[Logcheck-commits] martin f. krafft: Remove most messages from cracking.d/ logcheck and split up the remaining ones into separate files.
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 19:24:14 UTC 2008
Module: logcheck
Branch: master
Commit: 1e0b1e7b100bb2b97308e0cf605d1f9a80777855
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=1e0b1e7b100bb2b97308e0cf605d1f9a80777855
Author: martin f. krafft <madduck at debian.org>
Date: Wed Jul 30 08:18:22 2008 +0200
Remove most messages from cracking.d/logcheck and split up the remaining ones into separate files.
---
debian/changelog | 3 ++
rulefiles/linux/cracking.d/kernel | 1 +
rulefiles/linux/cracking.d/logcheck | 43 -----------------------------------
rulefiles/linux/cracking.d/rlogind | 1 +
rulefiles/linux/cracking.d/rsh | 1 +
rulefiles/linux/cracking.d/tftpd | 1 +
rulefiles/linux/cracking.d/uucico | 1 +
7 files changed, 8 insertions(+), 43 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3eccf78..95ba444 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ logcheck (1.3) unstable; urgency=low
* Formalise the dropping of violations.d/logcheck. Please see
/usr/share/doc/logcheck-database/NEWS.Debian.gz for more information.
+ * Remove most messages from cracking.d/logcheck and split up the remaining
+ ones into separate files.
+
* ignore.d.server/dovecot:
- ignore connection closed messages.
- ignore auth failure messages whe ruser and rip are known.
diff --git a/rulefiles/linux/cracking.d/kernel b/rulefiles/linux/cracking.d/kernel
new file mode 100644
index 0000000..d3fca2c
--- /dev/null
+++ b/rulefiles/linux/cracking.d/kernel
@@ -0,0 +1 @@
+kernel: Oversized packet received from
diff --git a/rulefiles/linux/cracking.d/logcheck b/rulefiles/linux/cracking.d/logcheck
deleted file mode 100644
index e6a4715..0000000
--- a/rulefiles/linux/cracking.d/logcheck
+++ /dev/null
@@ -1,43 +0,0 @@
-"wiz"
-"WIZ"
-"debug"
-"DEBUG"
-ATTACK
-nested
-VRFY bbs
-VRFY decode
-VRFY uudecode
-VRFY lp
-VRFY demo
-VRFY guest
-VRFY root
-VRFY uucp
-VRFY oracle
-VRFY sybase
-VRFY games
-vrfy bbs
-vrfy decode
-vrfy uudecode
-vrfy lp
-vrfy demo
-vrfy guest
-vrfy root
-vrfy uucp
-vrfy oracle
-vrfy sybase
-vrfy games
-expn decode
-expn uudecode
-expn wheel
-expn root
-EXPN decode
-EXPN uudecode
-EXPN wheel
-EXPN root
-rlogind\[[0-9]+\]: Connection from [.0-9]+ on illegal port
-rshd\[[0-9]+\]: Connection from [.0-9]+ on illegal port
-uucico\[[0-9]+\]: refused connect from
-tftpd\[[0-9]+\]: refused connect from
-kernel: Oversized packet received from
-attackalert
-attack
diff --git a/rulefiles/linux/cracking.d/rlogind b/rulefiles/linux/cracking.d/rlogind
new file mode 100644
index 0000000..072108d
--- /dev/null
+++ b/rulefiles/linux/cracking.d/rlogind
@@ -0,0 +1 @@
+rlogind\[[0-9]+\]: Connection from [.0-9]+ on illegal port
diff --git a/rulefiles/linux/cracking.d/rsh b/rulefiles/linux/cracking.d/rsh
new file mode 100644
index 0000000..0510cdb
--- /dev/null
+++ b/rulefiles/linux/cracking.d/rsh
@@ -0,0 +1 @@
+rshd\[[0-9]+\]: Connection from [.0-9]+ on illegal port
diff --git a/rulefiles/linux/cracking.d/tftpd b/rulefiles/linux/cracking.d/tftpd
new file mode 100644
index 0000000..2e8fa02
--- /dev/null
+++ b/rulefiles/linux/cracking.d/tftpd
@@ -0,0 +1 @@
+tftpd\[[0-9]+\]: refused connect from
diff --git a/rulefiles/linux/cracking.d/uucico b/rulefiles/linux/cracking.d/uucico
new file mode 100644
index 0000000..10a76ac
--- /dev/null
+++ b/rulefiles/linux/cracking.d/uucico
@@ -0,0 +1 @@
+uucico\[[0-9]+\]: refused connect from
More information about the Logcheck-commits
mailing list