github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #3782 from fdellwing/patch-1 

Adjust sshd.conf filter for OpenSSH 9.8
pull/3407/head^2
Sergey G. Brester 2024-07-03 19:43:04 +02:00 committed by GitHub
parent 59c5e78ce9 216622adb2
commit 7004d175b7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -22,6 +22,8 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
- rename `ipsettype` to `ipsetbackend` (gh-2620), parameter `ipsettype` will be used now to the real set type (gh-3760)
* `filter.d/apache-overflows.conf` - consider AH10244: invalid URI path (gh-3778)
* `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (gh-3769)
* `filter.d/sshd.conf` - adapted to conform possible new daemon name sshd-session, since OpenSSH 9.8
several log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd" (gh-3782)
### New Features and Enhancements
* `action.d/*-ipset.conf`:

2
config/filter.d/sshd.conf
View File

@ -16,7 +16,7 @@ before = common.conf
[DEFAULT]
_daemon = sshd
_daemon = sshd(?:-session)?
# optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
__pref = (?:(?:error|fatal): (?:PAM: )?)?

2
fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
View File

@ -9,7 +9,7 @@ before = ../../../../config/filter.d/common.conf
[DEFAULT]
_daemon = sshd
_daemon = sshd(?:-session)?
# optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
__pref = (?:(?:error|fatal): (?:PAM: )?)?

3
fail2ban/tests/files/logs/sshd
View File

@ -20,6 +20,9 @@ Feb 25 14:34:10 belka sshd[31603]: Failed password for invalid user ROOT from aa
# failJSON: { "time": "2005-02-25T14:34:11", "match": true , "host": "aaaa:bbbb:cccc:1234::1:1" }
Feb 25 14:34:11 belka sshd[31603]: Failed password for invalid user ROOT from aaaa:bbbb:cccc:1234::1:1
# failJSON: { "time": "2005-07-03T14:59:17", "match": true , "host": "192.0.2.1", "desc": "new log with session in daemon prefix, gh-3782" }
Jul 3 14:59:17 host sshd-session[1571]: Failed password for root from 192.0.2.1 port 56502 ssh2
#3
# failJSON: { "time": "2005-01-05T01:31:41", "match": true , "host": "1.2.3.4" }
Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4