[Logcheck-commits] Frédéric Brière : Correctly added "@" to proftpd "no such user" rule

[Frédéric Brière]

Module: logcheck
Branch: master
Commit: 235ac1f89402de63832af0cf73fdc7a7b9103dc8
URL:    http://git.debian.org/?p=logcheck/logcheck.git/?a=commit;h=235ac1f89402de63832af0cf73fdc7a7b9103dc8

Author: Frédéric Brière <fbriere at fbriere.net>
Date:   Fri Mar 14 19:51:02 2008 -0400

Correctly added "@" to proftpd "no such user" rule

This fixes a mistake that occurred when applying the patch that created
456aef8691bbf408b7884896676ee59520bcc6a1.

---

 rulefiles/linux/ignore.d.server/proftpd |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/rulefiles/linux/ignore.d.server/proftpd b/rulefiles/linux/ignore.d.server/proftpd
index 356f3ff..09468e0 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -7,7 +7,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) ANON (anonymous|ftp): Login successful.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) mod_delay/[0-9.]+: delaying for [0-9]+ usecs$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) FTP ((login|session) timed out|no transfer timeout), disconnected$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) USER [-_.[:alnum:]]+: no such user found from [.:_@[:alnum:]-]+ \[[.:[:xdigit:]]+\] to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) USER [-_.@[:alnum:]]+: no such user found from [.:_[:alnum:]-]+ \[[.:[:xdigit:]]+\] to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Maximum login attempts \([[:digit:]]+\) exceeded$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) no such user '[-_.@[:alnum:]]+'$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) notice: user [-_.[:alnum:]]+: aborting transfer: Data connection closed\.