mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
journalwatch config
This commit is contained in:
parent
5204b0310a
commit
036051c836
@ -552,42 +552,6 @@
|
||||
match = "_SYSTEMD_UNIT = opensmtpd.service";
|
||||
}
|
||||
|
||||
{ # yodaYoga, yodaNas
|
||||
filters = ''
|
||||
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
|
||||
pam_unix\(sshd:session\): session opened for user \S+ by \S+
|
||||
Received disconnect from \S+ port \S+:11: disconnected by user
|
||||
Disconnected from user \S+ \S+ port \S+
|
||||
pam_unix\(sshd:session\): session closed for user \S+
|
||||
#
|
||||
# Somebody evil ...
|
||||
#
|
||||
Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
|
||||
Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
|
||||
Invalid user \S+ from \S+ port \S+
|
||||
Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
|
||||
Disconnected from authenticating user root \S+ port \S+ \[preauth\]
|
||||
Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
|
||||
Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
|
||||
Connection closed by \S+ port \S+ \[preauth\]
|
||||
Connection closed by authenticating user root \S+ port \S+ \[preauth\]
|
||||
error: kex_exchange_identification: banner line contains invalid characters
|
||||
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
|
||||
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
|
||||
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
|
||||
error: kex_exchange_identification: Connection closed by remote host
|
||||
error: kex_exchange_identification: read: Connection reset by peer
|
||||
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
|
||||
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
|
||||
error: PAM: Authentication failure for \S+ from \S+
|
||||
error: PAM: Authentication failure for illegal user \S+ from \S+
|
||||
error: Protocol major versions differ: 2 vs\. 1
|
||||
error: beginning MaxStartups throttling
|
||||
fatal: Timeout before authentication for \S+ port [0-9]+
|
||||
'';
|
||||
match = "_SYSTEMD_UNIT = sshd.service";
|
||||
}
|
||||
|
||||
# TODO: Wait until issue is resolved
|
||||
# https://github.com/NixOS/nixpkgs/issues/267857
|
||||
# /etc/tmpfiles.d/tmp.conf:11: Duplicate line for path "/tmp", ignoring.
|
||||
@ -680,6 +644,48 @@
|
||||
# SYSLOG_IDENTIFIER
|
||||
#
|
||||
|
||||
# sshd running on the host system
|
||||
# _SYSTEMD_UNIT = sshd.service
|
||||
# However, sometimes the _SYSTEMD_UNIT field is missing
|
||||
# SYSLOG_IDENTIFIER = sshd
|
||||
{
|
||||
filters = ''
|
||||
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
|
||||
pam_unix\(sshd:session\): session opened for user \S+ by \S+
|
||||
Received disconnect from \S+ port \S+:11: disconnected by user
|
||||
Disconnected from user \S+ \S+ port \S+
|
||||
pam_unix\(sshd:session\): session closed for user \S+
|
||||
#
|
||||
# Somebody evil ...
|
||||
#
|
||||
Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
|
||||
Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
|
||||
Invalid user \S+ from \S+ port \S+
|
||||
Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
|
||||
Disconnected from authenticating user root \S+ port \S+ \[preauth\]
|
||||
Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
|
||||
Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
|
||||
Connection reset by \S+ port \S+ \[preauth\]
|
||||
Connection closed by \S+ port \S+
|
||||
Connection closed by \S+ port \S+ \[preauth\]
|
||||
Connection closed by authenticating user root \S+ port \S+ \[preauth\]
|
||||
error: kex_exchange_identification: banner line contains invalid characters
|
||||
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
|
||||
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
|
||||
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
|
||||
error: kex_exchange_identification: Connection closed by remote host
|
||||
error: kex_exchange_identification: read: Connection reset by peer
|
||||
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
|
||||
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
|
||||
error: PAM: Authentication failure for \S+ from \S+
|
||||
error: PAM: Authentication failure for illegal user \S+ from \S+
|
||||
error: Protocol major versions differ: 2 vs\. 1
|
||||
error: beginning MaxStartups throttling
|
||||
fatal: Timeout before authentication for \S+ port [0-9]+
|
||||
'';
|
||||
match = "SYSLOG_IDENTIFIER = sshd";
|
||||
}
|
||||
|
||||
{
|
||||
filters = ''
|
||||
pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)
|
||||
|
Loading…
Reference in New Issue
Block a user