Merge branches 'debian' and 'up/sshd_refused_connect' into build: NF: refused connect sshd failregex

debian-releases/squeeze
Yaroslav Halchenko 2007-11-23 09:02:58 -05:00
commit 4b95233acb
3 changed files with 14 additions and 7 deletions

View File

@ -20,6 +20,7 @@ failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
[iI](?:llegal|nvalid) user .* from <HOST>\s*$ [iI](?:llegal|nvalid) user .* from <HOST>\s*$
User .+ from <HOST> not allowed because not listed in AllowUsers\s*$ User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
sshd(?:\[\d+\])?: refused connect from \S+ \(<HOST>\)\s*$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

9
debian/changelog vendored
View File

@ -1,12 +1,15 @@
fail2ban (0.8.1-3~pre2~1.gbp5ac568) UNRELEASED; urgency=low fail2ban (0.8.1-3~pre2~2.gbpb2ab5f) UNRELEASED; urgency=low
** SNAPSHOT build @b2ab5fc085525a29b8a57ac1ad17c510b26f5290 **
* Propagated patch from 0.9 upstream branch: Replaced ssocket.py with * Propagated patch from 0.9 upstream branch: Replaced ssocket.py with
asyncore/asynchat implementation. Correct fix for bug #1769616. That is asyncore/asynchat implementation. Correct fix for bug #1769616. That is
supposed to resolve spontaneous 100% CPU utilization by fail2ban-server. supposed to resolve spontaneous 100% CPU utilization by fail2ban-server.
* BF: removed sftp from ssh jails (closes: #436053) * BF: removed sftp from ssh jails (closes: #436053)
* NF: new filter for 'refused connect' (closes: #451093). Thanks Guido
Bozzetto
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 23 Nov 2007 09:01:11 -0500
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 11 Nov 2007 01:12:18 -0500
fail2ban (0.8.1-2) unstable; urgency=low fail2ban (0.8.1-2) unstable; urgency=low

View File

@ -5,10 +5,10 @@
## DP: No description. ## DP: No description.
@DPATCH@ @DPATCH@
diff -urNad trunk~/config/filter.d/sshd.examples trunk/config/filter.d/sshd.examples diff -urNad fail2ban~/config/filter.d/sshd.examples fail2ban/config/filter.d/sshd.examples
--- trunk~/config/filter.d/sshd.examples 1969-12-31 19:00:00.000000000 -0500 --- fail2ban~/config/filter.d/sshd.examples 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/sshd.examples 2007-08-14 19:40:23.000000000 -0400 +++ fail2ban/config/filter.d/sshd.examples 2007-11-23 08:59:47.000000000 -0500
@@ -0,0 +1,19 @@ @@ -0,0 +1,22 @@
+#1 +#1
+Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6 +Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
+May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com +May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
@ -28,3 +28,6 @@ diff -urNad trunk~/config/filter.d/sshd.examples trunk/config/filter.d/sshd.exam
+#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch +#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
+Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers +Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
+Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers +Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
+
+#6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
+Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)