[Logcheck-commits] r1464 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Mon Jan 22 20:09:55 CET 2007
Author: madduck
Date: 2007-01-22 20:09:54 +0100 (Mon, 22 Jan 2007)
New Revision: 1464
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
* ignore.d.server/ssh: ignore messages about invalid users even with <!>'"
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-01-22 17:33:23 UTC (rev 1463)
+++ logcheck/trunk/debian/changelog 2007-01-22 19:09:54 UTC (rev 1464)
@@ -15,12 +15,12 @@
* ignore.d.server/openvpn: ignore messages related to client-side routes and
client-config-dir.
- * ignore.d.server/ssh: ignore messages about invalid users even with <!>
+ * ignore.d.server/ssh: ignore messages about invalid users even with <!>'"
characters in the usernames.
* ignore.d.server/ssh: ignore messages related to Allow/DenyUsers
(closes: #407009).
- -- martin f. krafft <madduck at debian.org> Sun, 21 Jan 2007 16:15:47 +0000
+ -- martin f. krafft <madduck at debian.org> Mon, 22 Jan 2007 19:09:40 +0000
logcheck (1.2.53) unstable; urgency=low
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-01-22 17:33:23 UTC (rev 1463)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-01-22 19:09:54 UTC (rev 1464)
@@ -14,8 +14,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-'"<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-'"<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
More information about the Logcheck-commits
mailing list