Verified Commit 213f08b2 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

ignore more sshd log messages

parent b47994f9
......@@ -14,6 +14,8 @@ release/005.007 (unreleased)
the actual ssh service running on the server, so it is a very
low-impact change. [adamhl]
[ssh] Ignore a couple more innocuous sshd log lines. [adamhl]
release/005.006 (2017-02-16)
[kerberos] Add support for the new kerberos environment 'qa'. [adamhl]
......
......@@ -63,7 +63,7 @@ sshd: /^Postponed \S+ for invalid user \S+ from (::ffff:)?171\.67\.22\.12 /
sshd: /^Disconnecting: Too many authentication failures for \S+$/
# Ignore failed logins by ACS and other AS and ITS staff. We all mistype
# passwords occasionally.
# passwords occasionally. Also ignore successful Duo login.
<%-
# Create an "OR" of all the sunetids we can ignore.
if (@filter_sunetids.length > 0) then
......@@ -75,6 +75,8 @@ sshd: /^Disconnecting: Too many authentication failures for (<%= ignore_or_strin
sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (<%= ignore_or_string %>) from [a-f:\d.]+ port \d+ ssh2$/
sshd: /^PAM \d+ more authentication failures?; .* user=(<%= ignore_or_string %>)$/
sshd: /^error: PAM: Authentication failure for (<%= ignore_or_string %>) from [a-z:\d.-]+$/
sshd: /requirement "uid eq 0" not met by user "<%= ignore_or_string %>"/
sshd: /Successful Duo login for '<%= ignore_or_string %>' from .*\.stanford.edu/
<%-
else
-%>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment