[Logcheck-commits] r1174 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Sun Jul 16 13:16:01 UTC 2006


Author: madduck
Date: 2006-07-16 13:15:59 +0000 (Sun, 16 Jul 2006)
New Revision: 1174

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore logins as invalid user which have
  a 'none' method.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-07-16 13:13:28 UTC (rev 1173)
+++ logcheck/trunk/debian/changelog	2006-07-16 13:15:59 UTC (rev 1174)
@@ -12,6 +12,8 @@
   * violations.ignore.d/logcheck-ssh: ignore also new-style "BREAK-IN"
     messages (with the hyphen) when it's a clear fake (IP maps to A, which does
     not map to IP).
+  * violations.ignore.d/logcheck-ssh: ignore logins as invalid user which have
+    a 'none' method.
   * ignore.d.server/postfix: improved filters for postfix 2.3 lmtp
     connections.
   * ignore.d.server/kernel: ignore interface link status changes. If they are
@@ -26,7 +28,7 @@
     - German, thanks to maximilian attems!
     - Japanese, thanks to Hideki Yamane!
 
- -- martin f. krafft <madduck at debian.org>  Sun, 16 Jul 2006 09:05:42 +0200
+ -- martin f. krafft <madduck at debian.org>  Sun, 16 Jul 2006 15:15:26 +0200
 
 logcheck (1.2.46) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-07-16 13:13:28 UTC (rev 1173)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-07-16 13:15:59 UTC (rev 1174)
@@ -8,4 +8,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: SASL authentication failure: Password verification failed$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password) for i(llegal|nvalid) user [-._[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-._[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$




More information about the Logcheck-commits mailing list