diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2004-07-05 12:47:21 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2004-07-05 12:47:21 +0000 |
| commit | ee8c75a8a88c13503534a58f622f6e30967d82a5 (patch) | |
| tree | 5514ccd44d0952778786c2fbf0e5272a7dae26bf /logcheck/violations.ignore.d/temp | |
| parent | 4c6cf02f082804e311d108c779764ec38917fa3f (diff) | |
Ignore TLS failures equally for postfix smtp and smtpd. Attempt cleanup of temporary ignoring login failures.
Diffstat (limited to 'logcheck/violations.ignore.d/temp')
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index c7bf770..a35805b 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -1,5 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap(d)?|netatalk|pop|samba) ?\[[0-9]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]* user=[[:alnum:]]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dovecot-auth: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=( user=[[:alnum:]]+)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|netatalk|pop|samba)\[[0-9]+\]): \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: bad function 7A @@ -8,10 +7,10 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED .* to .*:143 as .* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\] +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\] ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. ?$ |