summaryrefslogtreecommitdiff
path: root/logcheck/violations.ignore.d/temp
blob: 45baa84d20e994a1dba761cadcb5cecaa2485f01 (plain) 
    

  1. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied
    2. 

  2. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
    3. 

  3. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: bad function 7A
    4. 

  4. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
    5. 

  5. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied
    6. 

  6. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied
    7. 

  7. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IP_MASQ:reverse ICMP: failed checksum from [^[:space:]]+!
    8. 

  8. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
    9. 

  9. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
    10. 

  10. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$
    11. 

  11. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. ?$
    12. 

  12. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   getpeername failed. Error was Transport endpoint is not connected ?$
    13. 

  13. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ?$
    14. 

  14. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.$
    15. 

  15. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
    16. 

  16. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <[^[:space:]]*>: User unknown; .*
    17. 

  17. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 554 <[^[:space:]]*>: Recipient address rejected: User unknown; .*
    18. 

  18. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected:
    19. 

  19. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
    20. 

  20. # Failed logins is impossible to deal with through logcheck anyway
    21. 

  21. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*(  user=[[:alnum:]]+)?$
    22. 

  22. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module
    23. 

  23. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password for( illegal user)?|Illegal user) [^[:space:]]+ from (::ffff:)?[\.0-9]+( port [0-9]+ ssh2)?$
    24. 

  24. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> [^[:space:]]+ for (imap|netatalk|pop|samba|ssh) service$
    25. 

  25. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure$
    26. 

  26. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED [^[:space:]]+ to [^[:space:]]+:143 as [^[:space:]]+$
    27. 

  27. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=[^[:space:]]*)?( auth=[^[:space:]]*)? host=([^[:space:]]* )?\[[^[:space:]]+\]$
    28. 

  28. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mod_auth_shadow: VALIDATE: user: [^[:space:]]+, Authentication failure$
    29. 

  29. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: SASL authentication failure: Password verification failed$
    30. 

  30. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: SASL (LOGIN|PLAIN) authentication failed: authentication failure$
    31. 

  31. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.imapproxyd\[[0-9]+\]: LOGIN: '[^[:space:]]+' \([:\.0-9]+\) failed: non-OK server response to LOGIN command$
    32. 

  32. # sm@xayide.jones.dk tries aggressively to auto-login
    33. 

  33. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) (authentication failure|2 more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.251.(69|74)  user=sm$
    34. 

  34. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: PAM: Authentication failure for sm from 81.19.251.(69|74)$
    35. 

  35. #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed (keyboard-interactive/pam|password) for sm from ::ffff:81.19.251.(69|74) port [[:digit:]]+ ssh2$
    36. 

  36. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[0-9T-]+/parts/part-[0-9]+$
    37.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 18:17:47 +0000