[Logcheck-commits] [logcheck] 01/01: i.d.s/ssh: match more disconnect messages
Hannes von Haugwitz
hvhaugwitz at moszumanska.debian.org
Wed Jan 25 21:07:40 UTC 2017
This is an automated email from the git hooks/post-receive script.
hvhaugwitz pushed a commit to branch master
in repository logcheck.
commit f9f5ead6dde5c9487d0d7655d85b2a400571b5c3
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Wed Jan 25 22:02:38 2017 +0100
i.d.s/ssh: match more disconnect messages
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/ssh | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 20461c0..d5b03b4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,7 @@ logcheck (1.3.18) UNRELEASED; urgency=medium
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'ED25519' key type, thanks to Ayke van Laethem for the patch
+ - match more disconnect messages
* ignore.d.server/su:
- allow '.' and '_' in username (closes: #780441)
* ignore.d.server/rsync:
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 1328699..92a9ac1 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -13,10 +13,11 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]+:)11: (disconnected by user|Closed due to user request\.)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git
More information about the Logcheck-commits
mailing list