[Logcheck-commits] martin f. krafft: i.d.s/ssh: messages about invalid users can contain zero-length usernames
Martin F. Krafft
madduck at alioth.debian.org
Wed Jun 16 07:19:51 UTC 2010
Module: logcheck
Branch: master
Commit: da3c52a2726ed8fab022411ff9d7fdd8fbaac583
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=da3c52a2726ed8fab022411ff9d7fdd8fbaac583
Author: martin f. krafft <madduck at debian.org>
Date: Wed Jun 16 09:18:53 2010 +0200
i.d.s/ssh: messages about invalid users can contain zero-length usernames
Signed-off-by: martin f. krafft <madduck at debian.org>
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/ssh | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9096950..8015677 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ logcheck (1.3.11) UNRELEASED; urgency=low
* ignore.d.server/postfix:
- patch from Mathias Krause to address changes in policy-weightd log
message format.
+ * ignore.d.server/ssh:
+ - messages about invalid users can contain zero-length usernames.
-- Hannes von Haugwitz <hannes at vonhaugwitz.com> Mon, 14 Jun 2010 08:32:11 +0200
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 849f9fd..fcf044e 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -5,8 +5,8 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from ([:[:xdigit:].]+|UNKNOWN)+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Bad packet length [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Corrupted MAC on input\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (i(llegal|nvalid) user )?[^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]+ from ([:.[:xdigit:]]+|UNKNOWN)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (i(llegal|nvalid) user )?[^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+) port [[:digit:]]{1,5} ssh2?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Nasty PTR record "[:[:xdigit:].]+" is set up for [:[:xdigit:].]+, ignoring$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$
More information about the Logcheck-commits
mailing list