[Logcheck-commits] r1165 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

[madduck at users.alioth.debian.org]

Author: madduck
Date: 2006-07-11 11:26:29 +0000 (Tue, 11 Jul 2006)
New Revision: 1165

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN"
  messages (with the hyphen) when it's a clear fake (IP maps to A, which does
  not map to IP).

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-07-11 11:24:46 UTC (rev 1164)
+++ logcheck/trunk/debian/changelog	2006-07-11 11:26:29 UTC (rev 1165)
@@ -19,8 +19,11 @@
     messages.
   * ignore.d.server/postfix: improved filters for postfix 2.3 lmtp
     connections.
+  * violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN"
+    messages (with the hyphen) when it's a clear fake (IP maps to A, which does
+    not map to IP).
 
- -- martin f. krafft <madduck at debian.org>  Tue, 11 Jul 2006 13:24:27 +0200
+ -- martin f. krafft <madduck at debian.org>  Tue, 11 Jul 2006 13:25:34 +0200
 
 logcheck (1.2.46) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-07-11 11:24:46 UTC (rev 1164)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-07-11 11:26:29 UTC (rev 1165)
@@ -1,7 +1,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$