- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@588 a942ae1a-1317-0410-a47c-b1dcaea8d605
18 years ago · 475aa68c11
parent 2f0dedf206
commit 475aa68c11
2 changed files with 6 additions and 4 deletions
--- a/1
+++ b/1
@ -11,6 +11,7 @@ ver. 0.9.0 (2007/??/??) - alpha
 ----------
 - Removed Python 2.4 code. Need more testing
 - Made interactive mode optional in fail2ban-client
+- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid

 ver. 0.8.0 (2007/05/03) - stable
 ----------
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -14,10 +14,11 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = Authentication failure for .* from <HOST>
-            Failed [-/\w]+ for .* from <HOST>
-            ROOT LOGIN REFUSED .* FROM <HOST>
-            [iI](?:llegal|nvalid) user .* from <HOST>
+failregex = Authentication failure for .* from <HOST>$
+            Failed [-/\w]+ for .* from <HOST>$
+            ROOT LOGIN REFUSED .* FROM <HOST>$
+            [iI](?:llegal|nvalid) user .* from <HOST>$
+            User .* from <HOST> not allowed because not listed in AllowUsers$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.