[Logcheck-commits] Jeremy L. Gaddis: i.d.s/ssh: added rule to ignore AllowGroups denial

Jeremy L. Gaddis jlgaddis-guest at alioth.debian.org
Wed Aug 17 03:04:17 UTC 2011 

Module: logcheck
Branch: master
Commit: 7f8efa8db7f475439faf3259c0de2b7a4546c376
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=7f8efa8db7f475439faf3259c0de2b7a4546c376

Author: Jeremy L. Gaddis <jlgaddis at gnu.org>
Date:   Tue Aug 16 22:08:59 2011 -0400

i.d.s/ssh: added rule to ignore AllowGroups denial

closes: #637923

---

 debian/changelog                    |    3 +++
 rulefiles/linux/ignore.d.server/ssh |    1 +
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3d080d7..e489895 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -75,6 +75,9 @@ logcheck (1.3.14) unstable; urgency=low
   * ignore.d.server/amavisd-new:
     - adjusted rule to match new output format, thanks to Adrian Lang
       (closes: #624197)
+  * ignore.d.server/ssh:
+    - add rule to ignore AllowGroups denial, thanks to Gerald Turner
+      (closes: #637923)
   * debian/copyright:
     - updated copyright year to 2011
     - added myself as team member
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index fcf044e..56bab98 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -16,6 +16,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$

More information about the Logcheck-commits mailing list