[Logcheck-commits] Frédéric Brière : ignore.d.server/openvpn: added "authentication succeeded' rule

Tue Aug 18 19:25:05 UTC 2009

Module: logcheck
Branch: master
Commit: 28dbb01316d77351968143a4d12a89cd14915a3a
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=28dbb01316d77351968143a4d12a89cd14915a3a

Author: Frédéric Brière <fbriere at fbriere.net>
Date:   Tue Aug 18 15:12:01 2009 -0400

ignore.d.server/openvpn: added "authentication succeeded' rule

---

 debian/changelog                        |    1 +
 rulefiles/linux/ignore.d.server/openvpn |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 1d64ed9..96bb3e2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,7 @@ logcheck (1.3.4) experimental; urgency=low
   * Dropped (now useless) ownership/permissions fixes on /var/lock/logcheck
   * ignore.d.server/openvpn: match pathless ifconfig/route
   * ignore.d.server/openvpn: match '.' and '_' in interface names
+  * ignore.d.server/openvpn: added "authentication succeeded' rule
 
  -- Frédéric Brière <fbriere at fbriere.net>  Mon, 17 Aug 2009 11:48:08 -0400
 
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index c6f03db..802bf64 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -53,6 +53,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? OPTIONS IMPORT: timers and/or timeouts modified$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? REMOVE PUSH ROUTE: 'route [.[:digit:]]{7,15} [.[:digit:]]{7,15}'$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Re-using (SSL/TLS context|pre-shared static key)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? TLS: Username/Password authentication succeeded for username '[^[:space:]]+' (\[CN SET\])?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? SIGUSR1\[soft,(ping-restart|connection-reset|tls-error)\] received, (process|client-instance) restarting$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Fatal TLS error \(check_tls_errors_co\), restarting$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? TLS Error: Received control packet from unexpected IP addr: [[:digit:].]{7,15}:[[:digit:]]+$


