From a2131e4aad72fe244349d7ec38ec063d2a2c3576 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 15 Mar 2016 06:49:44 +0100 Subject: [PATCH 1/2] Lagade trasig ordning --- logcheck_ignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logcheck_ignore b/logcheck_ignore index 59563d0..adf130c 100644 --- a/logcheck_ignore +++ b/logcheck_ignore @@ -163,7 +163,7 @@ #Mar 11 21:08:21 nada suhosin[30831]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '91.121.230.152', file '/home/happysthlm/www.happysthlm.se/wp/xmlrpc.php') -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - dropped [[:digit:]]+ request variables - \([[:digit:]]+ in GET, [[:digit:]]+ in POST, [[:digit:]]+ in COOKIE\) \(attacker '[.[:digit:]]+', file '[/.-_[:alnum:]]+'\) +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - dropped [[:digit:]]+ request variables -\([[:digit:]]+ in GET, [[:digit:]]+ in POST, [[:digit:]]+ in COOKIE\) \(attacker '[.[:digit:]]+', file '[-_.[:alnum:]]+'\) #Mar 11 21:10:17 nada suhosin[30832]: ALERT - configured request variable name length limit exceeded - dropped variable ' -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - configured request variable name length limit exceeded - dropped variable ' \ No newline at end of file +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - configured request variable name length limit exceeded - dropped variable From 293c761d1848e3860b2185155bd1a468bb84a2b9 Mon Sep 17 00:00:00 2001 From: Fredrik Wahlberg Date: Tue, 15 Mar 2016 13:18:39 +0100 Subject: [PATCH 2/2] Ett par rader till --- logcheck_ignore | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/logcheck_ignore b/logcheck_ignore index adf130c..eeb5309 100644 --- a/logcheck_ignore +++ b/logcheck_ignore @@ -49,6 +49,9 @@ #Mar 13 02:55:16 nada dovecot: ssl-params: SSL parameters regeneration completed ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-params: (Generating SSL parameters|SSL parameters regeneration completed) +#Mar 14 18:40:24 nada dovecot: imap(johan): Disconnected for inactivity in reading our output in=603 out=253156 +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([[:alnum:]]+\): Disconnected for inactivity in reading our output in=[[:digit:]]+ out=[[:digit:]]+ + # # MONIT # @@ -161,9 +164,18 @@ #Mar 12 12:26:38 kvarnen sshd[6051]: fatal: no matching cipher found: client aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: no matching cipher found: client +#Mar 15 09:24:00 kvarnen sshd[3572]: Protocol major versions differ for 40.76.48.189: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u1 vs. SSH-1.5-NmapNSE_1.0 +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Protocol major versions differ for [.:[:digit:]]+: + + + +# +# SUHOSIN +# #Mar 11 21:08:21 nada suhosin[30831]: ALERT - dropped 1 request variables - (0 in GET, 1 in POST, 0 in COOKIE) (attacker '91.121.230.152', file '/home/happysthlm/www.happysthlm.se/wp/xmlrpc.php') ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - dropped [[:digit:]]+ request variables -\([[:digit:]]+ in GET, [[:digit:]]+ in POST, [[:digit:]]+ in COOKIE\) \(attacker '[.[:digit:]]+', file '[-_.[:alnum:]]+'\) #Mar 11 21:10:17 nada suhosin[30832]: ALERT - configured request variable name length limit exceeded - dropped variable ' ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ suhosin\[[[:digit:]]+\]: ALERT - configured request variable name length limit exceeded - dropped variable +