadata/groups.xml

@@ -495,7 +495,6 @@
     <Bundle name="apt"/>
     <Bundle name="apt-keys"/>
     <Bundle name="firewall6"/>
-    <Bundle name="logcheck"/>
     <Bundle name="scripts"/>
     <Bundle name="molly-guard"/>
     <Bundle name="vlock"/>

Rules/rules.xml

@@ -34,9 +34,4 @@
       command="ln -s /etc/init.d/attendre-vert /etc/rcS.d/S41attendre-vert" /> 
 
   <Path name="/usr/lib/python2.7/dist-packages/MoinMoin/script/export/dump_proxy.py" type="symlink" to="/usr/scripts/wiki/dump_proxy.py" />
-
-  <Path name="/etc/logcheck/cracking.ignore.d/local-crans" type="symlink" to="/etc/logcheck/ignore.d.server/local-crans"/>
-  <Path name="/etc/logcheck/cracking.ignore.d/local-ignore" type="symlink" to="/etc/logcheck/ignore.d.server/local-ignore"/>
-  <Path name="/etc/logcheck/violations.ignore.d/local-crans" type="symlink" to="/etc/logcheck/ignore.d.server/local-crans"/>
-  <Path name="/etc/logcheck/violations.ignore.d/local-ignore" type="symlink" to="/etc/logcheck/ignore.d.server/local-ignore"/>
 </Rules>