Bug 668067 - logwatch shows unknown entries for su -
Summary: logwatch shows unknown entries for su -
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: logwatch
Version: 5.5
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: ---
Assignee: Jan Synacek
QA Contact: David Kutálek
URL:
Whiteboard:
Depends On:
Blocks: 974042
TreeView+ depends on / blocked
 
Reported: 2011-01-07 19:52 UTC by Greg Swift
Modified: 2013-06-13 10:47 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 974042 (view as bug list)
Environment:
Last Closed: 2012-08-29 11:17:06 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
simple patch to fix it so that they aren't unknown anymore (1.42 KB, patch)
2011-01-07 19:52 UTC, Greg Swift
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:1217 0 normal SHIPPED_LIVE logwatch bug fix update 2012-08-29 15:15:59 UTC

Description Greg Swift 2011-01-07 19:52:44 UTC
Created attachment 472287 [details]
simple patch to fix it so that they aren't unknown anymore

Description of problem:
There are logwatch entries unmatched, but they are of standard 'su -' behaviors.  This really should be recognized as it is very common.

Version-Release number of selected component (if applicable):
logwatch-7.3-8.el5

How reproducible:
Very

Steps to Reproduce:
1. do an su from the cli
2. read your next logwatch
  
Actual results:
--------------------- pam_unix Begin ------------------------

 su-l:
    Unknown Entries:
       session closed for user root: 3 Time(s)
       session opened for user root by andy(uid=101): 1 Time(s)
       session opened for user root by terry(uid=510): 1 Time(s)


 ---------------------- pam_unix End ------------------------- 

Expected results:
something like this:
su-l:
   Sessions Opened:
      (uid=0) -> root: 8 Time(s)
      andy(uid=0) -> root: 1 Time(s)
      jce(uid=506) -> root: 1 Time(s)

Additional info:
the patch may not be the preferred fix, but it was an option.

Comment 1 Greg Swift 2011-01-07 19:54:42 UTC
(In reply to comment #0)

> Steps to Reproduce:
> 1. do an su from the cli
> 2. read your next logwatch

Correction to #1:  do a 'su -' from the cli

Comment 2 RHEL Program Management 2011-09-23 00:12:31 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.

Comment 3 Greg Swift 2011-09-23 13:29:45 UTC
(In reply to comment #2)
> This request was evaluated by Red Hat Product Management for
> inclusion in the current release of Red Hat Enterprise Linux.
> Because the affected component is not scheduled to be updated in the
> current release, Red Hat is unfortunately unable to address this
> request at this time. Red Hat invites you to ask your support
> representative to propose this request, if appropriate and relevant,
> in the next release of Red Hat Enterprise Linux.

considering where you are in the 5.8 and overall 5 lifecycle don't you think this response should have come much sooner? :P

Comment 7 errata-xmlrpc 2012-08-29 11:17:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-1217.html


Note You need to log in before you can comment on or make changes to this bug.