[Logcheck-commits] r1494 - in logcheck/trunk: debian rulefiles/linux/violations.ignore.d

Sat Feb 10 17:45:14 CET 2007

Author: madduck
Date: 2007-02-10 17:45:13 +0100 (Sat, 10 Feb 2007)
New Revision: 1494

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
Log:
* violations.ignore.d/logcheck-proftpd: ignore warning about attempted root
  logins.

Modified: logcheck/trunk/debian/changelog
===================================================================

--- logcheck/trunk/debian/changelog	2007-02-10 16:44:14 UTC (rev 1493)
+++ logcheck/trunk/debian/changelog	2007-02-10 16:45:13 UTC (rev 1494)
@@ -10,8 +10,11 @@
 
   * violations.d/logcheck: elevate messages matching /violations/i.
 
- -- martin f. krafft <madduck at debian.org>  Sat, 10 Feb 2007 16:43:44 +0000
+  * violations.ignore.d/logcheck-proftpd: ignore warning about attempted root
+    logins.
 
+ -- martin f. krafft <madduck at debian.org>  Sat, 10 Feb 2007 16:44:46 +0000
+
 logcheck (1.2.54) unstable; urgency=low
 
   * ignore.d.server/dovecot: also ignore local logins, which are "secured",

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd	2007-02-10 16:44:14 UTC (rev 1493)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-proftpd	2007-02-10 16:45:13 UTC (rev 1494)
@@ -2,3 +2,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - PAM\([-_.[:alnum:]]+\): Authentication failure\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - Connection from [._[:alnum:]-]+ \[[.:[:xdigit:]]+\] denied\.$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - USER [-._[:alnum:]]+ \(Login failed\): Limit access denies login$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]{1,5}\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[.:[:xdigit:]]+\]\) - SECURITY VIOLATION: root login attempted\.$


