From 13055c957d25b97bb6076b183f65b8f11433eaca Mon Sep 17 00:00:00 2001
From: Karl Kornel <akkornel@stanford.edu>
Date: Thu, 17 Dec 2015 11:17:47 -0800
Subject: [PATCH] Removed some no-longer-here people from ssh filter-syslog

---
 NEWS                            |  1 +
 files/ssh/etc/filter-syslog/ssh | 12 ++++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index e7d9b87..acc7351 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 UNRELEASED
 
     [pam] Stop overriding common PAM files with Debian jessie. (akkornel)
+    [ssh] Misc. filter-syslog cleanups. (akkornel)
 
 release/004.056 (2015-11-05)
 
diff --git a/files/ssh/etc/filter-syslog/ssh b/files/ssh/etc/filter-syslog/ssh
index 2d72bf4..a9aff7a 100644
--- a/files/ssh/etc/filter-syslog/ssh
+++ b/files/ssh/etc/filter-syslog/ssh
@@ -64,12 +64,12 @@ sshd: /^Disconnecting: Too many authentication failures for \S+$/
 
 # Ignore failed logins by ACS and other AS and ITS staff.  We all mistype
 # passwords occasionally.
-sshd: /^sshd\(pam_unix\): authentication failure; .* user=(adamhl|atayts|bxk|chekh|chom|frobozz|hallk|jmcdermo|jcowart|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl|tzakrajs|whm)$/
-sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure;.* (logname|user)=(adamhl|atayts|bxk|chekh|chom|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl|tzakrajs|whm)( |\Z)/
-sshd: /^Disconnecting: Too many authentication failures for (adamhl|atayts|bxk|chehk|chom|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl|tzakrajs|whm) \[preauth\]$/
-sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (adamhl|atayts|bxk|chehk|chom|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl|tzakrajs|whm) from [a-f:\d.]+ port \d+ ssh2$/
-sshd: /^PAM \d+ more authentication failures?; .* user=(adamhl|atayts|bxk|chehk|chom|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl|tzakrajs|whm)$/
-sshd: /^error: PAM: Authentication failure for (adamhl|atayts|bxk|chekh|chom|frobozz|hallk|jcowart|jonrober|jmcdermo|ktai|laltman|nbfa|saracook|sfeng|swl|tzakrajs|whm) from [a-z:\d.-]+$/
+sshd: /^sshd\(pam_unix\): authentication failure; .* user=(adamhl|atayts|bxk|chekh|chom|jmcdermo|jcowart|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl)$/
+sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure;.* (logname|user)=(adamhl|atayts|bxk|chekh|chom|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl)( |\Z)/
+sshd: /^Disconnecting: Too many authentication failures for (adamhl|atayts|bxk|chehk|chom|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl) \[preauth\]$/
+sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (adamhl|atayts|bxk|chehk|chom|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl) from [a-f:\d.]+ port \d+ ssh2$/
+sshd: /^PAM \d+ more authentication failures?; .* user=(adamhl|atayts|bxk|chehk|chom|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|nbfa|saracook|sfeng|swl)$/
+sshd: /^error: PAM: Authentication failure for (adamhl|atayts|bxk|chekh|chom||jcowart|jonrober|jmcdermo|ktai|laltman|nbfa|saracook|sfeng|swl) from [a-z:\d.-]+$/
 
 # Ignore GSS-API failures as root.  This is normally because people try to
 # use their normal credentials for root access.
-- 
GitLab