[Logcheck-commits] r1604 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Sat Jul 14 10:37:49 UTC 2007 

Author: madduck
Date: 2007-07-14 10:37:49 +0000 (Sat, 14 Jul 2007)
New Revision: 1604

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
  - ignore SSH-1.0-SSH_Version_Mapper scans.


Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2007-07-14 10:19:35 UTC (rev 1603)
+++ logcheck/trunk/debian/changelog	2007-07-14 10:37:49 UTC (rev 1604)
@@ -60,6 +60,7 @@
 
   * ignore.d.server/ssh:
     - ignore more characters in invalid/illegal usernames.
+    - ignore SSH-1.0-SSH_Version_Mapper scans.
 
   * ignore.d.server/bluez-utils:
     - ignore startup and connection messages.
@@ -77,7 +78,7 @@
   * Patch for log-summary-ssh by Justin Pryzby to ignore messages related to
     invalid users as well as illegal ones (closes: #422525).
 
- -- martin f. krafft <madduck at debian.org>  Sat, 14 Jul 2007 10:54:02 +0200
+ -- martin f. krafft <madduck at debian.org>  Sat, 14 Jul 2007 12:32:04 +0200
 
 logcheck (1.2.56) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh	2007-07-14 10:19:35 UTC (rev 1603)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh	2007-07-14 10:37:49 UTC (rev 1604)
@@ -27,3 +27,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification '[^']+' from ([:[:xdigit:].]+|UNKNOWN)+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because not listed in AllowUsers$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because listed in DenyUsers$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: scanned from [:[:xdigit:].]+ with SSH-[.[:digit:]]+-SSH_Version_Mapper\.  Don't panic\.$

More information about the Logcheck-commits mailing list