[Logcheck-commits] Hanspeter Kunz: ignore.d.server/ssh: ignore pam_unix(sshd:auth) user unknown messages
Hanspeter Kunz
hp-guest at alioth.debian.org
Sat Aug 1 12:06:24 UTC 2009
Module: logcheck
Branch: master
Commit: bec70d0a09c4847e4c33c586718820a99e589b76
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=bec70d0a09c4847e4c33c586718820a99e589b76
Author: Hanspeter Kunz <hkunz at ifi.uzh.ch>
Date: Sat Aug 1 14:02:25 2009 +0200
ignore.d.server/ssh: ignore pam_unix(sshd:auth) user unknown messages
---
debian/changelog | 4 +++-
rulefiles/linux/ignore.d.server/ssh | 6 +++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 18ea427..46bb981 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,8 +10,10 @@ logcheck (1.3.3) experimental; urgency=low
- ignore complaints on mails with no initial from line
* ignore.d.server/postfix
- ignore more undeliverable mail messages (unknown in virtual alias table)
+ * ignore.d.server/ssh
+ - ignore pam_unix(sshd:auth) user unknown messages
- -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Sat, 01 Aug 2009 13:32:26 +0200
+ -- Hanspeter Kunz <hkunz at ifi.uzh.ch> Sat, 01 Aug 2009 13:57:49 +0200
logcheck (1.3.2) experimental; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 0d115d8..8c64c95 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -29,9 +29,9 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(ssh:[[:alnum:]]+\): check pass; user unknown$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(ssh:auth\): auth could not identify password for \[[-_.[:alnum:]]*\]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (\(pam_unix\)|pam_unix\(sshd:auth\):) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd?:[[:alnum:]]+\): check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd?:auth\): auth could not identify password for \[[-_.[:alnum:]]*\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (\(pam_unix\)|pam_unix\(sshd?:auth\):) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=[^[:space:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: refused connect from [:[:alnum:]._-]+ \([:[:alnum:].]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ (\[[:.[:xdigit:]]+\] )?failed - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: scanned from [:[:xdigit:].]+ with SSH-[.[:digit:]]+-SSH_Version_Mapper\. Don't panic\.$
More information about the Logcheck-commits
mailing list