From ec4a521f6087f2add20a48e001bdf8bb264cbde3 Mon Sep 17 00:00:00 2001 From: Hendrik Jaeger Date: Tue, 28 May 2019 16:00:46 +0200 Subject: [PATCH] Update logcheck rules for ssh --- files/etc/logcheck/ignore.d.server/local-ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 229545c..f3bec4f 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -64,7 +64,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection reset by peer \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [[:alnum:][:space:].:+-]+\[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: invalid public DH value: <= 1 \[preauth\]$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user [[:alnum:][:space:][:digit:]\^%@\$#\\!.,:;=_+*-]* from [:.[:xdigit:]]+ port [[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user [[:alnum:][:space:][:digit:]\^%@\$#&\\!.,:;=_+*-]* from [:.[:xdigit:]]+ port [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM service\(sshd\) ignoring max retries; [[:digit:]] > [[:digit:]]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd:auth\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[^[:space:]]+([[:space:]]+user=(root|nobody|backup|daemon|www-data|games|news|mail|lp|sync|uucp|identd|gnats|irc|list|proxy|sys|nagios|mysql|bin|ftp|sshd|smmsp|snmp|man|ntp|quagga|libuuid|Debian-exim|proftpd|logcheck|vmail|statd|dovecot|postfix|puppet|bacula))?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd:auth\): check pass; user unknown -- 2.39.5