From: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date: Sat, 20 Jul 2024 14:26:33 +0000 (+0200)
Subject: update rules
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=27c483cc42d868ab00c82b5eee40502ce8edbbf7;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

update rules
---

diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh
index 332175f..acc0297 100644
--- a/files/etc/logcheck/ignore.d.server/local-ssh
+++ b/files/etc/logcheck/ignore.d.server/local-ssh
@@ -20,6 +20,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Packet corrupt \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user|root) [[:alnum:]]+ from [[:digit:].]+ port [[:digit:]]+ ssh2 \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: dispatch_protocol_error: type [[:digit:]]+ seq [[:digit:]] \[preauth\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: drop connection #[[:digit:]]+ from \[[:.[:xdigit:]]+\]:[[:digit:]]+ on \[[:.[:xdigit:]]+\]:[[:digit:]]+ past MaxStartups$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Bad remote protocol version identification: 'SSH-2.0-?'$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: beginning MaxStartups throttling$