From 069f328ad52384ecfbabae1140236e3e343a1d06 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Mon, 28 Nov 2005 09:58:11 +0000
Subject: Move strings about failed SSH login attempts to violations.d.

---
 logcheck/violations.ignore.d/local | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'logcheck/violations.ignore.d')

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 63e4b22..8708cf6 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -103,3 +103,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: \(pam_unix\) (authentication failure|2 more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=81.19.251.(69|74)  user=sm$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: PAM: Authentication failure for sm from 81.19.251.(69|74)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed (keyboard-interactive/pam|password) for sm from ::ffff:81.19.251.(69|74) port [[:digit:]]+ ssh2$
+
+# Cracking attempts are too common, so clutters more than it helps to warn about them
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (Failed password from illegal|Illegal) user [[:alnum:]]+ from [\.0-9]+( port [0-9]+ ssh2)?$
-- 
cgit v1.2.3