diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2004-02-22 10:23:41 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2004-02-22 10:23:41 +0000 |
| commit | 2bb63b0b81fb7aec533eaf645591426662e17124 (patch) | |
| tree | 0b972a4acc300ac0c324c8af136582e047d1ae2c /logcheck/violations.ignore.d/temp | |
| parent | ae37e39e2ccfac4f25624a62e5f82e963a4f18a4 (diff) | |
Tighten all rules to strict left side, based on su rules.
Diffstat (limited to 'logcheck/violations.ignore.d/temp')
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index ae28f0b..b9b8cd9 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -1,26 +1,26 @@ -(imap|netatalk|pop|samba)\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]* user=[[:alnum:]]+$ -afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied -afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied -afpd\[[0-9]+\]: bad function 7A -afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\) -afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied -afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied -afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) -IMP\[[0-9]+\]: FAILED .* to .*:143 as .* -i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\] -kernel: IP_MASQ:reverse ICMP: failed checksum from .*! -kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) -PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service -portsentry\[[0-9]+\]: attackalert: .* -smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ -smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $ -smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $ -smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! -smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. -sshd\[[0-9]+\]: Failed password for .* -pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument -postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .* -postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .* -postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)> -snort: spp_http_decode: IIS Unicode attack detected: -postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|netatalk|pop|samba)\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]* user=[[:alnum:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: bad function 7A +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\) +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument) +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED .* to .*:143 as .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected: +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* |