[Logcheck-commits] Gerfried Fuchs: Match for sshd:session additional to ssh:session
Gerfried Fuchs
alfie at alioth.debian.org
Mon Sep 22 11:38:52 UTC 2008
Module: logcheck
Branch: master
Commit: 48edb66adb3066abd91b9b4942007f59fc3e0d16
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=48edb66adb3066abd91b9b4942007f59fc3e0d16
Author: Gerfried Fuchs <rhonda at debian.at>
Date: Mon Sep 22 13:38:31 2008 +0200
Match for sshd:session additional to ssh:session
---
debian/changelog | 4 +++-
rulefiles/linux/ignore.d.paranoid/ssh | 4 ++--
rulefiles/linux/ignore.d.server/ssh | 4 ++--
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index d32c0fa..335a29b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,10 @@ logcheck (1.3.2) experimental; urgency=low
ordering by importence, thanks (closes: #499415)
* Supress cron session closed messages too, thanks to Ferenc Wagner for
noticing (closes: #499393)
+ * Match for sshd:session additional to ssh:session, noticed by Ferenc Wágner
+ (closes: #499561)
- -- Gerfried Fuchs <rhonda at debian.at> Fri, 19 Sep 2008 13:03:06 +0200
+ -- Gerfried Fuchs <rhonda at debian.at> Mon, 22 Sep 2008 13:38:19 +0200
logcheck (1.3.1) experimental; urgency=low
diff --git a/rulefiles/linux/ignore.d.paranoid/ssh b/rulefiles/linux/ignore.d.paranoid/ssh
index 06c5416..d45a4ce 100644
--- a/rulefiles/linux/ignore.d.paranoid/ssh
+++ b/rulefiles/linux/ignore.d.paranoid/ssh
@@ -1,4 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(ssh:session\): session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(ssh:session\): session closed for user [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 84dc6c0..0d115d8 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -27,8 +27,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: (Connection (timed out|reset by peer)|Broken pipe)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(ssh:session\): session closed for user [^[:space:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(ssh:session\): session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(ssh:[[:alnum:]]+\): check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(ssh:auth\): auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (\(pam_unix\)|pam_unix\(sshd:auth\):) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
More information about the Logcheck-commits
mailing list