[Logcheck-commits] [logcheck] 01/01: ignore.d.server/ssh: match 'ED25519' key type

Sun Jan 22 22:04:23 UTC 2017

This is an automated email from the git hooks/post-receive script.

hvhaugwitz pushed a commit to branch master
in repository logcheck.

commit 4e44220f36fb643dd43d5bdd0fdaa863785b8d0c
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date:   Sun Jan 22 22:59:06 2017 +0100

    ignore.d.server/ssh: match 'ED25519' key type
---
 debian/changelog                    | 1 +
 rulefiles/linux/ignore.d.server/ssh | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 564f8a0..d6f7dc7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,7 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
     - adjust 'Bad protocol version identification' rule, thanks to
       Paul Brossier for the patch (closes: #703936)
     - allow new FingerprintHash format (closes: #799304)
+    - match 'ED25519' key type, thanks to Ayke van Laethem for the patch
   * ignore.d.server/su:
     - allow '.' and '_' in username (closes: #780441)
   * ignore.d.server/rsync:
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 8c169d9..1328699 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -1,4 +1,4 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) (SHA256:[0-9a-zA-Z\+/=]{43}|(MD5:)?([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA|ED25519) (SHA256:[0-9a-zA-Z\+/=]{43}|(MD5:)?([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^[:space:]]*' from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5}$

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git

