Update logcheck rules for nftables

author Hendrik Jaeger <root@netwichtig.de>

Thu, 15 Aug 2019 18:35:57 +0000 (20:35 +0200)

committer Hendrik Jaeger <root@netwichtig.de>

Thu, 15 Aug 2019 18:35:57 +0000 (20:35 +0200)
author Hendrik Jaeger <root@netwichtig.de>
Thu, 15 Aug 2019 18:35:57 +0000 (20:35 +0200)
committer Hendrik Jaeger <root@netwichtig.de>
Thu, 15 Aug 2019 18:35:57 +0000 (20:35 +0200)
diff --git a/files/etc/logcheck/ignore.d.server/local-nftables b/files/etc/logcheck/ignore.d.server/local-nftables

index c99a877bee5d3f7cba8f491ae0440bebf236f255..a202d77dd076fb7f235f160175c7b6b3ddc2ba11 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-nftables
+++ b/files/etc/logcheck/ignore.d.server/local-nftables
@@ -1,2 +1,2 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Bruteforce attack: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )??URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Illegal incoming traffic: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )??URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Bruteforce attack: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )?URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: \[[[:digit:][:space:].]+\] Illegal incoming traffic: IN=[[:alnum:]]+ OUT= MAC=[[:digit:]a-f:]+ SRC=[[:digit:]a-f:.]+ DST=[[:digit:]a-f:.]+ LEN=[[:digit:]]+ (TC=[[:digit:]]+ HOPLIMIT=[[:digit:]]+ FLOWLBL=[[:digit:]]+|TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[[:digit:]]+ ID=[[:digit:]]+) (DF )?PROTO=(TCP|UDP) SPT=[[:digit:]]+ DPT=[[:digit:]]+ (WINDOW=[[:digit:]]+ RES=0x[[:digit:]]+ (CWR )?(ECE )?(SYN|ACK|RST) (PSH )?(FIN )?URGP=[[:digit:]]+|LEN=[[:digit:]]+)$
author	Hendrik Jaeger <root@netwichtig.de>
	Thu, 15 Aug 2019 18:35:57 +0000 (20:35 +0200)
committer	Hendrik Jaeger <root@netwichtig.de>
	Thu, 15 Aug 2019 18:35:57 +0000 (20:35 +0200)