Add another filter for sm auto-login attempts - and comment them all out for now...

1 files changed, 4 insertions, 0 deletions

diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 9ab4030..4d07e76 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -26,3 +26,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED [^[:space:]]+ to [^[:space:]]+:143 as [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=[^[:space:]]*)?( auth=[^[:space:]]*)? host=([^[:space:]]* )?\[[^[:space:]]+\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mod_auth_shadow: VALIDATE: user: [^[:space:]]+, Authentication failure$
+# sm@xayide.jones.dk tries aggressively to auto-login
+#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) (authentication failure|2 more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.251.(69|74)  user=sm$
+#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: PAM: Authentication failure for sm from 81.19.251.(69|74)$
+#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed (keyboard-interactive/pam|password) for sm from ::ffff:81.19.251.(69|74) port [[:digit:]]+ ssh2$