fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixade regler i logcheck. Och eftersom det ar stokigt i setupen ocksa regler for home assistant

Browse Source
This commit is contained in:
fredrik
2017-09-12 13:54:30 +02:00
parent 6bc35431a6
commit c73e581767
3 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
logcheck_debian
View File

@@ -570,8 +570,9 @@
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
#May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user ([._[:alnum:]]+(\\\\r| )?) \[preauth\]
#Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth]
#Sep 9 06:55:41 marconi sshd[11486]: input_userauth_request: invalid user 0101 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user ([ ._[:alnum:]]+(\\\\r| )?) \[preauth\]
#Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy user=root
#Oct 24 06:33:25 nada sshd[10577]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-68-161-233-215.ny325.east.verizon.net user=lp
@@ -597,6 +598,11 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
#Apr 13 09:47:05 marconi sshd[695]: error: Received disconnect from 37.229.184.255 port 61294:2: Handshake failed [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?(11|2): (Client disconnecting normally|ok|Handshake failed) \[preauth\]
#Sep 9 06:55:41 marconi sshd[11486]: Invalid user 0101 from 91.197.232.109
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user
#[ .[alnum]]+ from [.:[:digit:]]+
# Apr 18 17:29:30 nada internal-sftp[9277]: session opened for local user petter from [212.16.177.66]
# Apr 18 17:29:31 nada internal-sftp[9277]: opendir "/home/petter/www.lidberg.se/mazda/Old"
# Apr 18 17:29:31 nada internal-sftp[9277]: closedir "/home/petter/www.lidberg.se/mazda/Old"