[Logcheck-commits] Frédéric Brière : Updated ssh " authentication failure" rule to new pam_unix syntax (closes: #444470)
Frédéric Brière
fbriere-guest at alioth.debian.org
Mon Mar 17 01:01:02 UTC 2008
Module: logcheck
Branch: master
Commit: 037fed5fc268088bad1f17c885d9153ee800ec40
URL: http://git.debian.org/?p=logcheck/logcheck.git/?a=commit;h=037fed5fc268088bad1f17c885d9153ee800ec40
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Mar 16 20:58:46 2008 -0400
Updated ssh "authentication failure" rule to new pam_unix syntax (closes: #444470)
---
rulefiles/linux/violations.ignore.d/logcheck-ssh | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-ssh b/rulefiles/linux/violations.ignore.d/logcheck-ssh
index 5dbf494..56e5ed0 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-ssh
+++ b/rulefiles/linux/violations.ignore.d/logcheck-ssh
@@ -8,6 +8,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (i(llegal|nvalid) user )?[^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd:auth\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd: pam_unix\(ssh:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=[-_.:[:alnum:]]+ user=[-_.[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$
More information about the Logcheck-commits
mailing list