[Logcheck-commits] =?UTF-8?Q?Fr=C3=A9d=C3=A9ric=20Bri=C3=A8re?=: i.d.proftpd: ignore " authentication failure" even if ruser is provided
Frédéric Brière
fbriere-guest at alioth.debian.org
Mon Jan 16 16:14:55 UTC 2012
Module: logcheck
Branch: master
Commit: 1ed671f484a79d3b9792bfe3f83f5dcb4f427110
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=1ed671f484a79d3b9792bfe3f83f5dcb4f427110
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Jan 15 21:38:28 2012 -0500
i.d.proftpd: ignore "authentication failure" even if ruser is provided
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/proftpd | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index b5aa2b3..90f8b84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ logcheck (1.3.15) UNRELEASED; urgency=low
- ignore successful logins (closes: #652148)
[ Frédéric Brière ]
+ * ignore.d.server/proftpd:
+ - ignore "authentication failure" even if ruser is provided
* ignore.d.server/ssh:
- ignore "PAM $n more authentication failures"
- ignore "Too many authentication failures"
diff --git a/rulefiles/linux/ignore.d.server/proftpd b/rulefiles/linux/ignore.d.server/proftpd
index ee1efba..9ece43a 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -1,7 +1,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service proftpd$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=[-_.:[:alnum:]]+ user=[-_.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: \(pam_unix\) session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[[:digit:]]+\))?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: pam_unix\(proftpd:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=[-_.:[:alnum:]]+ user=[-_.[:alnum:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: pam_unix\(proftpd:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty= ruser=[-_.[:alnum:]]* rhost=[-_.:[:alnum:]]+ user=[-_.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd: pam_unix\(proftpd:session\): session (opened|closed) for user [._[:alnum:]-]+( by \(uid=[[:digit:]]+\))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) (USER [._[:alnum:]-]+|ANON (anonymous|ftp)): Limit access denies login\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) USER [-._[:alnum:]]+ \(Login failed\): (Limit access denies login|Incorrect password\.)$
More information about the Logcheck-commits
mailing list