Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Improve logcheck rules (dnsmasq, pure-ftpd, ssh)

Emmanuel Bouthenot 9 years ago
parent
2c93d38931
commit
8b53d143c0
4 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 1 0
      roles/common/files/logcheck/dnsmasq_local
  2. 1 0
      roles/common/files/logcheck/pure-ftpd_local
  3. 1 2
      roles/common/files/logcheck/sshd_local
  4. 1 0
      roles/common/tasks/security.yml

+ 1 - 0
roles/common/files/logcheck/dnsmasq_local
View File 

@@ -0,0 +1 @@
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dnsmasq-dhcp\[[[:digit:]]+\]: Ignoring domain [[:alnum:]\.-]+ for DHCP host name [[:alnum:]\.-]+$

+ 1 - 0
roles/common/files/logcheck/pure-ftpd_local
View File 

@@ -11,3 +11,4 @@
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \(\?@[:.0-9]+\) \[WARNING\] Sorry, cleartext sessions are not accepted on this server\.#012Please reconnect using SSL/TLS security mechanisms\.$
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([?.[:alnum:]-]+@[._[:alnum:]-]+\) \[INFO\] Timeout - try typing a little faster next time$
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: pam_listfile\(pure-ftpd:auth\): Refused user .+ for service pure-ftpd$
 
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([?.[:alnum:]-]+@[?._[:alnum:]-]+\) \[ERROR\] Unable to identify the local socket: Transport endpoint is not connected$

+ 1 - 2
roles/common/files/logcheck/sshd_local
View File 

@@ -1,8 +1,7 @@
 
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [-:\.[:alnum:]]+: [[:digit:]]+: (([\.[:alnum:]]+: Auth fail|ok|Goodbye|Bye|Unable to connect using the available authentication methods|) \[preauth\]|disconnected by user)$
 
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [-:\.[:alnum:]]+: [[:digit:]]+: (([\.[:alnum:]]+: Auth fail|ok|Goodbye|Bye|Unable to connect using the available authentication methods|) \[preauth\]|disconnected by user|Normal Shutdown, Thank you for playing \[preauth\]|.*: reject HostKey: [-:\.[:alnum:]]+ \[preauth\]|disconnect \[preauth\])$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user .+$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted publickey for [-:\.[:alnum:]]+ from [-:\.[:alnum:]]+ port [[:digit:]]+ ssh2(|: RSA [:0-9a-f]+)$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer( \[preauth\]|)$
 
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [-:\.[:alnum:]]+: [[:digit:]]+: .*: reject HostKey: [-:\.[:alnum:]]+ \[preauth\]$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for (invalid user |)[-:\.[:alnum:]]+ from [-:\.[:alnum:]]+ port [[:digit:]]+ ssh2 \[preauth\]$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Change of username or service not allowed: \([[:alnum:]]+,ssh-connection\) -> \([[:alnum:]]+,ssh-connection\) \[preauth\]$
 
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: AuthorizedKeysCommand .+ returned status [[:digit:]]+$

+ 1 - 0
roles/common/tasks/security.yml
View File 

@@ -29,6 +29,7 @@
 
     - ansible
 
     - bind
 
     - dhclient
 
+    - dnsmasq
 
     - dovecot
 
     - dropbear
 
     - git-daemon