diff options
| author | Hendrik Jaeger <root@netwichtig.de> | 2019-08-04 23:10:01 +0200 |
|---|---|---|
| committer | Hendrik Jaeger <root@netwichtig.de> | 2019-08-04 23:10:01 +0200 |
| commit | ba8695aa1b3acf23e74dd2aedec326a5c73076f9 (patch) | |
| tree | 6ef154da5c8717088b22969a47064a893bdb14c2 /files/etc | |
| parent | 943b7655f51d1843d9a8c641d4c0c74c4d74b64d (diff) | |
Update logcheck rules for ssh
Diffstat (limited to 'files/etc')
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 9e53c64..965ed8f 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -4,14 +4,18 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel_by_id: 1: bad id: channel free$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel_input_success_failure: 1: unknown$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by [:.[:xdigit:]]+ port [[:digit:]]+ \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by (authenticating|invalid) user [[:alnum:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+ \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Could not write ident string to UNKNOWN$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from ([:[:xdigit:].]+|UNKNOWN)+ port [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (authenticating|invalid) user [[:alnum:][:punct:]]* [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: bad client public DH value \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Change of username or service not allowed: \([^,]*,ssh-connection\) -> \([^,]*,[^)]+\)? \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnectinginvalid user [[:alnum:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: Change of username or service not allowed: \([^,]*,ssh-connection\) -> \([^,]*,[^)]+\)? \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Packet corrupt \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user|root) [[:alnum:]]+ from [[:digit:].]+ port [[:digit:]]+ ssh2 \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting (authenticating|invalid) user [[:alnum:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: Too many authentication failures \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: connect_to .* port [[:digit:]]+: failed\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for (invalid user [[:alnum:][:space:][:digit:]@\\!._-]*|root|sshd) from [:.[:xdigit:]]+ port [[:digit:]]+ ssh2 \[preauth\]$ |