diff options
| author | Hendrik Jäger <hendrik@securosys.ch> | 2020-03-14 21:06:59 +0200 |
|---|---|---|
| committer | Hendrik Jäger <hendrik@securosys.ch> | 2020-03-14 21:06:59 +0200 |
| commit | 5efd4a0d29d58fbbf1b7d122e60da4e82209294b (patch) | |
| tree | 2756da744b9dd21f4af8628635bbafe00725166d /files | |
| parent | 7edf16115a074e6b225e3bd65f6decc3766409b3 (diff) | |
Add ssh rules
Diffstat (limited to 'files')
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 0554f8f..fb4d502 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -4,7 +4,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel_by_id: 1: bad id: channel free$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel_input_success_failure: 1: unknown$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by [:.[:xdigit:]]+ port [[:digit:]]+ \[preauth\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by (authenticating|invalid) user [[:alnum:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+ \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by (authenticating|invalid) user [[:alnum:][:punct:][:space]]* [:.[:xdigit:]]+ port [[:digit:]]+ \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Could not write ident string to UNKNOWN$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Did not receive identification string from ([:[:xdigit:].]+|UNKNOWN)+ port [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+ \[preauth\]$ @@ -88,3 +88,4 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: packet_write_wait: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: Broken pipe \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: packet_write_wait: Connection from authenticating user [[:alnum:][:space:][:digit:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: Broken pipe \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: WARNING: no suitable primes in /etc/ssh/moduli$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Protocol major versions differ for [[:xdigit:]:.]+ port [[:digit:]]+: .*$ |