From d9113820991d0155ae896a8910799f91af335d5d Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Sat, 30 Nov 2019 21:56:28 +0100
Subject: [PATCH] Another small fix to user name regex

---
 ansible/etc/logcheck/ignore.d.server/local-server.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/etc/logcheck/ignore.d.server/local-server.j2 b/ansible/etc/logcheck/ignore.d.server/local-server.j2
index 251ebe0..898f6e7 100644
--- a/ansible/etc/logcheck/ignore.d.server/local-server.j2
+++ b/ansible/etc/logcheck/ignore.d.server/local-server.j2
@@ -33,7 +33,7 @@
 ^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit
 ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\)
 ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody
-^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [._[:alnum:]-]+ from [.[:digit:]]+ port [[:digit:]]+
+^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [._'[:alnum:]-]+ from [.[:digit:]]+ port [[:digit:]]+
 ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\]
-^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [._[:alnum:]-]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
+^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [._'[:alnum:]-]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
 ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\]