[Logcheck-commits] martin f. krafft: ignore.d.server/ssh: ignore bad username warnings.
Martin F. Krafft
madduck at alioth.debian.org
Mon Sep 1 10:14:12 UTC 2008
Module: logcheck
Branch: master
Commit: 4526d3a62e686fd586acf3bc1eb49f34225d4179
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=4526d3a62e686fd586acf3bc1eb49f34225d4179
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 1 10:31:20 2008 +0100
ignore.d.server/ssh: ignore bad username warnings.
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/ssh | 1 +
2 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e8c378a..d02d7f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ logcheck (1.3.1) experimental; urgency=low
(see #493066).
* ignore.d.server/postfix:
- expect more IPv6 addresses in filters.
+ * ignore.d.server/ssh:
+ - ignore bad username warnings.
-- martin f. krafft <madduck at debian.org> Sun, 31 Aug 2008 20:31:51 +0100
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index f31a60c..84dc6c0 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -18,6 +18,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: User not known to the underlying authentication module for i(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$
More information about the Logcheck-commits
mailing list