[Logcheck-devel] Bug#307585: ssh: background noise rules
Anand Kumria
wildfire at progsoc.org
Wed May 4 02:57:33 UTC 2005
Package: logcheck
Version: 1.2.39
Severity: wishlist
Hi,
With more and more Internet background radiation, entries like the
following:
sshd[26955]: Illegal user patrick from ::ffff:64.227.232.25
sshd[26862]: Failed password for illegal user rolo from ::ffff:64.227.232.25 port 3396 ssh2
sshd[26869]: error: Could not get shadow information for NOUSER
are fairly common. It would be good if these log messages were filtered
out in the server install (there is another set of messages if the user
actually exists).
Thanks,
Anand
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-suspend
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Versions of packages logcheck depends on:
ii adduser 3.63 Add and remove users and groups
ii cron 3.0pl1-86 management of regular background p
ii debconf [debconf 1.4.30.13 Debian configuration management sy
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii exim4 4.50-4 metapackage to ease exim MTA (v4)
ii exim4-daemon-lig 4.50-4 lightweight exim MTA (v4) daemon
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.39 A database of system log rules for
ii logtail 1.2.39 Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii sysklogd [system 1.4.1-16 System Logging Daemon
-- debconf information:
logcheck/changes:
* logcheck/install-note:
More information about the Logcheck-devel
mailing list