From 9f3c51e3aa40910e103368b309a7775cd7518cf0 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 22 Oct 2002 17:24:43 +0000
Subject: logcheck: Match only numerical pid numbers (.* is BAD in logcheck!).

---
 logcheck/violations.ignore.d/temp | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

(limited to 'logcheck/violations.ignore.d/temp')

diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 0b48e00..42a6910 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -1,22 +1,22 @@
-afpd\[.*\]: afp_flushfork: of_find: Permission denied
-afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
-afpd\[.*\]: bad function 7A
-afpd\[.*\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
-afpd\[.*\]: dsi_stream_read\(0\): Permission denied
-afpd\[.*\]: error removing /.+/net[\.[:digit:]]+node[[:digit:]]+: Permission denied
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-IMP\[.*\]: FAILED .* to .*:143 as .*
-i(map|pop3)d\[.*\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
+afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied
+afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
+afpd\[[0-9]+\]: bad function 7A
+afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
+afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied
+afpd\[[0-9]+\]: error removing /.+/net[\.[:digit:]]+node[[:digit:]]+: Permission denied
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
+IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
+i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
-PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
-portsentry\[.*\]: attackalert: .*
-smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-smbd\[.*\]:   read_socket_data: recv failure for 4. Error = No route to host
-smbd\[.*\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
-sshd\[.*]: Failed password for .*
-pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
-postfix/smtpd\[.*\]: reject: .*: 550 <.*>: User unknown; .*
-postfix/smtpd\[.*\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
-postfix.*\[.*\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
+PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
+portsentry\[[0-9]+\]: attackalert: .*
+smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
+smbd\[[0-9]+\]:   read_socket_data: recv failure for 4. Error = No route to host
+smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
+sshd\[[0-9]+\]: Failed password for .*
+pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
+postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
+postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
+postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
 snort: spp_http_decode: IIS Unicode attack detected:
-- 
cgit v1.2.3