From 03a9e8cf5e71bb97e9af7f4223b1225d203ebc2a Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Fri, 29 Oct 2010 20:43:11 +0200 Subject: logcheck: describe new ssh ignore rules --- fri-epost-docs.org | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'fri-epost-docs.org') diff --git a/fri-epost-docs.org b/fri-epost-docs.org index 362f62f..de953bb 100644 --- a/fri-epost-docs.org +++ b/fri-epost-docs.org @@ -77,6 +77,12 @@ We welcome all critisism, suggestions for improvements, additions etc. Please s - ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync (disabled|enabled) [0-9]+$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync (disabled|enabled|status( change)?) [0-9]+$ + - /etc/logcheck/ignore.d.server/ssh [until logcheck 1.3.7 hits stable] + + + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: disconnected by user$ + + + ** Configuring aptitude and friends We're going for a setup where we install many security updates automatically using the package "unattended-upgrades". Automated upgrades are in general not a very good idea, but "unattended-upgrades" takes steps to minimize the issues with this kind of setup. Given the Debian security teams track record we believe the positives outweigh the negatives. -- cgit v1.2.3