Bug#445073: [PATCH] Updated ssh "reverse mapping" rule to include IP address (closes: #445073)

Sun, 03 Feb 2008 19:06:37 -0800 

---
 rulefiles/linux/violations.ignore.d/logcheck-ssh |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-ssh b/rulefiles/linux/violations.ignore.d/logcheck-ssh
index ce15db1..08407d5 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-ssh
+++ b/rulefiles/linux/violations.ignore.d/logcheck-ssh
@@ -1,6 +1,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts\.(allow|deny), line [0-9]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: /etc/hosts\.(allow|deny), line [0-9]+: host name/(name|address) mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ (\[[:.[:xdigit:]]+\] )?failed - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection (timed out|reset by peer)$

Reply via email to