From 7bf6972ec57c344315707a74eb06b7d71befe437 Mon Sep 17 00:00:00 2001 From: Hendrik Jäger Date: Sat, 21 Dec 2019 13:10:00 +0200 Subject: Update logcheck rules for ssh --- files/etc/logcheck/ignore.d.server/local-ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index b3d7e26..22ffef1 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -39,7 +39,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: JIHAD FROM BU. \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: logout \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: Normal Shutdown(, Thank you for playing)? \[preauth\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: Shutdown, Thanks for playing \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: Shutdown(, Thanks for playing)? \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: ok \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: FlowSshPacketDecoder: unresponsiveness timeout \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [:.[:xdigit:]]+ port [[:digit:]]+: ?11: Operation timeout \[preauth\]$ -- cgit v1.2.3