diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2004-11-29 12:06:24 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2004-11-29 12:06:24 +0000 |
| commit | 1312b1b322ea8a518c104781160c68fb53dfb08a (patch) | |
| tree | 94457476f6f8ba79f301010d0057504c542f2a17 /logcheck | |
| parent | 230eb5a27dffc43287cf2e1b01edd3f2cad741fe (diff) | |
Ignore more email-related non-alerts.
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 3 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 611a65f..e8b088e 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -82,8 +82,9 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: .* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (refused to talk.*|Mail refused.*)+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$ diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index 09b05a5..e00c80c 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -19,8 +19,9 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* # Suspicious words within email addresses are ok ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: .* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (refused to talk.*|Mail refused.*)+$ # Failed logins is impossible to deal with through logcheck anyway ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module |