Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2024-11-21 22:03:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

journalwatch config

Browse Source
This commit is contained in:
Daniel Langbein 2024-09-14 21:20:49 +02:00
parent 4afe0f18f7
commit 6435ad8dbc
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
1 changed files with 45 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
modules/journalwatch.nix
View File

@ -311,6 +311,51 @@
# _SYSTEMD_UNIT # _SYSTEMD_UNIT
# #
{ # yodaHedgehog
filters = ''
info: OpenSMTPD \S+-portable starting
\S+ smtp connected address=local host=${config.networking.hostName}
\S+ smtp message msgid=\S+ size=\S+ nrcpt=1 proto=ESMTP
\S+ smtp envelope evpid=6942f031b936b01f from=\S+ to=\S+
\S+ smtp disconnected reason=quit
\S+ mta connecting address=smtps://\S+ host=\S+
\S+ mta connected
\S+ mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
\S+ mta cert-check result=\\"valid\\" fingerprint=\S+
\S+ mta delivery evpid=\S+ from=\S+ to=\S+ rcpt=<-> source=\S+ relay="\S+ \(\S+\)" delay=\S+ result="Ok" stat="250 2.0.0 Ok: queued as \S+"
\S+ mta disconnected reason=quit messages=1
Exiting
'';
match = "_SYSTEMD_UNIT = opensmtpd.service";
}
{ # yodaYoga, yodaNas
filters = ''
Accepted publickey for root from \S+ port \S+ ssh2: RSA SHA256:\S+
pam_unix\(sshd:session\): session opened for user root\(uid=0\) by \(uid=0\)
Received disconnect from \S+ port \S+:11: disconnected by user
Disconnected from user root \S+ port \S+
pam_unix\(sshd:session\): session closed for user root
#
# Somebody evil ...
#
error: kex_exchange_identification: banner line contains invalid characters
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
error: kex_exchange_identification: Connection closed by remote host
error: kex_exchange_identification: read: Connection reset by peer
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
error: PAM: Authentication failure for \S+ from \S+
error: PAM: Authentication failure for illegal user \S+ from \S+
error: Protocol major versions differ: 2 vs\. 1
error: beginning MaxStartups throttling
fatal: Timeout before authentication for \S+ port [0-9]+
'';
match = "_SYSTEMD_UNIT = sshd.service";
}
# TODO: Wait until issue is resolved # TODO: Wait until issue is resolved
# https://github.com/NixOS/nixpkgs/issues/267857 # https://github.com/NixOS/nixpkgs/issues/267857
# /etc/tmpfiles.d/tmp.conf:11: Duplicate line for path "/tmp", ignoring. # /etc/tmpfiles.d/tmp.conf:11: Duplicate line for path "/tmp", ignoring.
@ -399,25 +444,6 @@
# SYSLOG_IDENTIFIER # SYSLOG_IDENTIFIER
# #
{ # yodaYoga, yodaNas
filters = ''
# Somebody evil ...
error: kex_exchange_identification: banner line contains invalid characters
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
error: kex_exchange_identification: Connection closed by remote host
error: kex_exchange_identification: read: Connection reset by peer
error: kex_protocol_error: type [0-9]+ seq [0-9]+ \[preauth\]
error: kex protocol error: type [0-9]+ seq [0-9]+ \[preauth\]
error: PAM: Authentication failure for \S+ from \S+
error: PAM: Authentication failure for illegal user \S+ from \S+
error: Protocol major versions differ: 2 vs\. 1
error: beginning MaxStartups throttling
fatal: Timeout before authentication for \S+ port [0-9]+
'';
match = "SYSLOG_IDENTIFIER = sshd";
}
{ {
filters = '' filters = ''
# yodaTux. If the user `yoda` runs a command with `sudo`. # yodaTux. If the user `yoda` runs a command with `sudo`.