From 05d7f0a51399cb876bda9fdc73b7796af7b60ca7 Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Tue, 15 Mar 2016 21:02:30 +0100
Subject: [PATCH] =?UTF-8?q?=C3=84nnu=20fler=20justeringar?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 logcheck_ignore | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/logcheck_ignore b/logcheck_ignore
index 59563d0..14b530a 100644
--- a/logcheck_ignore
+++ b/logcheck_ignore
@@ -49,6 +49,10 @@
 #Mar 13 02:55:16 nada dovecot: ssl-params: SSL parameters regeneration completed
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-params: (Generating SSL parameters|SSL parameters regeneration completed)
 
+#Mar 15 14:03:51 nada dovecot: pop3-login: Disconnected (client didn't finish SASL auth, waited 0 secs): user=<>, method=PLAIN, rip=213.112.7.21, lip=66.23.226.92, TLS, session=<dEpiBxYuHQDVcAcV>
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: pop3-login: Disconnected \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<>, method=PLAIN, rip=[.[:digit:]]+, lip=[.[:digit:]]+, TLS, session=<[[:alnum:]]+>
+
+
 #
 #  MONIT
 #
@@ -119,6 +123,9 @@
 #Mar 13 15:15:32 nada sm-mta[22560]: u2DEFS76022560: ruleset=check_rcpt, arg1=eax_64@yahoo.com, relay=[61.190.7.133], reject=550 5.7.1 eax_64@yahoo.com... Relaying denied. IP name lookup failed [61.190.7.133]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: ruleset=check_rcpt, arg1=[-_.@[:alnum:]]+, relay=\[[.:[:digit:]]+\], reject=550 5.7.1 [-_.@[:alnum:]]+ Relaying denied. IP name lookup failed \[[.:[:digit:]]+\]
 
+#Mar 15 11:26:20 nada sm-mta[6679]: STARTTLS=client, relay=mail.compenta.se., version=TLSv1/SSLv3, verify=FAIL, cipher=AES128-SHA256, bits=128/128
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, version=TLSv1/SSLv3, verify=FAIL, cipher=AES128-SHA256, bits=128/128
+
 
 #
 #  SPAMD
@@ -134,10 +141,7 @@
 #May 19 10:39:19 nada sshd(pam_google_authenticator)[18265]: Failed to compute location of secret file
 #May 19 14:05:07 nada sshd(pam_google_authenticator)[20232]: Did not receive verification code from user
 #May 19 14:05:17 nada sshd(pam_google_authenticator)[20399]: Invalid verification code
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Failed to compute location of secret file
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Did not receive verification code from user
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Invalid verification code
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Failed to read \"[/[:alnum:]]+\/.google_authenticator\"
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: (Failed to read \"[/[:alnum:]]+\/.google_authenticator\"|Invalid verification code|Failed to compute location of secret file|Did not receive verification code from user)
 
 # Mar 10 11:12:56 nada sshd[26548]: Received disconnect from 94.102.49.198: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
 # Mar 12 04:09:09 nada sshd[23908]: Received disconnect from 195.154.52.9: 3: java.net.SocketTimeoutException: Read timed out [preauth]
@@ -163,7 +167,7 @@
 
 
 #Mar 11 21:08:21 nada suhosin[30831]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '91.121.230.152', file '/home/happysthlm/www.happysthlm.se/wp/xmlrpc.php')
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - dropped [[:digit:]]+ request variables - \([[:digit:]]+ in GET, [[:digit:]]+ in POST, [[:digit:]]+ in COOKIE\) \(attacker '[.[:digit:]]+', file '[/.-_[:alnum:]]+'\)
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - dropped [[:digit:]]+ request variables - \([[:digit:]]+ in GET, [[:digit:]]+ in POST, [[:digit:]]+ in COOKIE\) \(attacker '[.[:digit:]]+', file '[/_-.[:alnum:]]+'\)
 
 #Mar 11 21:10:17 nada suhosin[30832]: ALERT - configured request variable name length limit exceeded - dropped variable '
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - configured request variable name length limit exceeded - dropped variable '
\ No newline at end of file