diff options
Diffstat (limited to 'logcheck/violations.ignore.d/local')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 556a4fe..07f1222 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -24,8 +24,9 @@ kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0 ### violations.ignore.d/netatalk.changes # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ +afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$ -afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ +afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$ ### violations.ignore.d/netsaint @@ -43,27 +44,27 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ ### violations.ignore.d/pmud pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix +postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ +postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ -postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ -postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ +postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.* +postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.* postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .* +postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^[:space:]]*>)?$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ ### violations.ignore.d/ssh sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+ user=[^[:space:]]+$ |