[Logcheck-commits] r1214 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Wed Sep 13 16:32:39 UTC 2006
Author: madduck
Date: 2006-09-13 16:32:39 +0000 (Wed, 13 Sep 2006)
New Revision: 1214
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
* ignore.d.server/ssh: duplicate possible breakin messages from
violations.ignore.d.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2006-09-13 16:26:28 UTC (rev 1213)
+++ logcheck/trunk/debian/changelog 2006-09-13 16:32:39 UTC (rev 1214)
@@ -32,6 +32,8 @@
* ignore.d.server/postfix: also add msgid status messages by cleanup daemon.
* ignore.d.server/proftpd: fixed rule to ignore unknown user logins.
* ignore.d.server/spamd: fixed rule for config location message.
+ * ignore.d.server/ssh: duplicate possible breakin messages from
+ violations.ignore.d.
* ignore.d.server/kernel: partially undo link status message filter, now
only filters up messages, not the down ones. By nature of the link status,
the messages will come in pairs or not at all anyway.
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2006-09-13 16:26:28 UTC (rev 1213)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2006-09-13 16:32:39 UTC (rev 1214)
@@ -16,3 +16,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
More information about the Logcheck-commits
mailing list