aboutsummaryrefslogtreecommitdiff
path: root/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh
diff options
context:
space:
mode:
Diffstat (limited to 'security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh')
-rw-r--r--security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh b/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh
new file mode 100644
index 000000000000..6b8987a2c2fc
--- /dev/null
+++ b/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh
@@ -0,0 +1,10 @@
+--- rulefiles/linux/ignore.d.paranoid/ssh.orig 2025-08-06 20:24:39 UTC
++++ rulefiles/linux/ignore.d.paranoid/ssh
+@@ -1,5 +1,5 @@
+ # https://sources.debian.org/src/pam/1.5.3-7/modules/pam_unix/pam_unix_sess.c/#L100
+-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+\(uid=[0-9]+\) by \(uid=[0-9]+\)$
++^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+\(uid=[0-9]+\) by \(uid=[0-9]+\)$
+
+ # https://sources.debian.org/src/pam/1.5.3-7/modules/pam_unix/pam_unix_sess.c/#L130
+-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
++^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-20 23:29:35 +0000