From: Oleg Broytman <phd@phdru.name>
Date: Mon, 29 Mar 2021 19:12:07 +0000 (+0300)
Subject: Feat(logcheck): Extend ssh rule
X-Git-Url: https://git.phdru.name/?p=ansible.git;a=commitdiff_plain;h=400678f5b97209a7aebd4d29b9df7bca6f447ea7

Feat(logcheck): Extend ssh rule
---

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index b8ccdc8..ff5568c 100644
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -1,5 +1,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|bignum is negative) \[preauth\]
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Broken pipe|bignum is negative) \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad packet length [0-9]+\. \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]