[Logcheck-commits] [logcheck] 01/01: i.d.s/openvpn: match arbitrary mtu sizes
Hannes von Haugwitz
hvhaugwitz at moszumanska.debian.org
Sun Jan 22 19:22:03 UTC 2017
This is an automated email from the git hooks/post-receive script.
hvhaugwitz pushed a commit to branch master
in repository logcheck.
commit a06e5b25a2e9dac58f69ba39d0bfcdf0bf0fb4e7
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Sun Jan 22 20:20:13 2017 +0100
i.d.s/openvpn: match arbitrary mtu sizes
closes: #815755
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/openvpn | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index fde5c96..e0c9b02 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,6 +34,8 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
* ignore.d.server/bind:
- match domain name in query message, thanks to Wojciech Nizinski
for the patch
+ * ignore.d.server/openvpn:
+ - match arbitrary mtu sizes (closes: #815755)
* debian/control:
- add alternate dependency on cron-daemon, thanks to Felix Zielcke for the
patch (closes: #786815)
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index 2b4bfd6..a58948f 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -74,7 +74,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? TLS: tls_process: killed expiring key$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY (SCRIPT )?OK: depth=[[:digit:]]+, /[-:_./=@[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY SCRIPT OK: depth=[[:digit:]]+, /(CN|O)=.+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? WARNING: Bad encapsulated packet length from peer \([[:digit:]]+\), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- \[Attempt?ing restart\.\.\.\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? WARNING: Bad encapsulated packet length from peer \([[:digit:]]+\), which must be > 0 and <= [[:digit:]]+ -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- \[Attempt?ing restart\.\.\.\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \[[-_.[:alnum:]]+\])? Inactivity timeout \(--ping-restart\), restarting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})?( \[[-._[:alnum:]]+\])?)? Peer Connection Initiated with [[:digit:].]{7,15}:[[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Replay-window backtrack occurred \[[[:digit:]]+\]$
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git
More information about the Logcheck-commits
mailing list