11 years ago · 279e929874
--- a/roles/common/files/logcheck/amavisd-new_local
+++ b/roles/common/files/logcheck/amavisd-new_local
@@ -0,0 +1,3 @@
 
				+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) NOTICE: reconnecting in response to: err=[[:digit:]]+, HY000, DBD::mysql::st execute failed: MySQL server has gone away at \(eval [[:digit:]]+\) line [[:digit:]]+, <GEN[[:digit:]]+> line [[:digit:]]+.$
			
 
				+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN \{RelayedOpenRelay\}, <[^>]+> -> <[^>]+>, Message-ID: <[^>]+>, mail_id: [-[:alnum:]]+, Hits: (-?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
			
 
				+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed BAD-HEADER-2 \{RelayedOpenRelay,Quarantined\}, <[^>]+> -> <[^>]+>, quarantine: [-/[:alnum:]]+, Message-ID: <[^>]+>, mail_id: [[:alnum:]]+, Hits: (-?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
			
--- a/roles/common/files/logcheck/postfix_local
+++ b/roles/common/files/logcheck/postfix_local
@@ -1,2 +1,2 @@
 
				 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: warning: hostname .+ does not resolve to address .+(: Name or service not known)?$
			
 
				-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: Untrusted TLS connection established to [-\.[:alnum:]]+\[[:\.[:digit:]a-f]+\]:[[:digit:]]+: TLSv[\.[:digit:]]+ with cipher [-[:alnum:]]+ \([[:digit:]]+/[[:digit:]]+ bits\)$
			
 
				+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: Untrusted TLS connection established (to|from) [-\.[:alnum:]]+\[[:\.[:xdigit:]]+\]:([[:digit:]]+:)? TLSv[\.[:digit:]]+ with cipher [-[:alnum:]]+ \([[:digit:]]+/[[:digit:]]+ bits\)$
			
--- a/roles/common/files/logcheck/pure-ftpd_local
+++ b/roles/common/files/logcheck/pure-ftpd_local
@@ -5,6 +5,6 @@
 
				 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([._[:alnum:]-]+@[._[:alnum:]-]+\) \[NOTICE\] Restarting at [0-9]+$
			
 
				 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([?.[:alnum:]-]+@[:._[:alnum:]-]+\) \[INFO\] New connection from [:._[:alnum:]-]+$
			
 
				 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: pam_unix\(pure-ftpd:auth\): check pass; user unknown$
			
 
				-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: pam_unix\(pure-ftpd:auth\): authentication failure; logname= uid=[0-9]+ euid=[0-9]+ tty=pure-ftpd ruser=anonymous rhost=.*$
			
 
				+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: pam_unix\(pure-ftpd:auth\): authentication failure; logname=[^ ]* uid=[[:digit:]]+ euid=[[:digit:]]+ tty=pure-ftpd ruser=[^ ]* rhost=.*$
			
 
				 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \(\?@[:.0-9]+\) \[INFO\] PAM_RHOST enabled. Getting the peer address$
			
 
				 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \(\?@[:.0-9]+\) \[WARNING\] Authentication failed for user \[.*\]$
			
--- a/roles/common/tasks/security.yml
+++ b/roles/common/tasks/security.yml
@@ -17,6 +17,7 @@
 
				   action: copy src=logcheck/${item}_local dest=/etc/logcheck/ignore.d.server/${item}_local owner=root group=root mode=0644
			
 
				   with_items:
			
 
				     - ansible
			
 
				+    - amavisd-new
			
 
				     - bind
			
 
				     - dovecot
			
 
				     - dropbear