fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixade regler i logcheck. Och eftersom det ar stokigt i setupen ocksa regler for home assistant

Browse Source
This commit is contained in:
fredrik
2017-09-12 13:54:30 +02:00
parent 6bc35431a6
commit c73e581767
3 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
logcheck_debian
View File

@@ -570,7 +570,8 @@
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+ \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
#May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth] #May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth] #Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth]
#Sep 9 06:55:41 marconi sshd[11486]: input_userauth_request: invalid user 0101 [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user ([ ._[:alnum:]]+(\\\\r| )?) \[preauth\] \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user ([ ._[:alnum:]]+(\\\\r| )?) \[preauth\]
#Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy user=root #Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy user=root
@@ -597,6 +598,11 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth
#Apr 13 09:47:05 marconi sshd[695]: error: Received disconnect from 37.229.184.255 port 61294:2: Handshake failed [preauth] #Apr 13 09:47:05 marconi sshd[695]: error: Received disconnect from 37.229.184.255 port 61294:2: Handshake failed [preauth]
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?(11|2): (Client disconnecting normally|ok|Handshake failed) \[preauth\] \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?(11|2): (Client disconnecting normally|ok|Handshake failed) \[preauth\]
#Sep 9 06:55:41 marconi sshd[11486]: Invalid user 0101 from 91.197.232.109
\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user
#[ .[alnum]]+ from [.:[:digit:]]+
# Apr 18 17:29:30 nada internal-sftp[9277]: session opened for local user petter from [212.16.177.66] # Apr 18 17:29:30 nada internal-sftp[9277]: session opened for local user petter from [212.16.177.66]
# Apr 18 17:29:31 nada internal-sftp[9277]: opendir "/home/petter/www.lidberg.se/mazda/Old" # Apr 18 17:29:31 nada internal-sftp[9277]: opendir "/home/petter/www.lidberg.se/mazda/Old"
# Apr 18 17:29:31 nada internal-sftp[9277]: closedir "/home/petter/www.lidberg.se/mazda/Old" # Apr 18 17:29:31 nada internal-sftp[9277]: closedir "/home/petter/www.lidberg.se/mazda/Old"

22
logcheck_ubuntu
View File

@@ -107,8 +107,10 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: Bye Bye \[preauth\] ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: Bye Bye \[preauth\]
#Mar 2 20:33:25 marconi sshd[3723]: fatal: Unable to negotiate with 103.207.39.105 port 59502: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth] #Mar 2 20:33:25 marconi sshd[3723]: fatal: Unable to negotiate with 103.207.39.105 port 59502: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
#Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth] #Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman#Sep 9 10:56:11 marconi sshd[2798]: fatal: Unable to negotiate with 54.156.158.234 port 41078: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching key exchange method found. Their offer: [-,[:alnum:]]+ \[preauth\] #Sep 9 10:56:12 marconi sshd[2802]: fatal: Unable to negotiate with 54.156.158.234 port 41330: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
#Sep 9 10:56:14 marconi sshd[2816]: fatal: Unable to negotiate with 54.156.158.234 port 42036: no matching host key type found. Their offer: ssh-dss [preauth]-group-exchange-sha1 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching (host key type|key exchange method) found. Their offer: [-,[:alnum:]]+ \[preauth\]
#Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth] #Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth]
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\] ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\]
@@ -117,6 +119,9 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
# #
# SYSTEMD # SYSTEMD
# #
@@ -165,6 +170,17 @@
#Mar 5 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh #Mar 5 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: fredrik : TTY=unknown \; PWD=/home/fredrik \; USER=root \; COMMAND=/home/fredrik/bin/kdbx_backup.sh ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: fredrik : TTY=unknown \; PWD=/home/fredrik \; USER=root \; COMMAND=/home/fredrik/bin/kdbx_backup.sh
#Sep 9 03:34:14 marconi root: /etc/dhcp/dhclient-enter-hooks.d/avahi-autoipd returned non-zero exit status 1
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ root: /etc/dhcp/dhclient-enter-hooks.d/avahi-autoipd returned non-zero exit status 1
#Sep 9 03:34:14 marconi smbd[2261]: * Reloading /etc/samba/smb.conf smbd
#Sep 9 03:34:14 marconi smbd[2261]: ...done.
#Sep 10 07:35:57 marconi freeradius[3649]: * Reloading FreeRADIUS daemon freeradius
#Sep 10 07:35:58 marconi freeradius[3649]: ...done.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (freeradius|smbd)\[[[:digit:]]+\]: \* Reloading
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (freeradius|smbd)\[[[:digit:]]+\]: ...done.
# #
@@ -174,8 +190,6 @@
#Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.791823, 0] ../source3/nmbd/nmbd.c:169(nmbd_sig_hup_handler) #Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.791823, 0] ../source3/nmbd/nmbd.c:169(nmbd_sig_hup_handler)
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nmbd\[[[:digit:]]+\]: \[[ .:,/[:digit:]]+ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nmbd\[[[:digit:]]+\]: \[[ .:,/[:digit:]]+
#Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792332, 0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
#Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Purged 0 orphaned posts. #Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Purged 0 orphaned posts.
#Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Removed 0 (feeds) 0 (cats) orphaned counter cache entries. #Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Removed 0 (feeds) 0 (cats) orphaned counter cache entries.

12
testlog
View File

@@ -570,8 +570,16 @@ Aug 22 09:00:18 marconi kernel: [737391.088869] sd 7:0:0:0: [sdd] tag#0 FAILED R
Aug 22 09:00:18 marconi kernel: [737391.088892] sd 7:0:0:0: [sdd] tag#0 Sense Key : Hardware Error [current] [descriptor] Aug 22 09:00:18 marconi kernel: [737391.088892] sd 7:0:0:0: [sdd] tag#0 Sense Key : Hardware Error [current] [descriptor]
Aug 22 09:00:18 marconi kernel: [737391.088904] sd 7:0:0:0: [sdd] tag#0 Add. Sense: No additional sense information Aug 22 09:00:18 marconi kernel: [737391.088904] sd 7:0:0:0: [sdd] tag#0 Add. Sense: No additional sense information
Aug 22 09:00:18 marconi kernel: [737391.088919] sd 7:0:0:0: [sdd] tag#0 CDB: ATA command pass through(16) 85 06 2c 00 00 00 00 00 00 00 00 00 00 00 e5 00 Aug 22 09:00:18 marconi kernel: [737391.088919] sd 7:0:0:0: [sdd] tag#0 CDB: ATA command pass through(16) 85 06 2c 00 00 00 00 00 00 00 00 00 00 00 e5 00
Sep 9 03:34:14 marconi root: /etc/dhcp/dhclient-enter-hooks.d/avahi-autoipd returned non-zero exit status 1
Sep 9 03:34:14 marconi smbd[2261]: * Reloading /etc/samba/smb.conf smbd
Sep 9 03:34:14 marconi smbd[2261]: ...done.
Sep 9 06:55:41 marconi sshd[11486]: Invalid user 0101 from 91.197.232.109
Sep 9 06:55:41 marconi sshd[11486]: input_userauth_request: invalid user 0101 [preauth]
Sep 9 10:56:11 marconi sshd[2798]: fatal: Unable to negotiate with 54.156.158.234 port 41078: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
Sep 9 10:56:12 marconi sshd[2802]: fatal: Unable to negotiate with 54.156.158.234 port 41330: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
Sep 9 10:56:14 marconi sshd[2816]: fatal: Unable to negotiate with 54.156.158.234 port 42036: no matching host key type found. Their offer: ssh-dss [preauth]
Sep 10 07:35:57 marconi freeradius[3649]: * Reloading FreeRADIUS daemon freeradius
Sep 10 07:35:58 marconi freeradius[3649]: ...done.
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem... Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...