[Logcheck-commits] martin f. krafft: ignore replay-window backtrack warnings.

Martin F. Krafft madduck at alioth.debian.org
Sun Aug 31 18:44:02 UTC 2008 

Module: logcheck
Branch: viol-merge
Commit: 8db8d7a63e7ed1a70b5a5730c619441940d905d3
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=8db8d7a63e7ed1a70b5a5730c619441940d905d3

Author: martin f. krafft <madduck at debian.org>
Date:   Sun Aug 31 19:04:10 2008 +0100

ignore replay-window backtrack warnings.

---

 debian/changelog                        |    1 +
 rulefiles/linux/ignore.d.server/openvpn |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ade3bb9..a4557d7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -45,6 +45,7 @@ logcheck (1.3) unstable; urgency=low
     - ignore messages about clients reconnecting and dropping previous active
       connections.
     - ignore restarts due to fatal TLS errors.
+    - ignore replay-window backtrack warnings.
 
   * Rulefiles are now installed with mode 644; the directories are still moe
     700, so the files are not publicly readable (unless the admin hardlinks
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index 2f80089..a6611be 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -76,3 +76,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? WARNING: Bad encapsulated packet length from peer \([[:digit:]]+\), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- \[Attempt?ing restart\.\.\.\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \[[-_.[:alnum:]]+\])? Inactivity timeout \(--ping-restart\), restarting$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})?( \[[-._[:alnum:]]+\])?)? Peer Connection Initiated with [[:digit:].]{7,15}:[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Replay-window backtrack occurred \[[[:digit:]]+\]$

More information about the Logcheck-commits mailing list