diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2005-08-05 09:34:26 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2005-08-05 09:34:26 +0000 |
| commit | e4f125330b261f4c76770c735482df5ce794a9c6 (patch) | |
| tree | 9928e729c4c4dc5cc979a76b1d0d2e2792aa948f | |
| parent | 16413e543d8a7b7351377f16680fa2e93c67e0a7 (diff) | |
Ignore illegal ssh users (script-kiddie attacks).
| -rw-r--r-- | logcheck/ignore.d.server/ssh | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh index d64d593..56e072a 100644 --- a/logcheck/ignore.d.server/ssh +++ b/logcheck/ignore.d.server/ssh @@ -9,3 +9,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [\.0-9]+: 11: Disconnect requested by Windows SSH Client.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$ + +# Cracking attempts are too common, so clutters more than it helps to warn about them +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password from illegal|Illegal) user [[:alnum:]]+ from [\.0-9]+ port [0-9]+( ssh2)?$ |