diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2005-11-28 09:58:11 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2005-11-28 09:58:11 +0000 |
| commit | 069f328ad52384ecfbabae1140236e3e343a1d06 (patch) | |
| tree | 9fbfb4c89812015b70303b1f61eba73a043754d0 | |
| parent | fefb08c1997309a6f91850f56325692060fb44c0 (diff) | |
Move strings about failed SSH login attempts to violations.d.
| -rw-r--r-- | logcheck/ignore.d.server/ssh | 3 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 3 |
2 files changed, 3 insertions, 3 deletions
diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh index bf1cf50..d64d593 100644 --- a/logcheck/ignore.d.server/ssh +++ b/logcheck/ignore.d.server/ssh @@ -9,6 +9,3 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [\.0-9]+: 11: Disconnect requested by Windows SSH Client.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$ - -# Cracking attempts are too common, so clutters more than it helps to warn about them -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password from illegal|Illegal) user [[:alnum:]]+ from [\.0-9]+( port [0-9]+ ssh2)?$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 63e4b22..8708cf6 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -103,3 +103,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) (authentication failure|2 more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.251.(69|74) user=sm$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: PAM: Authentication failure for sm from 81.19.251.(69|74)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed (keyboard-interactive/pam|password) for sm from ::ffff:81.19.251.(69|74) port [[:digit:]]+ ssh2$ + +# Cracking attempts are too common, so clutters more than it helps to warn about them +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password from illegal|Illegal) user [[:alnum:]]+ from [\.0-9]+( port [0-9]+ ssh2)?$ |