tier1.jp

logcheck ignore database

logcheck is very useful.

However, there are a lot of debug messages, non-informative startup/shutdown messages, sleep/wake-up, etc.

That makes logcheck summary mails too verbose for us to check properly.

This software, a set of local-PROCESS_NAME files, aims to reduce such logs.

Attention!

There are security leakage issue around restricted dmesg. A user who receives logcheck summary mails can know those dmesg output, which means those processes running under those users can also know important kernel output which contains address range, port numbers, hardware configurations, etc.

We started to add suppression rules for those.

Please update ASAP (especially stretch with Linux kernel 4.9).

Download

For Debian GNU/Linux stretch and buster (since v0.6).

  • 2019-12-14: logcheck-ignore-database 0.13 released.
    • [SECURITY] add more suppression rules for kernel sensitive entries.
  • 2019-12-11: logcheck-ignore-database 0.11 released.
    • [SECURITY] add kernel suppression rules to hide sensitive dmesg information.

Usage

Please read the README file in the tar archive.

Note for Buster

In each file, buster specific rules are separated by a comment line.

  • You do not have to remove the stretch section.
  • There are some "aggressive" debug log suppressors, too.

Note

This software is free software, under the GNU General Public License version 2 only.

This software is not open; source (=local-* rule files) development process is closed, no VCS repository here.