update rules

author: Hendrik Jäger <gitcommit@henk.geekmail.org> 2024-07-20 16:26:33 +0200
committer: Hendrik Jäger <gitcommit@henk.geekmail.org> 2024-07-20 16:26:33 +0200
commit: 27c483cc42d868ab00c82b5eee40502ce8edbbf7 (patch)
tree: ac05f8a7288a30cb1b7754276f6fefb205c3b0e8 /files
parent: c48fc03db06425695ae85b9fe6a7824c233ed2a5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh
index 332175f..acc0297 100644
--- a/files/etc/logcheck/ignore.d.server/local-ssh
+++ b/files/etc/logcheck/ignore.d.server/local-ssh
@@ -20,6 +20,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Packet corrupt \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user|root) [[:alnum:]]+ from [[:digit:].]+ port [[:digit:]]+ ssh2 \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: dispatch_protocol_error: type [[:digit:]]+ seq [[:digit:]] \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: drop connection #[[:digit:]]+ from \[[:.[:xdigit:]]+\]:[[:digit:]]+ on \[[:.[:xdigit:]]+\]:[[:digit:]]+ past MaxStartups$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Bad remote protocol version identification: 'SSH-2.0-?'$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: beginning MaxStartups throttling$
author	Hendrik Jäger <gitcommit@henk.geekmail.org>	2024-07-20 16:26:33 +0200
committer	Hendrik Jäger <gitcommit@henk.geekmail.org>	2024-07-20 16:26:33 +0200
commit	27c483cc42d868ab00c82b5eee40502ce8edbbf7 (patch)
tree	ac05f8a7288a30cb1b7754276f6fefb205c3b0e8 /files
parent	c48fc03db06425695ae85b9fe6a7824c233ed2a5 (diff)