[Logcheck-commits] Hannes von Haugwitz: i.d.s/ssh: updated "subsystem request for sftp" rule
Hannes von Haugwitz
hvh-guest at alioth.debian.org
Sat May 4 05:17:28 UTC 2013
Module: logcheck
Branch: master
Commit: bfa269904d237f040e44559e920b0f57305a459b
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=bfa269904d237f040e44559e920b0f57305a459b
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date: Sat May 4 07:12:34 2013 +0200
i.d.s/ssh: updated "subsystem request for sftp" rule
closes: #706085
---
debian/changelog | 7 +++++++
rulefiles/linux/ignore.d.server/ssh | 2 +-
2 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 143d25c..4530430 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+logcheck (1.3.16) UNRELEASED; urgency=low
+
+ * ignore.d.server/ssh:
+ - updated "subsystem request for sftp" rule (closes: #706085)
+
+ -- Hannes von Haugwitz <hannes at vonhaugwitz.com> Sat, 04 May 2013 07:04:34 +0200
+
logcheck (1.3.15) unstable; urgency=low
[ Hannes von Haugwitz ]
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 890d20a..776cbb2 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -41,7 +41,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: refused connect from [:[:alnum:]._-]+ \([:[:alnum:].]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ (\[[:.[:xdigit:]]+\] )?failed - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: scanned from [:[:xdigit:].]+ with SSH-[.[:digit:]]+-SSH_Version_Mapper\. Don't panic\.$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp( by user [-_.[:alnum:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: syslogin_perform_logout: logout\(\) returned an error$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: warning: /etc/hosts\.(allow|deny), line [[:digit:]]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: warning: /etc/hosts\.(allow|deny), line [[:digit:]]+: host name/(name|address) mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
More information about the Logcheck-commits
mailing list