[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.paranoid

CVS User madduck logcheck-devel at lists.alioth.debian.org
Sat Jul 8 09:31:08 UTC 2006


Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid
In directory haydn:/tmp/cvs-serv17931/rulefiles/linux/ignore.d.paranoid

Modified Files:
	ssh 
Log Message:
  * jgnore.d.server/ssh, violations.ignore.d/logcheck-ssh: extended the regexp
    matching usernames to anything non-whitespace in filters about nonexistent
    users -- today someone tried to log in as '!@#$%^&*()_+' here!


--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/ssh	2005/11/07 14:41:06	1.3
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/ssh	2006/07/08 09:31:08	1.4
@@ -1,2 +1,2 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [^[:space:]]+$



More information about the Logcheck-commits mailing list