[Logcheck-commits] Gerfried Fuchs: Match for sshd:session additional to ssh:session

[Gerfried Fuchs]

Module: logcheck
Branch: master
Commit: 48edb66adb3066abd91b9b4942007f59fc3e0d16
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=48edb66adb3066abd91b9b4942007f59fc3e0d16

Author: Gerfried Fuchs <rhonda at debian.at>
Date:   Mon Sep 22 13:38:31 2008 +0200

Match for sshd:session additional to ssh:session

---

 debian/changelog                      |    4 +++-
 rulefiles/linux/ignore.d.paranoid/ssh |    4 ++--
 rulefiles/linux/ignore.d.server/ssh   |    4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index d32c0fa..335a29b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,10 @@ logcheck (1.3.2) experimental; urgency=low
     ordering by importence, thanks (closes: #499415)
   * Supress cron session closed messages too, thanks to Ferenc Wagner for
     noticing (closes: #499393)
+  * Match for sshd:session additional to ssh:session, noticed by Ferenc Wágner
+    (closes: #499561)
 
- -- Gerfried Fuchs <rhonda at debian.at>  Fri, 19 Sep 2008 13:03:06 +0200
+ -- Gerfried Fuchs <rhonda at debian.at>  Mon, 22 Sep 2008 13:38:19 +0200
 
 logcheck (1.3.1) experimental; urgency=low
 
diff --git a/rulefiles/linux/ignore.d.paranoid/ssh b/rulefiles/linux/ignore.d.paranoid/ssh
index 06c5416..d45a4ce 100644
--- a/rulefiles/linux/ignore.d.paranoid/ssh
+++ b/rulefiles/linux/ignore.d.paranoid/ssh
@@ -1,4 +1,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(ssh:session\): session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(ssh:session\): session closed for user [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 84dc6c0..0d115d8 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -27,8 +27,8 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: (Connection (timed out|reset by peer)|Broken pipe)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(ssh:session\): session closed for user [^[:space:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(ssh:session\): session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(ssh:[[:alnum:]]+\): check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(ssh:auth\): auth could not identify password for \[[-_.[:alnum:]]*\]$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (\(pam_unix\)|pam_unix\(sshd:auth\):) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$