[Logcheck-commits] CVS logcheck/rulefiles/linux/violations.ignore.d
CVS User madduck
logcheck-devel at lists.alioth.debian.org
Wed Jul 5 21:37:01 UTC 2006
Update of /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d
In directory haydn:/tmp/cvs-serv11055/rulefiles/linux/violations.ignore.d
Modified Files:
logcheck-ssh
Log Message:
* ignore.d.server/ssh, violations.ignore.d/logcheck-ssh: ignore login
attempts for nonexistent accounts (closes: #376462).
--- /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-ssh 2006/07/04 22:47:36 1.6
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-ssh 2006/07/05 21:37:01 1.7
@@ -6,3 +6,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection timed out$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: SASL authentication failure: Password verification failed$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password) for i(llegal|nvalid) user [-._[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
More information about the Logcheck-commits
mailing list