1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
|
Template: logcheck-database/rules-directories-note
Type: note
_Description: Local modifications should be put into .d directories
From version 1.1.1-8, logcheck supports run-parts controled rule
directories:
.
- /etc/logcheck/cracking.d
- /etc/logcheck/cracking.ignore.d [for local use only]
- /etc/logcheck/violations.d
- /etc/logcheck/violations.ignore.d
- /etc/logcheck/ignore.d.workstation
- /etc/logcheck/ignore.d.server
- /etc/logcheck/ignore.d.paranoid
.
The ignore.d.{workstation,server,paranoid} directory to be used is set by
the REPORTLEVEL option in the file "/etc/logcheck/logcheck.conf".
.
These directories may contain files prefixed with "logcheck-" (containing
generic alert/override patterns), named "(packagename)" (containing patterns
specific to that one package), or named "local" respectively prefixed with
"local-" (created by the local administrator to contain patterns tailored for
a particular site). Logcheck will then use rules collected from all the files
found in the appropriate directories.
.
Please see /usr/share/doc/logcheck for more details.
Template: logcheck-database/standard-rename-note
Type: note
_Description: Logcheck standard rulefiles renamed
As of version 1.2.1, the "standard" rulefiles have been renamed to
"logcheck" and the "standard.postfix" file has been renamed to
"logcheck-postfix".
Template: logcheck-database/conffile-cleanup
Type: boolean
Default: false
_Description: Delete obsolete conffiles
The rulefiles in logcheck-database have just been through an audit to
remove duplicate entries and to make them more specific - this also
reduces false negatives.
.
As a result of this a number of rulefiles have been removed from the
package. Would you like these to be deleted?
|