simon at sdeziel.info
2011-Dec-31 04:14 UTC
[Logcheck-devel] [PATCH] i.d.s/openvpn: support 'remote-cert-tls (server|client)'
From: Simon Deziel <simon.deziel at gmail.com>
Fixes LP: #806537
Signed-off-by: Simon Deziel <simon.deziel at gmail.com>
---
rulefiles/linux/ignore.d.server/openvpn | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/openvpn
b/rulefiles/linux/ignore.d.server/openvpn
index 2b4bfd6..d80f42f 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -75,6 +75,11 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY (SCRIPT )?OK:
depth=[[:digit:]]+, /[-:_./=@[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY SCRIPT OK:
depth=[[:digit:]]+, /(CN|O)=.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? WARNING: Bad
encapsulated packet length from peer \([[:digit:]]+\), which must be > 0 and
<= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers
-- this condition could also indicate a possible active attack on the TCP link
-- \[Attempt?ing restart\.\.\.\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Replay-window
backtrack occurred \[[[:digit:]]+\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Validating certificate
(|extended )key usage$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \+\+ Certificate has
key usage ([0-9a-f]{4}), expects \4$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \+\+ Certificate has
EKU \(str\) TLS Web (Client|Server) Authentication, expects TLS Web \4
Authentication$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY (|E)KU OK$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY X509NAME OK:
.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:((
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \[[-_.[:alnum:]]+\])?
Inactivity timeout \(--ping-restart\), restarting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:((
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})?(
\[[-._[:alnum:]]+\])?)? Peer Connection Initiated with
[[:digit:].]{7,15}:[[:digit:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:(
([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? Replay-window
backtrack occurred \[[[:digit:]]+\]$
--
1.7.5.4
Reasonably Related Threads
- [PATCH] Added "Re-using pre-shared static key" openvpn rule
- [PATCH] Re-enabled :port portion of "UDPv4 link" openvpn rule
- [PATCH] i.d.s/postfix: fixed policyd-weight patterns
- Bug#443171: [PATCH] ignore acpid clients disconnecting
- Bug#580260: logcheck-database: dkim-filter needs tweak
Wisdom of the Ancients
