From 28d09b1e2ee3d8e286f3398d015e21b4b5e11606 Mon Sep 17 00:00:00 2001
From: Oleg Broytman <phd@phdru.name>
Date: Sat, 27 Jul 2019 13:24:47 +0300
Subject: [PATCH] Fix(logcheck): Fix ssh: Ignore every character in invalid
 user name

---
 playbooks/debian/roles/logcheck/files/ignore.d/local-ssh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh b/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh
index dd75429..9b4dfa6 100644
--- a/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh
@@ -6,11 +6,11 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user +[A-Za-z0-9 !@#$%^&*_,./\\+-]+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user +[A-Za-z0-9 !@#$%^&*_,./\\+-]* from ([0-9]{1,3}\.){3}[0-9]{1,3}
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+ from ([0-9]{1,3}\.){3}[0-9]{1,3}
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (host key type|key exchange method) found\.
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user +[A-Za-z0-9 !@#$%^&*_,./\\+-]+ \[preauth\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+ \[preauth\]$
-- 
2.39.2