From 0bc4a47b433770bfdc628712b34f81af4be7194e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Hendrik=20J=C3=A4ger?= Date: Sun, 11 Jul 2021 22:03:16 +0300 Subject: [PATCH] Update logcheck rules --- files/etc/logcheck/ignore.d.server/local-ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index e7975ef..1a454f0 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -90,7 +90,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd:auth\): bad username [[:alnum:][:space:][:digit:][:punct:]]*$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd:auth\): check pass; user unknown ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed (publickey|keyboard-interactive) for ([^[:space:]]+|invalid user)[[:space:]]+from [^[:space:]]+ port [[:digit:]]+ ssh2 \[preauth\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Protocol major versions differ( for [[:xdigit:]:.]+ port [[:digit:]]+)?: .*$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Protocol major versions differ( for [[:xdigit:]:.]+ port [[:digit:]]+)?: .*$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from (authenticating|invalid) user [[:alnum:][:space:][:digit:][:punct:]]* [:.[:xdigit:]]+ port [[:digit:]]+: message authentication code incorrect \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: bignum is negative \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [:.[:xdigit:]]+ port [[:digit:]]+: Broken pipe \[preauth\]$ -- 2.39.2