[Logcheck-commits] r1217 - in logcheck/trunk/rulefiles/linux:
ignore.d.server violations.ignore.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Wed Sep 13 16:52:30 UTC 2006
Author: madduck
Date: 2006-09-13 16:52:30 +0000 (Wed, 13 Sep 2006)
New Revision: 1217
Modified:
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
Log:
now caters for empty username
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2006-09-13 16:48:51 UTC (rev 1216)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2006-09-13 16:52:30 UTC (rev 1217)
@@ -14,7 +14,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2006-09-13 16:48:51 UTC (rev 1216)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-ssh 2006-09-13 16:52:30 UTC (rev 1217)
@@ -5,5 +5,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [-_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
More information about the Logcheck-commits
mailing list