mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-11-25 22:35:03 +01:00
journalwatch config
This commit is contained in:
parent
036051c836
commit
469ca2d4e3
@ -1,4 +1,43 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
sshd_filter = ''
|
||||||
|
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
|
||||||
|
pam_unix\(sshd:session\): session opened for user \S+ by \S+
|
||||||
|
Received disconnect from \S+ port \S+:11: disconnected by user
|
||||||
|
Disconnected from user \S+ \S+ port \S+
|
||||||
|
pam_unix\(sshd:session\): session closed for user \S+
|
||||||
|
#
|
||||||
|
# Somebody evil ...
|
||||||
|
#
|
||||||
|
banner exchange: Connection from \S+ port \S+: invalid format
|
||||||
|
banner exchange: Connection from \S+ port \S+: could not read protocol version
|
||||||
|
Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
|
||||||
|
Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
|
||||||
|
Unable to negotiate with \S+ port \S+: no matching key exchange method found. Their offer: \S+ \[preauth\]
|
||||||
|
Invalid user \S+ from \S+ port \S+
|
||||||
|
Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
|
||||||
|
Disconnected from authenticating user root \S+ port \S+ \[preauth\]
|
||||||
|
Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
|
||||||
|
Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
|
||||||
|
Connection reset by \S+ port \S+ \[preauth\]
|
||||||
|
Connection reset by \S+ port \S+
|
||||||
|
Connection closed by \S+ port \S+
|
||||||
|
Connection closed by \S+ port \S+ \[preauth\]
|
||||||
|
Connection closed by invalid user \S+ \S+ port \S+ \[preauth\]
|
||||||
|
Connection closed by authenticating user root \S+ port \S+ \[preauth\]
|
||||||
|
error: kex_exchange_identification: banner line contains invalid characters
|
||||||
|
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
|
||||||
|
error: kex_exchange_identification: Connection closed by remote host
|
||||||
|
error: kex_exchange_identification: read: Connection reset by peer
|
||||||
|
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
|
||||||
|
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
|
||||||
|
error: PAM: Authentication failure for \S+ from \S+
|
||||||
|
error: PAM: Authentication failure for illegal user \S+ from \S+
|
||||||
|
error: Protocol major versions differ: 2 vs\. 1
|
||||||
|
error: beginning MaxStartups throttling
|
||||||
|
fatal: Timeout before authentication for \S+ port [0-9]+
|
||||||
|
'';
|
||||||
|
in
|
||||||
{
|
{
|
||||||
# Systemd Journal Monitoring.
|
# Systemd Journal Monitoring.
|
||||||
# Alternative:
|
# Alternative:
|
||||||
@ -439,6 +478,10 @@
|
|||||||
'';
|
'';
|
||||||
match = "IMAGE_NAME = /mysql:[0-9]+/";
|
match = "IMAGE_NAME = /mysql:[0-9]+/";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
filters = sshd_filter;
|
||||||
|
match = "IMAGE_NAME = gitea/gitea:1";
|
||||||
|
}
|
||||||
{ # yodaNas
|
{ # yodaNas
|
||||||
filters = ''
|
filters = ''
|
||||||
crond: crond \(busybox \S+\) started, log level [0-9]+
|
crond: crond \(busybox \S+\) started, log level [0-9]+
|
||||||
@ -649,40 +692,7 @@
|
|||||||
# However, sometimes the _SYSTEMD_UNIT field is missing
|
# However, sometimes the _SYSTEMD_UNIT field is missing
|
||||||
# SYSLOG_IDENTIFIER = sshd
|
# SYSLOG_IDENTIFIER = sshd
|
||||||
{
|
{
|
||||||
filters = ''
|
filters = sshd_filter;
|
||||||
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
|
|
||||||
pam_unix\(sshd:session\): session opened for user \S+ by \S+
|
|
||||||
Received disconnect from \S+ port \S+:11: disconnected by user
|
|
||||||
Disconnected from user \S+ \S+ port \S+
|
|
||||||
pam_unix\(sshd:session\): session closed for user \S+
|
|
||||||
#
|
|
||||||
# Somebody evil ...
|
|
||||||
#
|
|
||||||
Failed keyboard-interactive/pam for invalid user \S+ from \S+ port \S+ ssh2
|
|
||||||
Unable to negotiate with \S+ port \S+: no matching MAC found. Their offer: \S+ \[preauth\]
|
|
||||||
Invalid user \S+ from \S+ port \S+
|
|
||||||
Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
|
|
||||||
Disconnected from authenticating user root \S+ port \S+ \[preauth\]
|
|
||||||
Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
|
|
||||||
Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
|
|
||||||
Connection reset by \S+ port \S+ \[preauth\]
|
|
||||||
Connection closed by \S+ port \S+
|
|
||||||
Connection closed by \S+ port \S+ \[preauth\]
|
|
||||||
Connection closed by authenticating user root \S+ port \S+ \[preauth\]
|
|
||||||
error: kex_exchange_identification: banner line contains invalid characters
|
|
||||||
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
|
|
||||||
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
|
|
||||||
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
|
|
||||||
error: kex_exchange_identification: Connection closed by remote host
|
|
||||||
error: kex_exchange_identification: read: Connection reset by peer
|
|
||||||
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
|
|
||||||
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
|
|
||||||
error: PAM: Authentication failure for \S+ from \S+
|
|
||||||
error: PAM: Authentication failure for illegal user \S+ from \S+
|
|
||||||
error: Protocol major versions differ: 2 vs\. 1
|
|
||||||
error: beginning MaxStartups throttling
|
|
||||||
fatal: Timeout before authentication for \S+ port [0-9]+
|
|
||||||
'';
|
|
||||||
match = "SYSLOG_IDENTIFIER = sshd";
|
match = "SYSLOG_IDENTIFIER = sshd";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user