[Logcheck-commits] martin f. krafft: Remove most messages from cracking.d/ logcheck and split up the remaining ones into separate files.

Martin F. Krafft madduck at alioth.debian.org
Wed Jul 30 06:24:30 UTC 2008 

Module: logcheck
Branch: viol-merge
Commit: 1e0b1e7b100bb2b97308e0cf605d1f9a80777855
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=1e0b1e7b100bb2b97308e0cf605d1f9a80777855

Author: martin f. krafft <madduck at debian.org>
Date:   Wed Jul 30 08:18:22 2008 +0200

Remove most messages from cracking.d/logcheck and split up the remaining ones into separate files.

---

 debian/changelog                    |    3 ++
 rulefiles/linux/cracking.d/kernel   |    1 +
 rulefiles/linux/cracking.d/logcheck |   43 -----------------------------------
 rulefiles/linux/cracking.d/rlogind  |    1 +
 rulefiles/linux/cracking.d/rsh      |    1 +
 rulefiles/linux/cracking.d/tftpd    |    1 +
 rulefiles/linux/cracking.d/uucico   |    1 +
 7 files changed, 8 insertions(+), 43 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3eccf78..95ba444 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ logcheck (1.3) unstable; urgency=low
   * Formalise the dropping of violations.d/logcheck. Please see
     /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information.
 
+  * Remove most messages from cracking.d/logcheck and split up the remaining
+    ones into separate files.
+
   * ignore.d.server/dovecot:
     - ignore connection closed messages.
     - ignore auth failure messages whe ruser and rip are known.
diff --git a/rulefiles/linux/cracking.d/kernel b/rulefiles/linux/cracking.d/kernel
new file mode 100644
index 0000000..d3fca2c
--- /dev/null
+++ b/rulefiles/linux/cracking.d/kernel
@@ -0,0 +1 @@
+kernel: Oversized packet received from
diff --git a/rulefiles/linux/cracking.d/logcheck b/rulefiles/linux/cracking.d/logcheck
deleted file mode 100644
index e6a4715..0000000
--- a/rulefiles/linux/cracking.d/logcheck
+++ /dev/null
@@ -1,43 +0,0 @@
-"wiz"
-"WIZ"
-"debug"
-"DEBUG"
-ATTACK
-nested
-VRFY bbs
-VRFY decode
-VRFY uudecode
-VRFY lp
-VRFY demo
-VRFY guest
-VRFY root
-VRFY uucp
-VRFY oracle
-VRFY sybase
-VRFY games
-vrfy bbs
-vrfy decode
-vrfy uudecode
-vrfy lp
-vrfy demo
-vrfy guest
-vrfy root
-vrfy uucp
-vrfy oracle
-vrfy sybase
-vrfy games
-expn decode
-expn uudecode
-expn wheel
-expn root
-EXPN decode
-EXPN uudecode
-EXPN wheel
-EXPN root
-rlogind\[[0-9]+\]: Connection from [.0-9]+ on illegal port
-rshd\[[0-9]+\]: Connection from [.0-9]+ on illegal port
-uucico\[[0-9]+\]: refused connect from
-tftpd\[[0-9]+\]: refused connect from
-kernel: Oversized packet received from
-attackalert
-attack
diff --git a/rulefiles/linux/cracking.d/rlogind b/rulefiles/linux/cracking.d/rlogind
new file mode 100644
index 0000000..072108d
--- /dev/null
+++ b/rulefiles/linux/cracking.d/rlogind
@@ -0,0 +1 @@
+rlogind\[[0-9]+\]: Connection from [.0-9]+ on illegal port
diff --git a/rulefiles/linux/cracking.d/rsh b/rulefiles/linux/cracking.d/rsh
new file mode 100644
index 0000000..0510cdb
--- /dev/null
+++ b/rulefiles/linux/cracking.d/rsh
@@ -0,0 +1 @@
+rshd\[[0-9]+\]: Connection from [.0-9]+ on illegal port
diff --git a/rulefiles/linux/cracking.d/tftpd b/rulefiles/linux/cracking.d/tftpd
new file mode 100644
index 0000000..2e8fa02
--- /dev/null
+++ b/rulefiles/linux/cracking.d/tftpd
@@ -0,0 +1 @@
+tftpd\[[0-9]+\]: refused connect from
diff --git a/rulefiles/linux/cracking.d/uucico b/rulefiles/linux/cracking.d/uucico
new file mode 100644
index 0000000..10a76ac
--- /dev/null
+++ b/rulefiles/linux/cracking.d/uucico
@@ -0,0 +1 @@
+uucico\[[0-9]+\]: refused connect from

More information about the Logcheck-commits mailing list