[Logcheck-commits] r1432 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

[madduck at users.alioth.debian.org]

Author: madduck
Date: 2007-01-10 18:44:15 +0100 (Wed, 10 Jan 2007)
New Revision: 1432

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* ignore.d.server/dovecot: ignore disconnection messages after login too.
* violation.ignore.d/ssh: ignore messages about illegal users with IPs
  reverse resolved too.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2007-01-10 17:42:25 UTC (rev 1431)
+++ logcheck/trunk/debian/changelog	2007-01-10 17:44:15 UTC (rev 1432)
@@ -24,10 +24,13 @@
   * ignore.d.server/pdns: ignore message about . zone refreshes.
 
   * ignore.d.server/spamd: ignore logger and server pid info messages.
+
+  * ignore.d.server/dovecot: ignore disconnection messages after login too.
   
-  * ignore.d.server/dovecot: ignore disconnection messages after login too.
+  * violation.ignore.d/ssh: ignore messages about illegal users with IPs
+    reverse resolved too.
 
- -- martin f. krafft <madduck at debian.org>  Wed, 10 Jan 2007 18:42:01 +0100
+ -- martin f. krafft <madduck at debian.org>  Wed, 10 Jan 2007 18:43:39 +0100
 
 logcheck (1.2.52) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2007-01-10 17:42:25 UTC (rev 1431)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2007-01-10 17:44:15 UTC (rev 1432)
@@ -4,8 +4,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$