diff options
Diffstat (limited to 'logcheck')
| -rw-r--r-- | logcheck/ignore.d.server/local | 18 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 6 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/netatalk.changes | 1 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/samba | 3 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/temp | 2 |
5 files changed, 17 insertions, 13 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 6beac4c..a1d30e3 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -72,15 +72,6 @@ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on [^[:space:]]+ to [\.0-9]+ port 67( dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$ -### ignore.d.server/dhcp.changes -# NB: dhcp3 entries are in dhcp3-common -dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$ -dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$ -dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$ -dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$ -dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$ -dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$ -dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$ ### ignore.d.server/dhcp3-common dhcpd: Abandoning IP address [\.0-9]+: pinged before offer ?$ dhcpd: BOOTREQUEST from [0-9a-f:]+ ?$ @@ -94,6 +85,15 @@ dhcpd: ICMP Echo reply while lease [\.0-9]+ valid. ?$ dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. ?$ dhcpd: accepting packet with data after udp payload. ?$ dhcpd: ip length 576 disagrees with bytes received 590. ?$ +### ignore.d.server/dhcp.changes +# NB: dhcp3 entries are in dhcp3-common +dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$ +dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$ +dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$ +dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+ ?$ +dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$ +dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$ +dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$ ### ignore.d.server/gdm gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$ ### ignore.d.server/gdm.da_DK diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 42e7292..e377b5f 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -24,6 +24,7 @@ pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ fail kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\) ### violations.ignore.d/netatalk.changes # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$ afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ @@ -66,7 +67,8 @@ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $ +smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer $ ### violations.ignore.d/ssh sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+ user=[^[:space:]]+$ @@ -85,9 +87,9 @@ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service portsentry\[[0-9]+\]: attackalert: .* +smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection (reset by peer|timed out)) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. sshd\[[0-9]+\]: Failed password for .* diff --git a/logcheck/violations.ignore.d/netatalk.changes b/logcheck/violations.ignore.d/netatalk.changes index 960dfb5..d356c1c 100644 --- a/logcheck/violations.ignore.d/netatalk.changes +++ b/logcheck/violations.ignore.d/netatalk.changes @@ -1,4 +1,5 @@ # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer. +afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$ afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$ diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba index d54c7e0..7098655 100644 --- a/logcheck/violations.ignore.d/samba +++ b/logcheck/violations.ignore.d/samba @@ -1 +1,2 @@ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $ +smbd\[[0-9]+\]: write_socket_data: write failure\. Error = Connection reset by peer $ diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index 7d30b06..ae28f0b 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -12,9 +12,9 @@ kernel: IP_MASQ:reverse ICMP: failed checksum from .*! kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\) PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service portsentry\[[0-9]+\]: attackalert: .* +smbd\[[0-9]+\]: ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$ smbd\[[0-9]+\]: api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $ smbd\[[0-9]+\]: getpeername failed. Error was Transport endpoint is not connected $ -smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection (reset by peer|timed out)) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. sshd\[[0-9]+\]: Failed password for .* |