diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf index 5ae00cae..0d5f1bbb 100644 --- a/config/action.d/ipfw.conf +++ b/config/action.d/ipfw.conf @@ -3,7 +3,7 @@ # Author: Nick Munger # Modified by: Cyril Jaquier # -# $Revision: 254 $ +# $Revision$ # [Definition] diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf index 6055d98b..044aa05b 100644 --- a/config/action.d/mail-whois.conf +++ b/config/action.d/mail-whois.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 254 $ +# $Revision$ # [Definition] diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf index 61522b27..2757aa74 100644 --- a/config/action.d/mail.conf +++ b/config/action.d/mail.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 254 $ +# $Revision$ # [Definition] diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf index 446c8a4b..83e66975 100644 --- a/config/action.d/shorewall.conf +++ b/config/action.d/shorewall.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 394 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf index 280f72b9..6f57cc8c 100644 --- a/config/filter.d/apache-noscript.conf +++ b/config/filter.d/apache-noscript.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 394 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/courierlogin.conf b/config/filter.d/courierlogin.conf index e92301d7..a5b6d161 100644 --- a/config/filter.d/courierlogin.conf +++ b/config/filter.d/courierlogin.conf @@ -3,7 +3,7 @@ # Author: Christoph Haas # Modified by: Cyril Jaquier # -# $Revision: 267 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/couriersmtp.conf b/config/filter.d/couriersmtp.conf index b695a707..a035e285 100644 --- a/config/filter.d/couriersmtp.conf +++ b/config/filter.d/couriersmtp.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 267 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf index 564bb9a8..98b589be 100644 --- a/config/filter.d/exim.conf +++ b/config/filter.d/exim.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 267 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf index 90b19d55..c808b109 100644 --- a/config/filter.d/postfix.conf +++ b/config/filter.d/postfix.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 267 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf index 65ff59b7..1fc31ef5 100644 --- a/config/filter.d/proftpd.conf +++ b/config/filter.d/proftpd.conf @@ -2,7 +2,7 @@ # # Author: Yaroslav Halchenko # -# $Revision: 331 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/qmail.conf b/config/filter.d/qmail.conf index 854d4ee2..0ae518fc 100644 --- a/config/filter.d/qmail.conf +++ b/config/filter.d/qmail.conf @@ -2,7 +2,7 @@ # # Author: Cyril Jaquier # -# $Revision: 267 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf index ad4fe463..c25aca6b 100644 --- a/config/filter.d/sasl.conf +++ b/config/filter.d/sasl.conf @@ -2,7 +2,7 @@ # # Author: Yaroslav Halchenko # -# $Revision: 331 $ +# $Revision$ # [Definition] diff --git a/config/filter.d/sshd-ddos.conf b/config/filter.d/sshd-ddos.conf new file mode 100644 index 00000000..2a907e88 --- /dev/null +++ b/config/filter.d/sshd-ddos.conf @@ -0,0 +1,23 @@ +# Fail2Ban configuration file +# +# Author: Yaroslav Halchenko +# +# $Revision$ +# + +[Definition] + +# Option: failregex +# Notes.: regex to match the password failures messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P\S+) +# Values: TEXT +# +failregex = sshd\[\S*\]: Did not receive identification string from + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf index 9659fa16..fe46dd86 100644 --- a/config/filter.d/sshd.conf +++ b/config/filter.d/sshd.conf @@ -14,7 +14,8 @@ # (?:::f{4,6}:)?(?P\S+) # Values: TEXT # -failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) +failregex = (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) + ROOT LOGIN REFUSED .*(?: from|FROM) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored.