From b0ca189ff9fcbf4cce0c1eb67123ff9a0f1c2190 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 15 Apr 2018 15:35:42 +0200 Subject: [PATCH] journalwatch: ignore failed SSH attempts... there are just too many... --- roles/journalwatch/{templates => files}/config | 2 +- roles/journalwatch/{templates => files}/patterns | 2 ++ roles/journalwatch/tasks/journalwatch.yml | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) rename roles/journalwatch/{templates => files}/config (85%) rename roles/journalwatch/{templates => files}/patterns (93%) diff --git a/roles/journalwatch/templates/config b/roles/journalwatch/files/config similarity index 85% rename from roles/journalwatch/templates/config rename to roles/journalwatch/files/config index 8da85b8..468a7b2 100644 --- a/roles/journalwatch/templates/config +++ b/roles/journalwatch/files/config @@ -11,5 +11,5 @@ priority=5 mail_from=root mail_to=root -mail_subject={hostname}: {count} system events +mail_subject={hostname}: {count} system events (journalwatch) mail_binary=/usr/sbin/sendmail diff --git a/roles/journalwatch/templates/patterns b/roles/journalwatch/files/patterns similarity index 93% rename from roles/journalwatch/templates/patterns rename to roles/journalwatch/files/patterns index 8b5d7d2..ef042a2 100644 --- a/roles/journalwatch/templates/patterns +++ b/roles/journalwatch/files/patterns @@ -59,6 +59,8 @@ warning: non-SMTP command from \w+\[[\da-fA-F.:]+\]: .* SYSLOG_IDENTIFIER = sshd error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .* error: maximum authentication attempts exceeded for invalid user \w+ from [\da-fA-F.:]+ port \d+ ssh2( \[preauth\])? +pam_unix\(sshd:auth\): check pass; user unknown +pam_unix\(sshd:auth\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[\da-fA-F.:]+( user=root)? _SYSTEMD_UNIT = bind9.service client [\da-fA-F.:]+#\d+ \([\w.-]+\): (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type)) diff --git a/roles/journalwatch/tasks/journalwatch.yml b/roles/journalwatch/tasks/journalwatch.yml index c9a5375..74e8f68 100644 --- a/roles/journalwatch/tasks/journalwatch.yml +++ b/roles/journalwatch/tasks/journalwatch.yml @@ -8,8 +8,8 @@ - name: create journalwatch config dir file: path=/root/.config/journalwatch state=directory - name: install journalwatch config files - template: - src: templates/{{item}} + copy: + src: files/{{item}} dest: /root/.config/journalwatch/{{item}} loop: - config -- 2.30.2