X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=files%2Fetc%2Flogcheck%2Fignore.d.server%2Flocal-auditd;h=55d988c451ea7ce9dd9c8200c6e5471761d031f6;hb=fa36a18ba80f404dca00b618b49fd6e7e9d10e37;hp=778c96912c49e85c2f55853e454b4c2c6a1f7ca7;hpb=6a1d0dfd2133dd5be6d0279e8aef44fd4a7d999b;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

diff --git a/files/etc/logcheck/ignore.d.server/local-auditd b/files/etc/logcheck/ignore.d.server/local-auditd
index 778c969..55d988c 100644
--- a/files/etc/logcheck/ignore.d.server/local-auditd
+++ b/files/etc/logcheck/ignore.d.server/local-auditd
@@ -7,7 +7,7 @@ type=CRED_ACQ msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit
 type=CRED_DISP msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:setcred grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]+" hostname=[[:alnum:]:.?]+ addr=[[:xdigit:]:.?]+ terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]-]+")?$
 type=CRED_REFR msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:setcred grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]+" hostname=[[:alnum:]:.?]+ addr=[[:xdigit:]:.?]+ terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="root")?$
 type=USER_ACCT msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=[[:digit:]]+ auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:accounting grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_*-]+" exe="[^"]+" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$
-type=USER_AUTH msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:authentication grantors=(\?|pam_[[:alnum:]]+,?)+ acct="[[:alnum:]?"'$#%^~&,.;:!=@_*\(\)-]*"? exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=(failed|success)'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$
+type=USER_AUTH msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:authentication grantors=(\?|pam_[[:alnum:]]+,?)+ acct="?[[:alnum:]?"?'$#%^~&,.;:!+=@_*\(\)-]*"? exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=(failed|success)'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$
 type=USER_START msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_open grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]+" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]-]+")?$
 type=USER_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]-]+")?$
 type=USER_END msg=audit\([[:digit:]]+\.[[:digit:]]+:[[:digit:]]+\): pid=[[:digit:]]+ uid=0 auid=[[:digit:]]+ ses=[[:digit:]]+ subj==unconfined msg='op=PAM:session_close grantors=(pam_[[:alnum:]]+,?)+ acct="[[:alnum:]@_-]+" exe="[^"]*" hostname=(\?|[[:alnum:]:.]+) addr=(\?|[[:xdigit:]:.]+) terminal=[[:alnum:]/?]+ res=success'([^[:alpha:]]+UID="root" AUID="[[:alnum:]]+")?$