[Logcheck-commits] [logcheck] 01/01: i.d.s/ssh: add generic preauth disconnect rule
Hannes von Haugwitz
hvhaugwitz at moszumanska.debian.org
Tue Jan 10 22:06:52 UTC 2017
This is an automated email from the git hooks/post-receive script.
hvhaugwitz pushed a commit to branch master
in repository logcheck.
commit 420e724b6dc8e94ce969690af3cf7d2c9abdd5de
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Tue Jan 10 22:47:29 2017 +0100
i.d.s/ssh: add generic preauth disconnect rule
closes: #775090
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/ssh | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 5ed140f..4f0a9b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
+ * ignore.d.server/ssh:
+ - add generic preauth disconnect rule (closes: #775090)
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Wed, 16 Dec 2015 06:02:39 +0100
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 062f245..c842b68 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -14,7 +14,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git
More information about the Logcheck-commits
mailing list