[Logcheck-commits] Frédéric Brière : ignore.d.server/openvpn: added "authentication succeeded' rule
Frédéric Brière
fbriere-guest at alioth.debian.org
Tue Aug 18 19:25:05 UTC 2009
Module: logcheck
Branch: master
Commit: 28dbb01316d77351968143a4d12a89cd14915a3a
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=28dbb01316d77351968143a4d12a89cd14915a3a
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Tue Aug 18 15:12:01 2009 -0400
ignore.d.server/openvpn: added "authentication succeeded' rule
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/openvpn | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 1d64ed9..96bb3e2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,7 @@ logcheck (1.3.4) experimental; urgency=low
* Dropped (now useless) ownership/permissions fixes on /var/lock/logcheck
* ignore.d.server/openvpn: match pathless ifconfig/route
* ignore.d.server/openvpn: match '.' and '_' in interface names
+ * ignore.d.server/openvpn: added "authentication succeeded' rule
-- Frédéric Brière <fbriere at fbriere.net> Mon, 17 Aug 2009 11:48:08 -0400
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index c6f03db..802bf64 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -53,6 +53,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? OPTIONS IMPORT: timers and/or timeouts modified$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? REMOVE PUSH ROUTE: 'route [.[:digit:]]{7,15} [.[:digit:]]{7,15}'$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Re-using (SSL/TLS context|pre-shared static key)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? TLS: Username/Password authentication succeeded for username '[^[:space:]]+' (\[CN SET\])?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? SIGUSR1\[soft,(ping-restart|connection-reset|tls-error)\] received, (process|client-instance) restarting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Fatal TLS error \(check_tls_errors_co\), restarting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? TLS Error: Received control packet from unexpected IP addr: [[:digit:].]{7,15}:[[:digit:]]+$
More information about the Logcheck-commits
mailing list