From 30dc5237b8b1c200519c5360887c5388f083a5d2 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Sat, 17 Aug 2013 10:44:35 -0700
Subject: [PATCH] Another minor tweak to the ssh failed authentication filter

---
 files/ssh/etc/filter-syslog/ssh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/ssh/etc/filter-syslog/ssh b/files/ssh/etc/filter-syslog/ssh
index b9a38b7..c051a2f 100644
--- a/files/ssh/etc/filter-syslog/ssh
+++ b/files/ssh/etc/filter-syslog/ssh
@@ -65,7 +65,7 @@ sshd: /^Disconnecting: Too many authentication failures for \S+$/
 # Ignore failed logins by IDG, Systems, and other ITS staff.  We all mistype
 # passwords occasionally.
 sshd: /^sshd\(pam_unix\): authentication failure; .* user=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|ktai|laltman|jonrober|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)$/
-sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure; .* (logname|user)=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)( |\Z)/
+sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure;.* (logname|user)=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)( |\Z)/
 sshd: /^PAM \d+ more authentication failures?; .* user=(adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)$/
 sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu) from [a-f:\d.]+ port \d+ ssh2$/
 sshd: /^error: PAM: Authentication failure for (adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jonrober|jmcdermo|ktai|laltman|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu) from [a-z:\d.-]+$/
-- 
GitLab