DOC: resolve ChangeLog conflicts

ChangeLog

@@ -69,6 +69,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/apache-auth - added expressions for mod_authz, mod_auth and
      mod_auth_digest failures.
    * filter.d/recidive -- support f2b syslog target and anchor regex at start
+   * filter.d/pam-generic - added syslog prefix. Disabled support for
+     linux-pam before version 0.99.2.0 (2005)
   Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий
    * filter.d/exim.conf -- regex hardening and extra failure examples in
      sample logs

config/filter.d/pam-generic.conf

@@ -3,6 +3,9 @@
 # Author: Yaroslav Halchenko
 #
 #
+[INCLUDES]
+
+before = common.conf
 
 [Definition]
 
@@ -11,17 +14,19 @@
 # To catch all failed logins
 _ttys_re=\S*
 
-#
-# Shortcuts for easier comprehension of the failregex
-__pid_re=(?:\[\d+\])
 __pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
-__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
+_daemon = \S+
 
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
-failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+
+# for linux-pam before 0.99.2.0 (late 2005)
+# _daemon = \S*\(?pam_unix\)?
+# failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

testcases/files/logs/pam-generic

@@ -6,9 +6,12 @@ May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= ui
 May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
 # failJSON: { "time": "2005-05-15T18:02:12", "match": true , "host": "66.232.129.62" }
 May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62  user=mark
-# failJSON: { "time": "2004-11-25T17:12:13", "match": true , "host": "192.168.10.3" }
+
+# linux-pam messages before commit f0f9c4479303b5a9c37667cf07f58426dc081676 (release 0.99.2.0 ) - nolonger supported
+# failJSON: { "time": "2004-11-25T17:12:13", "match": false }
 Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
-# failJSON: { "time": "2005-07-19T18:11:26", "match": true , "host": "www3.google.com" }
-Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
-# failJSON: { "time": "2005-07-19T18:11:26", "match": true , "host": "www3.google.com" }
-Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
+
+# failJSON: { "time": "2005-07-19T18:11:26", "match": true , "host": "www.google.com" }
+Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www.google.com
+# failJSON: { "time": "2005-07-19T18:11:26", "match": true , "host": "www.google.com" }
+Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www.google.com