[Logcheck-commits] Hannes von Haugwitz: i.d.s/dropbear: ignore successful password logins
Hannes von Haugwitz
hvh-guest at alioth.debian.org
Sat Jun 30 13:39:04 UTC 2012
Module: logcheck
Branch: master
Commit: 9f502ff716af20d7fdc3215542071807fe57cb71
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=9f502ff716af20d7fdc3215542071807fe57cb71
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Sat Jun 30 15:26:40 2012 +0200
i.d.s/dropbear: ignore successful password logins
---
rulefiles/linux/ignore.d.server/dropbear | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/dropbear b/rulefiles/linux/ignore.d.server/dropbear
index d76e1e8..9a7e52d 100644
--- a/rulefiles/linux/ignore.d.server/dropbear
+++ b/rulefiles/linux/ignore.d.server/dropbear
@@ -1,3 +1,4 @@
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dropbear\[[[:digit:]]+\]: Child connection from [.:[:xdigit:]]+:[[:digit:]]+$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dropbear\[[[:digit:]]+\]: pubkey auth succeeded for '[[:alnum:]-]+' with key md5 ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2} from [.:[:xdigit:]]+:[[:digit:]]+$
+^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dropbear\[[[:digit:]]+\]: password auth succeeded for '[[:alnum:]-]+' from [.:[:xdigit:]]+:[[:digit:]]+$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dropbear\[[[:digit:]]+\]: exit after auth \([[:alnum:]-]+\): Exited normally$
More information about the Logcheck-commits
mailing list