[Logcheck-devel] Bug#307585: ssh: background noise rules

Wed May 4 02:57:33 UTC 2005

Package: logcheck
Version: 1.2.39
Severity: wishlist

Hi,

With more and more Internet background radiation, entries like the
following:

sshd[26955]: Illegal user patrick from ::ffff:64.227.232.25
sshd[26862]: Failed password for illegal user rolo from ::ffff:64.227.232.25 port 3396 ssh2
sshd[26869]: error: Could not get shadow information for NOUSER

are fairly common.  It would be good if these log messages were filtered
out in the server install (there is another set of messages if the user
actually exists).

Thanks,
Anand

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-suspend
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages logcheck depends on:
ii  adduser          3.63                    Add and remove users and groups
ii  cron             3.0pl1-86               management of regular background p
ii  debconf [debconf 1.4.30.13               Debian configuration management sy
ii  debianutils      2.8.4                   Miscellaneous utilities specific t
ii  exim4            4.50-4                  metapackage to ease exim MTA (v4) 
ii  exim4-daemon-lig 4.50-4                  lightweight exim MTA (v4) daemon
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.39                  A database of system log rules for
ii  logtail          1.2.39                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii  sysklogd [system 1.4.1-16                System Logging Daemon

-- debconf information:
  logcheck/changes:
* logcheck/install-note: