[Logcheck-commits] Jeremy L. Gaddis: i.d.s/ssh: added rule to ignore AllowGroups denial
Jeremy L. Gaddis
jlgaddis-guest at alioth.debian.org
Wed Aug 17 03:04:17 UTC 2011
Module: logcheck
Branch: master
Commit: 7f8efa8db7f475439faf3259c0de2b7a4546c376
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=7f8efa8db7f475439faf3259c0de2b7a4546c376
Author: Jeremy L. Gaddis <jlgaddis at gnu.org>
Date: Tue Aug 16 22:08:59 2011 -0400
i.d.s/ssh: added rule to ignore AllowGroups denial
closes: #637923
---
debian/changelog | 3 +++
rulefiles/linux/ignore.d.server/ssh | 1 +
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3d080d7..e489895 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -75,6 +75,9 @@ logcheck (1.3.14) unstable; urgency=low
* ignore.d.server/amavisd-new:
- adjusted rule to match new output format, thanks to Adrian Lang
(closes: #624197)
+ * ignore.d.server/ssh:
+ - add rule to ignore AllowGroups denial, thanks to Gerald Turner
+ (closes: #637923)
* debian/copyright:
- updated copyright year to 2011
- added myself as team member
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index fcf044e..56bab98 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -16,6 +16,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
More information about the Logcheck-commits
mailing list