[Logcheck-commits] r1165 - in logcheck/trunk: debian
rulefiles/linux/violations.ignore.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Tue Jul 11 11:26:30 UTC 2006
Author: madduck
Date: 2006-07-11 11:26:29 +0000 (Tue, 11 Jul 2006)
New Revision: 1165
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN"
messages (with the hyphen) when it's a clear fake (IP maps to A, which does
not map to IP).
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2006-07-11 11:24:46 UTC (rev 1164)
+++ logcheck/trunk/debian/changelog 2006-07-11 11:26:29 UTC (rev 1165)
@@ -19,8 +19,11 @@
messages.
* ignore.d.server/postfix: improved filters for postfix 2.3 lmtp
connections.
+ * violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN"
+ messages (with the hyphen) when it's a clear fake (IP maps to A, which does
+ not map to IP).
- -- martin f. krafft <madduck at debian.org> Tue, 11 Jul 2006 13:24:27 +0200
+ -- martin f. krafft <madduck at debian.org> Tue, 11 Jul 2006 13:25:34 +0200
logcheck (1.2.46) unstable; urgency=low
Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2006-07-11 11:24:46 UTC (rev 1164)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2006-07-11 11:26:29 UTC (rev 1165)
@@ -1,7 +1,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts.deny, line [0-9]+: host name/name mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$
More information about the Logcheck-commits
mailing list