[Logcheck-commits] [logcheck] 01/01: i.d.s/ssh: allow new FingerprintHash format

[Hannes von Haugwitz]

This is an automated email from the git hooks/post-receive script.

hvhaugwitz pushed a commit to branch master
in repository logcheck.

commit 98b5f9fae604b1c6df3b1942d970a88b59892240
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date:   Sat Jan 14 11:31:24 2017 +0100

    i.d.s/ssh: allow new FingerprintHash format
    
    closes: #799304
---
 debian/changelog                    | 1 +
 rulefiles/linux/ignore.d.server/ssh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index ae3fee9..51cf6ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,7 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
     - add generic preauth disconnect rule (closes: #775090)
     - adjust 'Bad protocol version identification' rule, thanks to Paul
       for the patch (closes: #703936)
+    - allow new FingerprintHash format (closes: #799304)
   * ignore.d.server/su:
     - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 43907e2..8c169d9 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -1,4 +1,4 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) (SHA256:[0-9a-zA-Z\+/=]{43}|(MD5:)?([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^[:space:]]*' from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5}$

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git