summaryrefslogtreecommitdiff
path: root/logcheck
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2004-02-26 08:40:14 +0000
committerJonas Smedegaard <dr@jones.dk>2004-02-26 08:40:14 +0000
commitedeabb97a1ff570f35600ae6f17823f2b10d770a (patch)
tree85c2bfb4f25ff8e942950266d62f4f3bd8b61549 /logcheck
parentddc30462a8dc9f12e86db1db25140cb554eb92c6 (diff)
Small addition to ostfix rules. Trailing space in samba rules is 'optional'.
Diffstat (limited to 'logcheck')
-rw-r--r--logcheck/ignore.d.server/local2
-rw-r--r--logcheck/ignore.d.server/postfix2
-rw-r--r--logcheck/violations.ignore.d/local12
-rw-r--r--logcheck/violations.ignore.d/samba4
-rw-r--r--logcheck/violations.ignore.d/temp8
5 files changed, 14 insertions, 14 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index c364d5b..09fcbde 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -241,7 +241,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(7:certificate signature failure|10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index 9c43eaa..ed35be6 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -21,7 +21,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(7:certificate signature failure|10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 3287c7d..b8b1642 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -66,8 +66,8 @@
### violations.ignore.d/proftpd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
### violations.ignore.d/samba
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer $
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer ?$
### violations.ignore.d/ssh
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+ user=[^[:space:]]+$
@@ -89,10 +89,10 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba
index 8a6b2db..e6034a1 100644
--- a/logcheck/violations.ignore.d/samba
+++ b/logcheck/violations.ignore.d/samba
@@ -1,2 +1,2 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer $
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer ?$
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index b9b8cd9..fbcb84f 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -13,10 +13,10 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 06:13:53 +0000