[Logcheck-commits] martin f. krafft: ignore.d.server/proftpd: ignore when proftpd barfs all over syslog when a passive transfer failed.
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 19:24:20 UTC 2008
Module: logcheck
Branch: master
Commit: 4ee0b5ea159d75a7646aeb0ca570cf27213b739b
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=4ee0b5ea159d75a7646aeb0ca570cf27213b739b
Author: martin f. krafft <madduck at debian.org>
Date: Sun Aug 31 19:16:04 2008 +0100
ignore.d.server/proftpd: ignore when proftpd barfs all over syslog when a passive transfer failed.
---
debian/changelog | 3 +++
rulefiles/linux/ignore.d.server/proftpd | 3 +++
2 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a96ad83..cc1b55c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -50,6 +50,9 @@ logcheck (1.3) unstable; urgency=low
- ignore restarts due to fatal TLS errors.
- ignore replay-window backtrack warnings.
- ignore connection reset messages with negative status (?) numbers.
+ * ignore.d.server/proftpd:
+ - ignore when proftpd barfs all over syslog when a passive transfer
+ failed.
* Rulefiles are now installed with mode 644; the directories are still moe
700, so the files are not publicly readable (unless the admin hardlinks
diff --git a/rulefiles/linux/ignore.d.server/proftpd b/rulefiles/linux/ignore.d.server/proftpd
index 94a74fa..ee1efba 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -18,3 +18,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Connection from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] denied\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) PAM\([-_.[:alnum:]]+\): Authentication failure\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) SECURITY VIOLATION: root login attempted\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Passive data transfer failed, possibly due to network issues$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Check your PassivePorts and MasqueradeAddress settings,$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) and any router, NAT, and firewall rules in the network path\.$
More information about the Logcheck-commits
mailing list