diff options
| author | Hendrik Jaeger <git-commit@henk.geekmail.org> | 2021-03-15 20:26:23 +0100 |
|---|---|---|
| committer | Hendrik Jaeger <git-commit@henk.geekmail.org> | 2021-03-15 20:26:23 +0100 |
| commit | 28cc19bc284c38c50c3c7a0944d7920277c9f089 (patch) | |
| tree | a5bdd6795ee3210368c9bf672e12787d41557cb5 | |
| parent | 73042bae6610cfdd8f01340de896c876562b02c0 (diff) | |
Update after installing ssh from backports
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 3487494..738db2d 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -1,6 +1,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted publickey for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+ ssh2: (RSA-CERT ID [[:alnum:]]+@[[:alnum:]]+ \(serial [[:digit:]]+\) CA )?(RSA|ED25519) [:.[:xdigit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad packet length [[:digit:]]+\. \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from [:.[:xdigit:]]+ port [[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: banner exchange: Connection from [[:xdigit:].:]+ port [[:digit:]]+: invalid format$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel_by_id: 1: bad id: channel free$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel_input_success_failure: 1: unknown$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by (authenticating|invalid) user [[:alnum:][:punct:][:space:]]* [:.[:xdigit:]]+ port [[:digit:]]+ \[preauth\]$ @@ -18,8 +19,11 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user|root) [[:alnum:]]+ from [[:digit:].]+ port [[:digit:]]+ ssh2 \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: connect_to .* port [[:digit:]]+: failed\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: banner line contains invalid characters$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: client sent invalid protocol identifier ".*"$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection closed by remote host$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection reset by peer$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: read: Connection reset by peer$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for (invalid user [[:alnum:][:space:][:digit:]@\\!._-]*|root|sshd|mysql|ftp|nagios|postgres|redis) from [:.[:xdigit:]]+ port [[:digit:]]+ ssh2 \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM: Authentication failure for( illegal user)? [^[:space:]]* from ([:.[:xdigit:]]+|UNKNOWN|[-_.[:alnum:]]+)$ |