From e0bae63e76e385952b4c08e3a116d2ae18da9ba4 Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Thu, 14 Nov 2019 22:44:35 +0800
Subject: [PATCH] loki config updates

---
 ansible/etc/logcheck/ignore.d.server/local-server.j2 | 4 ++++
 ansible/etc/rkhunter.conf.j2                         | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ansible/etc/logcheck/ignore.d.server/local-server.j2 b/ansible/etc/logcheck/ignore.d.server/local-server.j2
index 67ebb58..53cc059 100644
--- a/ansible/etc/logcheck/ignore.d.server/local-server.j2
+++ b/ansible/etc/logcheck/ignore.d.server/local-server.j2
@@ -1,7 +1,11 @@
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} docker-compose\[[0-9]+\]:
+^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} systemd\[[0-9]+\]: apt-daily.service: Succeeded.
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} systemd\[[0-9]+\]: Listening on GnuPG network certificate management daemon.
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} systemd\[[0-9]+\]: Listening on GnuPG cryptographic agent
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} systemd\[[0-9]+\]: Closed GnuPG network certificate management daemon.
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} systemd\[[0-9]+\]: Closed GnuPG cryptographic agent
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} systemd\[[0-9]+\]: run-docker-runtime\\x2drunc-moby
 ^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} auditd\[[0-9]+\]: Audit daemon rotating log files
+^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} sshd\[[0-9]+\]: Invalid user [[:alnum:]]+ from [.[:digit:]]+ port [[:digit:]]+
+^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\]
+^[[:alpha:]]{3} [ :[:digit:]]{11} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [[:alnum:]]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\]
diff --git a/ansible/etc/rkhunter.conf.j2 b/ansible/etc/rkhunter.conf.j2
index 2119989..eac955c 100644
--- a/ansible/etc/rkhunter.conf.j2
+++ b/ansible/etc/rkhunter.conf.j2
@@ -320,7 +320,7 @@ AUTO_X_DETECT=1
 #
 # The default value is '0'.
 #
-ALLOW_SSH_PROT_V1=2
+ALLOW_SSH_PROT_V1=0
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration