[Logcheck-commits] r1354 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Wed Nov 15 22:07:13 CET 2006


Author: madduck
Date: 2006-11-15 22:07:13 +0100 (Wed, 15 Nov 2006)
New Revision: 1354

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
* violations.ignore.d/logcheck-ssh: ignore authentication error messages by
  pam_unix: if there's no user name, the attempt is pathetically harmless
  anyway; if there's a username, sshd logs another message with more
  information.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-11-15 15:44:40 UTC (rev 1353)
+++ logcheck/trunk/debian/changelog	2006-11-15 21:07:13 UTC (rev 1354)
@@ -38,6 +38,10 @@
 
   * ignore.d.server/anacron: also ignore messages with exit status.
 
+  * violations.ignore.d/logcheck-ssh: ignore authentication error messages by
+    pam_unix: if there's no user name, the attempt is pathetically harmless
+    anyway; if there's a username, sshd logs another message with more
+    information.
   * ignore.d.server/ssh: ignore listening notices for all ports, not just 22.
 
   * ignore.d.server/ppp: filtering messages about connections to pppd.
@@ -95,7 +99,7 @@
 
   * ignore.d.server/ntp: ignore debug messages from signal_no_reset.
 
- -- martin f. krafft <madduck at debian.org>  Wed, 15 Nov 2006 16:39:27 +0100
+ -- martin f. krafft <madduck at debian.org>  Wed, 15 Nov 2006 22:06:10 +0100
 
 logcheck (1.2.50) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-11-15 15:44:40 UTC (rev 1353)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh	2006-11-15 21:07:13 UTC (rev 1354)
@@ -7,3 +7,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$




More information about the Logcheck-commits mailing list