diff options
Diffstat (limited to 'logcheck/violations.ignore.d')
| -rw-r--r-- | logcheck/violations.ignore.d/local | 6 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/netatalk.changes | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/samba | 3 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 2 |
4 files changed, 8 insertions, 4 deletions
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 42e7292..e377b5f 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -24,6 +24,7 @@ pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ fail kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) ### violations.ignore.d/netatalk.changes # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$ afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ @@ -66,7 +67,8 @@ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $ +smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer $ ### violations.ignore.d/ssh sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+ user=[^[:space:]]+$ @@ -85,9 +87,9 @@ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service portsentry\[[0-9]+\]: attackalert: .* +smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection (reset by peer|timed out)) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. sshd\[[0-9]+\]: Failed password for .* diff --git a/logcheck/violations.ignore.d/netatalk.changes b/logcheck/violations.ignore.d/netatalk.changes index 960dfb5..d356c1c 100644 --- a/logcheck/violations.ignore.d/netatalk.changes +++ b/logcheck/violations.ignore.d/netatalk.changes @@ -1,4 +1,5 @@ # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$ afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba index d54c7e0..7098655 100644 --- a/logcheck/violations.ignore.d/samba +++ b/logcheck/violations.ignore.d/samba @@ -1 +1,2 @@ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $ +smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer $ diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index 7d30b06..ae28f0b 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -12,9 +12,9 @@ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service portsentry\[[0-9]+\]: attackalert: .* +smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection (reset by peer|timed out)) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. sshd\[[0-9]+\]: Failed password for .* |