[Logcheck-commits] =?UTF-8?Q?Fr=C3=A9d=C3=A9ric=20Bri=C3=A8re?=: i.d.s/ssh: updated " Postponed ..." rule with "[preauth]" suffix
Frédéric Brière
fbriere-guest at alioth.debian.org
Mon Jan 16 16:14:54 UTC 2012
Module: logcheck
Branch: master
Commit: 8919653e1b5eb182c7ba4b4d49c64e8eef79f6ae
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=8919653e1b5eb182c7ba4b4d49c64e8eef79f6ae
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Jan 15 20:05:18 2012 -0500
i.d.s/ssh: updated "Postponed ..." rule with "[preauth]" suffix
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/ssh | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 2c0ddc0..768a7b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ logcheck (1.3.15) UNRELEASED; urgency=low
- ignore "Bye Bye"
- ignore "Connection closed"
- ignore yet one more variation of "invalid user"
+ - updated "Postponed ..." rule with "[preauth]" suffix
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Fri, 16 Dec 2011 08:06:47 +0100
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 29587df..8d80d27 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -10,7 +10,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [^[:space:]]* \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Nasty PTR record "[:[:xdigit:].]+" is set up for [:[:xdigit:].]+, ignoring$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
More information about the Logcheck-commits
mailing list