I agree, I'm no logcheck expert, but if it behaves according to the
manpage, it doesn't take into account the way logcheck handles violations
and their corresponding ignores anymore.
As I think I understand it (feel free to correct me), if a package wants
to register security violation regexps, those should go in:
/etc/logcheck/violations.d/<packagename>
and ignore strings for THOSE, and only THOSE, regexps should go in:
/etc/logcheck/violations.ignore.d/<packagename>
The problem here is that logcheck-database includes a bunch of generic
regexps as well, in the file
/etc/logcheck/violations.d/logcheck
which many packages trigger as false violations. Those packages, if
well behaved, are responsible for installing a file:
/etc/logcheck/violations.ignore.d/logcheck-<packagename>
to explicitly stop those false positives. How do we do this with
dh_installlogcheck.
So, by observation, two problems:
1) dh_installlogcheck has no documented mechanism to install
rules for violations.d
2) dh_installlogcheck has no documented mechanism to install
rules for violations.ignore.d/logcheck-<packagename>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
