[Logcheck-commits] r1592 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Fri Jul 13 12:41:29 UTC 2007
Author: madduck
Date: 2007-07-13 12:41:29 +0000 (Fri, 13 Jul 2007)
New Revision: 1592
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
ignore more characters in invalid/illegal usernames.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2007-07-13 12:41:26 UTC (rev 1591)
+++ logcheck/trunk/debian/changelog 2007-07-13 12:41:29 UTC (rev 1592)
@@ -48,12 +48,15 @@
* ignore.d.server/ikiwiki:
- first version of ikiwiki filters, hides rebuilds.
+ * ignore.d.server/ssh:
+ - ignore more characters in invalid/illegal usernames.
+
* Made dependency on logtail unversioned.
* Patch for log-summary-ssh by Justin Pryzby to ignore messages related to
invalid users as well as illegal ones (closes: #422525).
- -- martin f. krafft <madduck at debian.org> Fri, 13 Jul 2007 13:45:39 +0200
+ -- martin f. krafft <madduck at debian.org> Fri, 13 Jul 2007 13:49:40 +0200
logcheck (1.2.56) unstable; urgency=low
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-07-13 12:41:26 UTC (rev 1591)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2007-07-13 12:41:29 UTC (rev 1592)
@@ -14,8 +14,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-\'"@<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-\'"@<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-\'"@#$%^+<!>_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-\'"@#$%^+<!>._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
More information about the Logcheck-commits
mailing list