[Logcheck-commits] [logcheck] 01/01: i.d.s/ssh: add generic preauth disconnect rule

Hannes von Haugwitz hvhaugwitz at moszumanska.debian.org
Tue Jan 10 22:06:52 UTC 2017 

This is an automated email from the git hooks/post-receive script.

hvhaugwitz pushed a commit to branch master
in repository logcheck.

commit 420e724b6dc8e94ce969690af3cf7d2c9abdd5de
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date:   Tue Jan 10 22:47:29 2017 +0100

    i.d.s/ssh: add generic preauth disconnect rule
    
    closes: #775090
---
 debian/changelog                    | 2 ++
 rulefiles/linux/ignore.d.server/ssh | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 5ed140f..4f0a9b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
     - remove duplicate xargs option (thanks to Sander Bos)
   * ignore.d.server/dhclient:
     - rewrite rules (LP: #1357880, closes: #809605)
+  * ignore.d.server/ssh:
+    - add generic preauth disconnect rule (closes: #775090)
 
  -- Hannes von Haugwitz <hannes at vonhaugwitz.com>  Wed, 16 Dec 2015 06:02:39 +0100
 
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 062f245..c842b68 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -14,7 +14,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git

More information about the Logcheck-commits mailing list