Ayke van Laethem
2016-Sep-11 12:22 UTC
[Logcheck-devel] [PATCH] Add ed25519 to list of public key types in SSH
Signed-off-by: Ayke van Laethem <aykevanlaethem at gmail.com> --- rulefiles/linux/ignore.d.server/ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh index 062f245..2330ddf 100644 --- a/rulefiles/linux/ignore.d.server/ssh +++ b/rulefiles/linux/ignore.d.server/ssh @@ -1,4 +1,4 @@ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA|ED25519) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$ -- 2.1.4