[Logcheck-commits] r1186 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

maks-guest at users.alioth.debian.org maks-guest at users.alioth.debian.org
Thu Jul 20 09:01:52 UTC 2006 

Author: maks-guest
Date: 2006-07-20 09:01:51 +0000 (Thu, 20 Jul 2006)
New Revision: 1186

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
move to postfix rules to the postfix file


Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-07-20 08:45:21 UTC (rev 1185)
+++ logcheck/trunk/debian/changelog	2006-07-20 09:01:51 UTC (rev 1186)
@@ -4,10 +4,12 @@
     Thanks Paul Aurich <paul+debian at aurich.com> (closes: 378976)
   * Updated debconf translations:
     - fr.po (myself)
-    - nl.po thanks Frans Pop <elendil at planet.nl>
-    - it.po thanks Luca Monducci <luca.mo at tiscali.it>
+    - nl.po thanks Frans Pop <elendil at planet.nl> (closes: 377605)
+    - it.po thanks Luca Monducci <luca.mo at tiscali.it> (closes: 377874)
+  * violations.ignore.d/logcheck-ssh, violations.ignore.d/logcheck-postfix:
+    Move to postfix rules to the later. (closes: 377139)
 
- -- maximilian attems <maks at sternwelten.at>  Thu, 20 Jul 2006 10:41:35 +0200
+ -- maximilian attems <maks at sternwelten.at>  Thu, 20 Jul 2006 10:57:44 +0200
 
 logcheck (1.2.47) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-07-20 08:45:21 UTC (rev 1185)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-07-20 09:01:51 UTC (rev 1186)
@@ -27,3 +27,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access denied; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: SASL authentication failure: Password verification failed$

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-07-20 08:45:21 UTC (rev 1185)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-07-20 09:01:51 UTC (rev 1186)
@@ -4,8 +4,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: SASL authentication failure: Password verification failed$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-._[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$

More information about the Logcheck-commits mailing list