From 7a9128258aab0e79dbd14eacc6e3e382aff90e9d Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Sat, 30 Nov 2019 14:53:40 +0100
Subject: [PATCH] Fix user name regex for logcheck

---
 ansible/etc/logcheck/ignore.d.server/local-server.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/etc/logcheck/ignore.d.server/local-server.j2 b/ansible/etc/logcheck/ignore.d.server/local-server.j2
index a7a47ac..251ebe0 100644
--- a/ansible/etc/logcheck/ignore.d.server/local-server.j2
+++ b/ansible/etc/logcheck/ignore.d.server/local-server.j2
@@ -33,7 +33,7 @@
 ^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit
 ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\)
 ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody
-^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [_-[:alnum:]]+ from [.[:digit:]]+ port [[:digit:]]+
+^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [._[:alnum:]-]+ from [.[:digit:]]+ port [[:digit:]]+
 ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\]
-^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [_-[:alnum:]]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
+^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [._[:alnum:]-]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
 ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\]