logcheck for Debian
As of version 188.8.131.52 the Logcheck scripts has had a major overhaul by
myself. This extends the options in the config file that Rene
Mayrhofer introduced in version 1.1.1-7.
The major changes between 184.108.40.206 and 1.1.1-13.5 include the following
- Comments are now allowed in rulefiles
- Subdirectories in the rulefile directories are ignored
- Security violation mails now have a different subject
- There is now support for cracking.ignore (for local use only).
This needs to be enabled in the config file
- Lines logged in one section will not appear in any others
- Standard rulefiles are now stored in the .d directories
- We do not support symlinks in the .d directories any more
- Shortened report subjects (can be changed in the config file)
- Logcheck no longer installs any symlinks under /etc/logcheck
- Package-specific rulefiles in violations.ignore.d only filter
alarms raised by the corresponding violations.d entry
- Package-specific Security Events now get separate sections
I have made this a Debian native package now, due to the vast
difference between upstream's 1.1.1 and Debian's version.
-- Jon Middleton <firstname.lastname@example.org>