X-Git-Url: https://git.phdru.name/?p=ansible.git;a=blobdiff_plain;f=playbooks%2Froles%2Flogcheck%2Ffiles%2Fignore.d%2Flocal-ssh;fp=playbooks%2Froles%2Flogcheck%2Ffiles%2Fignore.d%2Flocal-ssh;h=c83224594b34be1488478d50da428616f4ea51eb;hp=d929eb8a286dcade54c336d3b545c876258db95e;hb=1d7627af2dd7007bf9884348945434384c233f4f;hpb=119883da0314743983a0c4ce7c5ecb7892aa18a6

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index d929eb8..c832245 100644
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -1,44 +1,44 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|Connection corrupted|bignum is negative|invalid format|message authentication code incorrect) \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Corrupted MAC on input\. \[preauth\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\.
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|could not read protocol version|invalid format)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[(UNKNOWN|([0-9]{1,3}\.){3}[0-9]{1,3})\]:-?[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Bad remote protocol version identification:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect to [^ ]+ port [0-9]+ failed: Network is unreachable$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+ port [0-9]+: failed\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(No address associated with hostname\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(Temporary failure in name resolution\)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: read: Connection reset by peer
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+\[preauth\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes \[preauth\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Protocol major versions differ: 2 vs\. 1$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|Connection corrupted|bignum is negative|invalid format|message authentication code incorrect) \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Corrupted MAC on input\. \[preauth\]$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+:
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\.
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: banner exchange: Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|could not read protocol version|invalid format)
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[(UNKNOWN|([0-9]{1,3}\.){3}[0-9]{1,3})\]:-?[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: Bad remote protocol version identification:
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect to [^ ]+ port [0-9]+ failed: Network is unreachable$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+ port [0-9]+: failed\.$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(No address associated with hostname\)$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: connect_to [^ ]+: unknown host \(Temporary failure in name resolution\)
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: Connection closed by remote host
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: banner line contains invalid characters$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: client sent invalid protocol identifier
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex_exchange_identification: read: Connection reset by peer
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: error: send_error: write: Connection reset by peer$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+\[preauth\]$
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes \[preauth\]
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$