diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2006-01-08 19:36:00 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2006-01-08 19:36:00 +0000 |
| commit | 09b141f1cc265a7b19c34926d344d6828165d8c6 (patch) | |
| tree | 5fbb8100dfb8ef7adab911ba321f87ba8c2286d9 /logcheck/violations.ignore.d | |
| parent | fd9fadff874c81bb85408b728ac7330ee77639a9 (diff) | |
Temporarily ignore ssh login failures also from ipv6-ized IPs.
Diffstat (limited to 'logcheck/violations.ignore.d')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index e42d901..d3f66a5 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -104,7 +104,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password for( illegal user)?|Illegal user) [^[:space:]]+ from [\.0-9]+( port [0-9]+ ssh2)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password for( illegal user)?|Illegal user) [^[:space:]]+ from (::ffff:)?[\.0-9]+( port [0-9]+ ssh2)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED [^[:space:]]+ to [^[:space:]]+:143 as [^[:space:]]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=[^[:space:]]*)?( auth=[^[:space:]]*)? host=([^[:space:]]* )?\[[^[:space:]]+\]$ diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index b6de61e..335a030 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -20,7 +20,7 @@ # Failed logins is impossible to deal with through logcheck anyway ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password for( illegal user)?|Illegal user) [^[:space:]]+ from [\.0-9]+( port [0-9]+ ssh2)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password for( illegal user)?|Illegal user) [^[:space:]]+ from (::ffff:)?[\.0-9]+( port [0-9]+ ssh2)?$ #^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> [^[:space:]]+ for (imap|netatalk|pop|samba|ssh) service$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED [^[:space:]]+ to [^[:space:]]+:143 as [^[:space:]]+$ |