[Logcheck-commits] martin f. krafft: * ignore.d.server/ssh:

Martin F. Krafft madduck at alioth.debian.org
Tue Jun 24 18:02:23 UTC 2008 

Module: logcheck
Branch: master
Commit: 568bd3638c81831fa830902011714512167f3326
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=568bd3638c81831fa830902011714512167f3326

Author: martin f. krafft <madduck at debian.org>
Date:   Tue Jun 24 18:59:53 2008 +0100

* ignore.d.server/ssh:
  - ignore host-based auth logins; thanks to Tilman Koschnick
    (closes: #483214)

---

 debian/changelog                    |    3 +++
 rulefiles/linux/ignore.d.server/ssh |    2 +-
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 12e26ef..68e75a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,9 @@ logcheck (1.2.65) unstable; urgency=low
       to Daniel Hahler (closes: #484546).
   * ignore.d.server/spamd:
     - ignore child state K; thanks to Ross Boylan (closes: #484328).
+  * ignore.d.server/ssh:
+    - ignore host-based auth logins; thanks to Tilman Koschnick
+      (closes: #483214)
 
  -- martin f. krafft <madduck at debian.org>  Tue, 24 Jun 2008 18:56:26 +0100
 
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 30c0474..2123d6e 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -1,4 +1,4 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [0-9]+( (ssh|ssh2))?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$

More information about the Logcheck-commits mailing list