blob: c2cd0159f915e121d0a5f7c909a7267afe67d068 (
plain)
1
2
3
4
5
6
7
|
--- rulefiles/linux/violations.d/sudo.orig 2022-12-22 23:03:11 UTC
+++ rulefiles/linux/violations.d/sudo
@@ -1,3 +1,3 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: \(pam_[[:alnum:]]+\) .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo\[[0-9]+\]: pam_[[:alnum:]]+\(sudo:[[:alnum:]]+\): .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo: .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sudo(\[[0-9]+\])?: .*$
|
