Fix user name regex for logcheck
This commit is contained in:
parent
5259e5a3ec
commit
7a9128258a
@ -33,7 +33,7 @@
|
|||||||
^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit
|
^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit
|
||||||
^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\)
|
^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\)
|
||||||
^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody
|
^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody
|
||||||
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [_-[:alnum:]]+ from [.[:digit:]]+ port [[:digit:]]+
|
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [._[:alnum:]-]+ from [.[:digit:]]+ port [[:digit:]]+
|
||||||
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\]
|
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\]
|
||||||
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [_-[:alnum:]]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
|
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [._[:alnum:]-]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
|
||||||
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
|
^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
|
||||||
|
Reference in New Issue
Block a user