Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2024-11-21 22:03:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

journalwatch config

Browse Source
This commit is contained in:
Daniel Langbein 2024-09-24 22:19:55 +02:00
parent 17b21b0e74
commit 5204b0310a
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
1 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
modules/journalwatch.nix
View File

@ -183,6 +183,8 @@
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|PATCH|POST|PUT) /ocs/(v1|v2)\.php" (200|201|202|204|304|401|403|404|412|500)
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(GET|HEAD) /(ocm|ocs)-provider/index\.php" 200
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|MKCOL|MOVE|PROPFIND|PUT) /public\.php" (200|201|204|207|401|403|404)
#
crond: USER www-data pid [0-9]+ cmd php -f /var/www/html/cron\.php
'';
match = "IMAGE_NAME = /p1st/nextcloud:(25|26|27|stable)-fpm-alpine/";
}
@ -482,6 +484,13 @@
# _SYSTEMD_UNIT
#
{ # yodaNas
filters = ''
.*
'';
match = "_SYSTEMD_UNIT = /(systemd-logind|syncthing)\\.service/";
}
{ # yodaNas
filters = ''
\s*The \S+ (A|AAAA) record points already to \S+
@ -545,7 +554,7 @@
{ # yodaYoga, yodaNas
filters = ''
Accepted publickey for root from \S+ port \S+ ssh2: RSA SHA256:\S+
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
pam_unix\(sshd:session\): session opened for user \S+ by \S+
Received disconnect from \S+ port \S+:11: disconnected by user
Disconnected from user \S+ \S+ port \S+
@ -673,6 +682,8 @@
{
filters = ''
pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)
pam_unix\(sudo:session\): session closed for user root
# yodaTux. If the user `yoda` runs a command with `sudo`.
\s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
# yodaNas. If the btrbk service is run.
@ -692,7 +703,30 @@
filters = ''
\S+\.(service|scope|slice|mount): Consumed .+ CPU time, read .+ from disk, written .+ to disk(, .+|\.)
\S+\.(service|scope|slice|mount): Consumed .+ CPU time(, .+)?, received .+ IP traffic, sent .+ IP traffic\.
\S+\.(service|scope|slice|mount): Consumed .+ CPU time, no IP traffic\.
\S+\.(service|scope|slice|mount): Consumed .+ CPU time(, .+)?, no IP traffic\.
#
.*smtpd-key\.service.*
#
Starting User Runtime Directory /run/user/(0|1000)\.\.\.
Finished User Runtime Directory /run/user/(0|1000)\.
Stopping User Runtime Directory /run/user/(0|1000)\.\.\.
Starting User Manager for UID (0|1000)\.\.\.
Started User Manager for UID (0|1000)\.
Stopping User Manager for UID (0|1000)\.\.\.
Started Session [0-9]+ of User (root|yoda)\.
session-[0-9]+\.scope: Deactivated successfully\.
#
Starting Load Kernel Module efi_pstore\.\.\.
Starting Create SUID/SGID Wrappers\.\.\.
Stopped target Reactivate sysinit units\.
Stopping Reactivate sysinit units\.\.\.
Reached target Reactivate sysinit units\.
Reached target Local File Systems\.
Reached target Remote File Systems\.
Finished Load Kernel Module efi_pstore\.
Finished Create SUID/SGID Wrappers\.
[a-zA-Z ]+ was skipped because of an unmet condition check \([^\)]+\)\.
Update is Completed was skipped because no trigger condition checks were met\.
#
Starting Takes BTRFS snapshots and maintains retention policies\.\.\.\.
Finished Takes BTRFS snapshots and maintains retention policies\.\.
@ -714,7 +748,7 @@
{
filters = (''
# Somebody evil iterating through different ports
refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ TC=0 HOPLIMIT=255 FLOWLBL=\S+ PROTO=TCP SPT=\S+ DPT=\S+ WINDOW=\S+ RES=0x00 SYN URGP=0
refused connection: IN=\S+ OUT= MAC=\S+ SRC=\S+ DST=\S+ LEN=\S+ TC=[0-9]+ HOPLIMIT=[0-9]+ FLOWLBL=[0-9]+ PROTO=TCP SPT=[0-9]+ DPT=[0-9]+ WINDOW=[0-9]+ RES=0x00 SYN URGP=0\s+
# Ignore.
systemd\[[0-9]\]: memfd_create\(\) called without MFD_EXEC or MFD_NOEXEC_SEAL set
# Ignore.