From d6cb60bf432ae1d8a3094aa27122df9be1f2b428 Mon Sep 17 00:00:00 2001
From: Hendrik Jaeger <root@netwichtig.de>
Date: Mon, 30 Sep 2019 20:46:00 +0200
Subject: Update logcheck rules for ssh

---
 files/etc/logcheck/ignore.d.server/local-nftables | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'files')

diff --git a/files/etc/logcheck/ignore.d.server/local-nftables b/files/etc/logcheck/ignore.d.server/local-nftables
index a202d77..f649d84 100644
--- a/files/etc/logcheck/ignore.d.server/local-nftables
+++ b/files/etc/logcheck/ignore.d.server/local-nftables
@@ -1,2 +1,2 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Bruteforce attack: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )?URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Illegal incoming traffic: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )?URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Bruteforce attack: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP|132) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )?URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Illegal incoming traffic: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP|132) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )?URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
-- 
cgit v1.2.3