From: Ralf Jung Date: Sun, 24 Dec 2023 10:19:06 +0000 (+0100) Subject: update SSH patterns X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/339ec8c6bb111487c2618f45fae52f19ae556005 update SSH patterns --- diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 528f662..4b4e4cd 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -13,7 +13,7 @@ - name: get rid of packages we do not want apt: name=exim4-base,rpcbind,procmail,fetchmail state=absent autoremove=yes - name: install some basic tools - apt: name=nano,aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop,acl,libpam-systemd,needrestart,debian-security-support state=latest + apt: name=nano,aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop,acl,libpam-systemd,needrestart,reboot-notifier,debian-security-support state=latest # configuration - name: configure root shell copy: diff --git a/roles/journalwatch/templates/patterns b/roles/journalwatch/templates/patterns index 3deaa52..a9f2961 100644 --- a/roles/journalwatch/templates/patterns +++ b/roles/journalwatch/templates/patterns @@ -85,7 +85,7 @@ auth: Warning: Event 0x[\da-fA-F]+ leaked \(parent=\(nil\)\): auth-client-connec SYSLOG_IDENTIFIER = sshd error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .* error: maximum authentication attempts exceeded for (invalid user [\w_-]*|[\w_-]+) from [\da-fA-F.:]+ port \d+ ssh2 \[preauth\] -error: (kex_exchange_identification|send_error|kex protocol error|Bad remote protocol version identification|Protocol major versions differ|beginning MaxStartups throttling).* +error: (kex_exchange_identification|send_error|kex_protocol_error|kex protocol error|Bad remote protocol version identification|Protocol major versions differ|beginning MaxStartups throttling).* fatal: ssh_packet_get_string: string is too large \[preauth\] fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\] error: userauth_pubkey: could not parse key: Invalid key length \[preauth\]