mirror of https://github.com/fail2ban/fail2ban
Merge branch 'bsd_logs' of https://github.com/grooverdan/fail2ban
* 'bsd_logs' of https://github.com/grooverdan/fail2ban: ENH: separate out regex and escape a . BF: missed MANIFEST include DOC: credits for bsd log DOC: bsd syslog files thanks to Nick Hilliard BF: change common.conf to handle formats of syslog -v and syslog -vv in BSD Conflicts: config/filter.d/common.confpull/218/head
commit
976a65bb89
|
@ -54,6 +54,8 @@ fail2ban-users mailing list and IRC.
|
|||
gh-70. Thanks to iGeorgeX for the idea.
|
||||
blotus
|
||||
* [96eb8986] ' and " should also be escaped in action tags Closes gh-109
|
||||
Christoph Theis, Nick Hilliard, Daniel Black
|
||||
* [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD
|
||||
- New features:
|
||||
Yaroslav Halchenko
|
||||
* [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile}
|
||||
|
|
3
MANIFEST
3
MANIFEST
|
@ -43,6 +43,9 @@ server/datetemplate.py
|
|||
server/mytime.py
|
||||
server/failregex.py
|
||||
testcases/files/testcase-usedns.log
|
||||
testcases/files/logs/bsd/syslog-plain.txt
|
||||
testcases/files/logs/bsd/syslog-v.txt
|
||||
testcases/files/logs/bsd/syslog-vv.txt
|
||||
testcases/banmanagertestcase.py
|
||||
testcases/failmanagertestcase.py
|
||||
testcases/clientreadertestcase.py
|
||||
|
|
|
@ -41,10 +41,16 @@ __kernel_prefix = kernel: \[\d+\.\d+\]
|
|||
|
||||
__hostname = \S+
|
||||
|
||||
|
||||
# bsdverbose is where syslogd is started with -v or -vv and results in <4.3> or
|
||||
# <auth.info> appearing before the host as per testcases/files/logs/bsd/*.
|
||||
__bsd_syslog_verbose = (<[^.]+\.[^.]+>)
|
||||
|
||||
#
|
||||
# Common line prefixes (beginnings) which could be used in filters
|
||||
#
|
||||
# [hostname] [vserver tag] daemon_id spaces
|
||||
# this can be optional (for instance if we match named native log files)
|
||||
__prefix_line = \s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
|
||||
# [bsdverbose]? [hostname] [vserver tag] daemon_id spaces
|
||||
#
|
||||
# This can be optional (for instance if we match named native log files)
|
||||
__prefix_line = \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
|
||||
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
Apr 2 17:52:55 pancake sshd[55657]: Invalid user oracle from 192.0.2.100
|
||||
Apr 2 17:53:01 pancake sshd[55657]: error: PAM: authentication error for illegal user oracle from test.example.com
|
||||
Apr 2 17:53:01 pancake sshd[55657]: Failed keyboard-interactive/pam for invalid user oracle from 192.0.2.100 port 48856 ssh2
|
|
@ -0,0 +1,10 @@
|
|||
Apr 2 17:51:27 <4.3> pancake sshd[55624]: error: PAM: authentication error for nick from test.example.com
|
||||
Apr 2 17:51:32 <4.6> pancake sshd[55628]: Invalid user r00t from 192.0.2.100
|
||||
Apr 2 17:51:33 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from test.example.com
|
||||
Apr 2 17:51:33 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
|
||||
Apr 2 17:51:34 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from test.example.com
|
||||
Apr 2 17:51:34 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
|
||||
Apr 2 17:51:36 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from test.example.com
|
||||
Apr 2 17:51:36 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
|
||||
Apr 2 17:52:06 <4.6> pancake sshd[55647]: Invalid user oracle from 192.0.2.100
|
||||
Apr 2 17:52:07 <4.3> pancake sshd[55647]: error: PAM: authentication error for illegal user oracle from test.example.com
|
|
@ -0,0 +1,5 @@
|
|||
Mar 19 23:48:18 <auth.info> pancake sshd[55517]: Invalid user r00t from 183.60.159.20
|
||||
Mar 19 23:48:20 <auth.info> pancake sshd[55519]: Invalid user r00t from 183.60.159.20
|
||||
Mar 19 23:50:03 <auth.info> pancake sshd[55604]: Invalid user http from 183.60.159.20
|
||||
Mar 19 23:50:05 <auth.info> pancake sshd[55606]: Invalid user kylix from 183.60.159.20
|
||||
Mar 19 23:50:08 <auth.info> pancake sshd[55608]: Invalid user nagios from 183.60.159.20
|
Loading…
Reference in New Issue