[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.server
CVS User madduck
logcheck-devel at lists.alioth.debian.org
Sat Jul 8 09:31:08 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server
In directory haydn:/tmp/cvs-serv17931/rulefiles/linux/ignore.d.server
Modified Files:
ssh
Log Message:
* jgnore.d.server/ssh, violations.ignore.d/logcheck-ssh: extended the regexp
matching usernames to anything non-whitespace in filters about nonexistent
users -- today someone tried to log in as '!@#$%^&*()_+' here!
--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh 2006/07/07 20:33:09 1.19
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/ssh 2006/07/08 09:31:08 1.20
@@ -14,5 +14,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
More information about the Logcheck-commits
mailing list