[Logcheck-commits] r1432 - in logcheck/trunk: debian
rulefiles/linux/violations.ignore.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Wed Jan 10 18:44:15 CET 2007
Author: madduck
Date: 2007-01-10 18:44:15 +0100 (Wed, 10 Jan 2007)
New Revision: 1432
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* ignore.d.server/dovecot: ignore disconnection messages after login too.
* violation.ignore.d/ssh: ignore messages about illegal users with IPs
reverse resolved too.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-01-10 17:42:25 UTC (rev 1431)
+++ logcheck/trunk/debian/changelog 2007-01-10 17:44:15 UTC (rev 1432)
@@ -24,10 +24,13 @@
* ignore.d.server/pdns: ignore message about . zone refreshes.
* ignore.d.server/spamd: ignore logger and server pid info messages.
+
+ * ignore.d.server/dovecot: ignore disconnection messages after login too.
- * ignore.d.server/dovecot: ignore disconnection messages after login too.
+ * violation.ignore.d/ssh: ignore messages about illegal users with IPs
+ reverse resolved too.
- -- martin f. krafft <madduck at debian.org> Wed, 10 Jan 2007 18:42:01 +0100
+ -- martin f. krafft <madduck at debian.org> Wed, 10 Jan 2007 18:43:39 +0100
logcheck (1.2.52) unstable; urgency=low
Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2007-01-10 17:42:25 UTC (rev 1431)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2007-01-10 17:44:15 UTC (rev 1432)
@@ -4,8 +4,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$
More information about the Logcheck-commits
mailing list