diff options
| author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-07-20 16:26:33 +0200 |
|---|---|---|
| committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-07-20 16:26:33 +0200 |
| commit | 27c483cc42d868ab00c82b5eee40502ce8edbbf7 (patch) | |
| tree | ac05f8a7288a30cb1b7754276f6fefb205c3b0e8 | |
| parent | c48fc03db06425695ae85b9fe6a7824c233ed2a5 (diff) | |
update rules
| -rw-r--r-- | files/etc/logcheck/ignore.d.server/local-ssh | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-ssh b/files/etc/logcheck/ignore.d.server/local-ssh index 332175f..acc0297 100644 --- a/files/etc/logcheck/ignore.d.server/local-ssh +++ b/files/etc/logcheck/ignore.d.server/local-ssh @@ -20,6 +20,7 @@ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Packet corrupt \[preauth\]$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user|root) [[:alnum:]]+ from [[:digit:].]+ port [[:digit:]]+ ssh2 \[preauth\]$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures \[preauth\]$ +^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: dispatch_protocol_error: type [[:digit:]]+ seq [[:digit:]] \[preauth\]$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: drop connection #[[:digit:]]+ from \[[:.[:xdigit:]]+\]:[[:digit:]]+ on \[[:.[:xdigit:]]+\]:[[:digit:]]+ past MaxStartups$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Bad remote protocol version identification: 'SSH-2.0-?'$ ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: beginning MaxStartups throttling$ |