From 9a374592e754cb4ba8513149882ae3608ae82286 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sun, 9 Oct 2005 17:12:46 +0000 Subject: [PATCH] adjusted failregex for SSH --- config/fail2ban.conf.default | 2 +- debian/changelog | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default index 18e00c4b..e52fc040 100644 --- a/config/fail2ban.conf.default +++ b/config/fail2ban.conf.default @@ -301,4 +301,4 @@ timepattern = %%b %%d %%H:%%M:%%S # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT Default: (?:Authentication failure|Failed (?:keyboard-interactive/pam|password)) for(?: illegal user)? .* from (?:::f{4,6}:)?(?P\S*) # -failregex = (?:Authentication failure|Failed (?:keyboard-interactive/pam|password)) for(?: illegal user)? .* from (?:::f{4,6}:)?(?P\S*) +failregex = : (?:Authentication failure for |Failed (?:keyboard-interactive/pam|password|unknown) for )?(?:[iI]llegal user )?.* from (?:::f{4,6}:)?(?P\S*) diff --git a/debian/changelog b/debian/changelog index dfc068c4..7957eba3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,11 @@ -fail2ban (0.5.4-5.1) unstable; urgency=low +fail2ban (0.5.4-5.2) unstable; urgency=low * Added a notification regarding the importance of 0.5.4-5 change of failregex in the config file * Adjusted address to FSF + * Adjusted failregex for SSH so it bans "Illegal user" entries as well, and + restricted full failregex more to include ":" at the beginning, because + otherwise it might not be sufficient and would revive bug 330827 -- Yaroslav Halchenko Mon, 3 Oct 2005 22:26:28 -1000