diff options
Diffstat (limited to 'logcheck/violations.ignore.d')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 17 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/netatalk.changes | 3 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 12 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/samba | 2 |
4 files changed, 18 insertions, 16 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 556a4fe..07f1222 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -24,8 +24,9 @@ kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0 ### violations.ignore.d/netatalk.changes # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ +afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$ -afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ +afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$ ### violations.ignore.d/netsaint @@ -43,27 +44,27 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ ### violations.ignore.d/pmud pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix +postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ +postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ -postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ -postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ +postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.* +postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.* postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .* +postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^[:space:]]*>)?$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ ### violations.ignore.d/ssh sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+ user=[^[:space:]]+$ diff --git a/logcheck/violations.ignore.d/netatalk.changes b/logcheck/violations.ignore.d/netatalk.changes index b756dc0..a82f468 100644 --- a/logcheck/violations.ignore.d/netatalk.changes +++ b/logcheck/violations.ignore.d/netatalk.changes @@ -1,6 +1,7 @@ # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ +afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$ -afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ +afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$ diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 7da8887..bfcad1b 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,17 +1,17 @@ +postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ +postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ -postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ -postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ +postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.* +postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.* postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .* +postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$ # These are only for postfix >= 2.0: -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^[:space:]]*>)?$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$ diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba index b728d7c..d54c7e0 100644 --- a/logcheck/violations.ignore.d/samba +++ b/logcheck/violations.ignore.d/samba @@ -1 +1 @@ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ |