[Logcheck-devel] [PATCH] Adjusted proftpd "Data connection closed" rule to allow arbitrary usernames
Frédéric Brière
fbriere at fbriere.net
Thu Jan 24 08:44:46 UTC 2008
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/proftpd | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/proftpd b/rulefiles/linux/ignore.d.server/proftpd
index 430bed7..be1433f 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -10,6 +10,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) USER [-_.@[:alnum:]]+: no such user found from [.:_[:alnum:]-]+ \[[.:[:xdigit:]]+\] to [.:[:xdigit:]]+:[[:digit:]]{2,5}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Maximum login attempts \([[:digit:]]+\) exceeded$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) no such user '[-_.@[:alnum:]]+'$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) notice: user ftp: aborting transfer: Data connection closed\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+ \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) notice: user [-_.[:alnum:]]+: aborting transfer: Data connection closed\.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+( \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\))?(:| -) error setting IPV6_V6ONLY: Protocol not available$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+( \([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\))?(:| -) Preparing to chroot to directory '[-/._[:alnum:]]+'$
--
1.5.3.8
More information about the Logcheck-devel
mailing list