github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #434 from grooverdan/dos-resistant-dropbear 

ENH: DoS resistant dropbear filter
pull/437/head
Daniel Black 2013-11-12 12:45:12 -08:00
parent 62b1f98dff c272573fe3
commit 38503a5848
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config/filter.d/dropbear.conf
View File

@ -23,8 +23,8 @@ before = common.conf
_daemon = dropbear
failregex = ^%(__prefix_line)s[Ll]ogin attempt for nonexistent user ('.*' )?from <HOST>:.*$
^%(__prefix_line)s[Bb]ad (PAM )?password attempt for .+ from <HOST>.*$
failregex = ^%(__prefix_line)s[Ll]ogin attempt for nonexistent user ('.*' )?from <HOST>:\d+$
^%(__prefix_line)s[Bb]ad (PAM )?password attempt for .+ from <HOST>(:\d+)?$
^%(__prefix_line)s[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from <HOST>:\d+\s*$
ignoreregex =
@ -37,5 +37,12 @@ ignoreregex =
#
# The second last failregex line we need to match with the modified dropbear.
#
# For the second regex the following apply:
#
# http://www.netmite.com/android/mydroid/external/dropbear/svr-authpam.c
# http://svn.dd-wrt.com/changeset/16642#file64
#
# http://svn.dd-wrt.com/changeset/16642/src/router/dropbear/svr-authpasswd.c
#
# Author: Francis Russell
# Zak B. Elep