also sprach martin f krafft <[EMAIL PROTECTED]> [2006.07.03.0746 +0200]:
> Rationale: unless you're paranoid, you don't really care about
> people banging your SSH port and trying random user names.
>
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:
> I(llegal|nvalid) user [-[:alnum:]]+ from (::ffff:)?[.[:digit:]]+$
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\)
> check pass; user unknown$
It then makes sense to add these to violations.ignore.d/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: PAM:
User not known to the underlying authentication module for illegal user
[[:alnum:]]+ from [_.[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:
I(llegal|nvalid) user [-_.[:alnum:]]+ from (::ffff:)?[.[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed
(keyboard-interactive/pam|password) for i(llegal|nvalid) user [[:alnum:]]+ from
(::ffff:)?[.[:digit:]]+ port [[:digit:]]{1,5} ssh2$
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
signature.asc
Description: Digital signature (GPG/PGP)
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
