Bug#566198: Path of cron isn't logged by rsyslog

[Loïc Minier]

Package: logcheck-database
Version: 1.3.5
Severity: minor
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch

        Hi

 ( This was originally reported in Ubuntu bug
 https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/463471 )

 I guess since the switch from syslogd to rsyslog in Ubuntu 9.10,
 logcheck doesn't filter out CRON entries anymore.  I verified this on
 one of my systems and saw what used to be /USR/SBIN/CRON and
 /usr/sbin/cron messages be logged without /usr/sbin/.  Please find
 attached a patch to support both formats.

   Thanks,
-- 
Loïc Minier

diff -Nru logcheck-1.3.5/debian/changelog logcheck-1.3.5ubuntu1/debian/changelog
--- logcheck-1.3.5/debian/changelog	2010-01-01 00:14:30.000000000 +0100
+++ logcheck-1.3.5ubuntu1/debian/changelog	2010-01-21 23:36:34.000000000 +0100
@@ -1,3 +1,15 @@
+logcheck (1.3.5ubuntu1) lucid; urgency=low
+
+  * rulefiles/linux/ignore.d.paranoid/cron: make /usr/sbin/ optional in
+    pathnames to cron; apparently a difference between syslog and rsyslog;
+    LP: #463471.
+
+ -- Loïc Minier <loic.min...@ubuntu.com>  Thu, 21 Jan 2010 23:09:45 +0100
+
 logcheck (1.3.5) unstable; urgency=low
 
   [ Hannes von Haugwitz ]
Les fichiers binaires /tmp/XIHkznoL9R/logcheck-1.3.5/docs/.README.logcheck-database.swp et /tmp/NAj5ZmFW1d/logcheck-1.3.5ubuntu1/docs/.README.logcheck-database.swp sont différents.
diff -Nru logcheck-1.3.5/rulefiles/linux/ignore.d.paranoid/cron logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.paranoid/cron
--- logcheck-1.3.5/rulefiles/linux/ignore.d.paranoid/cron	2008-09-22 17:25:25.000000000 +0200
+++ logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.paranoid/cron	2010-01-21 23:13:52.000000000 +0100
@@ -1,8 +1,8 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([_[:alnum:]-]+\) CMD \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/USR/SBIN/)?CRON\[[0-9]+\]: \([_[:alnum:]-]+\) CMD \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session (opened|closed) for user [[:alnum:]-]+( by \(uid=[0-9]+\))?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_[[:alnum:]]+\(cron:session\): session (opened|closed) for user [[:alnum:]-]+( by \(uid=[0-9]+\))?$