diff options
Diffstat (limited to 'logcheck/violations.ignore.d/local')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 63e4b22..8708cf6 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -103,3 +103,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) (authentication failure|2 more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.251.(69|74) user=sm$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: PAM: Authentication failure for sm from 81.19.251.(69|74)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed (keyboard-interactive/pam|password) for sm from ::ffff:81.19.251.(69|74) port [[:digit:]]+ ssh2$ + +# Cracking attempts are too common, so clutters more than it helps to warn about them +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password from illegal|Illegal) user [[:alnum:]]+ from [\.0-9]+( port [0-9]+ ssh2)?$ |