[Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d

CVS User madduck logcheck-devel at lists.alioth.debian.org
Wed Jul 5 21:37:01 UTC 2006


Update of /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d
In directory haydn:/tmp/cvs-serv11055/rulefiles/linux/violations.ignore.d

Modified Files:
	logcheck-ssh 
Log Message:
   * ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: ignore login
     attempts for nonexistent accounts (closes: #376462).


--- /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006/07/04 22:47:36	1.6
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006/07/05 21:37:01	1.7
@@ -6,3 +6,6 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection timed out$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: SASL authentication failure: Password verification failed$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password) for i(llegal|nvalid) user [-._[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$



More information about the Logcheck-commits mailing list