[Logcheck-commits] martin f. krafft: ignore.d.server/ssh: ignore bad username warnings.

Martin F. Krafft madduck at alioth.debian.org
Mon Sep 1 10:14:12 UTC 2008 

Module: logcheck
Branch: master
Commit: 4526d3a62e686fd586acf3bc1eb49f34225d4179
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=4526d3a62e686fd586acf3bc1eb49f34225d4179

Author: martin f. krafft <madduck at debian.org>
Date:   Mon Sep  1 10:31:20 2008 +0100

ignore.d.server/ssh: ignore bad username warnings.

---

 debian/changelog                    |    2 ++
 rulefiles/linux/ignore.d.server/ssh |    1 +
 2 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e8c378a..d02d7f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ logcheck (1.3.1) experimental; urgency=low
       (see #493066).
   * ignore.d.server/postfix:
     - expect more IPv6 addresses in filters.
+  * ignore.d.server/ssh:
+    - ignore bad username warnings.
 
  -- martin f. krafft <madduck at debian.org>  Sun, 31 Aug 2008 20:31:51 +0100
 
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index f31a60c..84dc6c0 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -18,6 +18,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$

More information about the Logcheck-commits mailing list