From edeabb97a1ff570f35600ae6f17823f2b10d770a Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 26 Feb 2004 08:40:14 +0000
Subject: Small addition to ostfix rules. Trailing space in samba rules is
 'optional'.

---
 logcheck/ignore.d.server/local     |  2 +-
 logcheck/ignore.d.server/postfix   |  2 +-
 logcheck/violations.ignore.d/local | 12 ++++++------
 logcheck/violations.ignore.d/samba |  4 ++--
 logcheck/violations.ignore.d/temp  |  8 ++++----
 5 files changed, 14 insertions(+), 14 deletions(-)

(limited to 'logcheck')

diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index c364d5b..09fcbde 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -241,7 +241,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(7:certificate signature failure|10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index 9c43eaa..ed35be6 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -21,7 +21,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(7:certificate signature failure|10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=(20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 3287c7d..b8b1642 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -66,8 +66,8 @@
 ### violations.ignore.d/proftpd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
 ### violations.ignore.d/samba
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer $
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer ?$
 ### violations.ignore.d/ssh
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+  user=[^[:space:]]+$
@@ -89,10 +89,10 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   getpeername failed. Error was Transport endpoint is not connected $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   getpeername failed. Error was Transport endpoint is not connected ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba
index 8a6b2db..e6034a1 100644
--- a/logcheck/violations.ignore.d/samba
+++ b/logcheck/violations.ignore.d/samba
@@ -1,2 +1,2 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer $
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer ?$
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index b9b8cd9..fbcb84f 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -13,10 +13,10 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   ERROR: string overflow by [[:digit:]]+ in safe_strcpy .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   getpeername failed. Error was Transport endpoint is not connected $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   api_rpcTNP: api_srvsvc_rpc: SRV_NET_SHARE_ADD failed. ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   getpeername failed. Error was Transport endpoint is not connected ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
-- 
cgit v1.2.3