diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2005-12-15 10:12:21 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2005-12-15 10:12:21 +0000 |
| commit | bbce308fe2b1f48db8cf2e3de148f00a46af9d50 (patch) | |
| tree | f306d122a58ed6c4a7c552d5ea69bff9348809bd /logcheck | |
| parent | 350bf8d1ebb676b7378ebe4af9a1f0978191f2ac (diff) | |
Ignore another postfix dyndns blocking. Ignore illegal SSH logins also for SSHv1
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/local | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/tmp | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index f332d00..07ee8f3 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -310,6 +310,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: warning - MIME::Parser error: .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+ port [0-9]+ ssh2$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+( port [0-9]+ ssh2)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ucd-snmp\[[0-9]+\]: Connection from .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ uptimed: moving up to position [0-9]+: [0-9]+ days, [0-9:]+ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index b2dc9e0..0389ed6 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -61,4 +61,4 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $ ## SSH -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+ port [0-9]+ ssh2$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for illegal user [^[:space:]]+ from [.0-9]+( port [0-9]+ ssh2)?$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 78a8682..6814f49 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -55,7 +55,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: (CommonName mis-match: .+|[0-9]+ dNSNames in certificate found, but none matches)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate verification failed for [^[:space:]]+:( num=10:)?certificate has expired$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused (mail service|to talk to me: ([^[:space:]]+ +(550 ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|554 #5\.5\.4 Relaying denied\. IP name lookup failed)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)))) +\(port 25\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused (mail service|to talk to me: ([^[:space:]]+ +(550 <[^[:space:]]+>: Client host rejected: Blocked|550 ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|554 #5\.5\.4 Relaying denied\. IP name lookup failed)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)))) +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [^[:space:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm\)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [^[:space:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\)|554 <[^[:space:]]+\[[\.0-9]+\]>: Client host rejected: No mail accepted from you)$ diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 5eda3af..699a360 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -14,7 +14,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate verification failed for [^[:space:]]+:( num=10:)?certificate has expired$ # Too much spam refuse to eat their own shit -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused (mail service|to talk to me: ([^[:space:]]+ +(550 ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|554 #5\.5\.4 Relaying denied\. IP name lookup failed)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)))) +\(port 25\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused (mail service|to talk to me: ([^[:space:]]+ +(550 <[^[:space:]]+>: Client host rejected: Blocked|550 ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|554 #5\.5\.4 Relaying denied\. IP name lookup failed)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)))) +\(port 25\)$ # Ignore blacklisting due to being dynamic - or without explaining/hinting at all ## Grr - could've been a single rule if only logcheck supported custom classes |