[Logcheck-commits] r1494 - in logcheck/trunk: debian
rulefiles/linux/violations.ignore.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Sat Feb 10 17:45:14 CET 2007
Author: madduck
Date: 2007-02-10 17:45:13 +0100 (Sat, 10 Feb 2007)
New Revision: 1494
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
Log:
* violations.ignore.d/logcheck-proftpd: ignore warning about attempted root
logins.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-02-10 16:44:14 UTC (rev 1493)
+++ logcheck/trunk/debian/changelog 2007-02-10 16:45:13 UTC (rev 1494)
@@ -10,8 +10,11 @@
* violations.d/logcheck: elevate messages matching /violations/i.
- -- martin f. krafft <madduck at debian.org> Sat, 10 Feb 2007 16:43:44 +0000
+ * violations.ignore.d/logcheck-proftpd: ignore warning about attempted root
+ logins.
+ -- martin f. krafft <madduck at debian.org> Sat, 10 Feb 2007 16:44:46 +0000
+
logcheck (1.2.54) unstable; urgency=low
* ignore.d.server/dovecot: also ignore local logins, which are "secured",
Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd 2007-02-10 16:44:14 UTC (rev 1493)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd 2007-02-10 16:45:13 UTC (rev 1494)
@@ -2,3 +2,4 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - PAM\([-_.[:alnum:]]+\): Authentication failure\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - Connection from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] denied\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-._[:alnum:]]+ \(Login failed\): Limit access denies login$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - SECURITY VIOLATION: root login attempted\.$
More information about the Logcheck-commits
mailing list