[Logcheck-commits] martin f. krafft: ignore replay-window backtrack warnings.
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 19:24:19 UTC 2008
Module: logcheck
Branch: master
Commit: 8db8d7a63e7ed1a70b5a5730c619441940d905d3
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=8db8d7a63e7ed1a70b5a5730c619441940d905d3
Author: martin f. krafft <madduck at debian.org>
Date: Sun Aug 31 19:04:10 2008 +0100
ignore replay-window backtrack warnings.
---
debian/changelog | 1 +
rulefiles/linux/ignore.d.server/openvpn | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index ade3bb9..a4557d7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -45,6 +45,7 @@ logcheck (1.3) unstable; urgency=low
- ignore messages about clients reconnecting and dropping previous active
connections.
- ignore restarts due to fatal TLS errors.
+ - ignore replay-window backtrack warnings.
* Rulefiles are now installed with mode 644; the directories are still moe
700, so the files are not publicly readable (unless the admin hardlinks
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index 2f80089..a6611be 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -76,3 +76,4 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? WARNING: Bad encapsulated packet length from peer \([[:digit:]]+\), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- \[Attempt?ing restart\.\.\.\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \[[-_.[:alnum:]]+\])? Inactivity timeout \(--ping-restart\), restarting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})?( \[[-._[:alnum:]]+\])?)? Peer Connection Initiated with [[:digit:].]{7,15}:[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Replay-window backtrack occurred \[[[:digit:]]+\]$
More information about the Logcheck-commits
mailing list