github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

tuned pam_generic to catch some weird log lines

pull/3/head
Yaroslav Halchenko 2007-07-21 02:27:30 +00:00
parent f58421eabf
commit a843d0da04
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
debian/patches/00_pam_generic.dpatch vendored
View File

@ -7,8 +7,8 @@
@DPATCH@
diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-generic.conf
--- trunk~/config/filter.d/pam-generic.conf 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/pam-generic.conf 2007-06-25 12:41:38.000000000 -0400
@@ -0,0 +1,26 @@
+++ trunk/config/filter.d/pam-generic.conf 2007-07-20 22:26:52.000000000 -0400
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file for wuftpd
+#
+# Author: Yaroslav Halchenko
@ -26,7 +26,7 @@ diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-ge
+#
+# Shortcuts for easier comprehension of the failregex
+__pid_re=(?:\[\d+\])
+__pam_re=\(pam_unix\)
+__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+__pam_combs_re=(?:%(__pid_re)s?:\s+%(__pam_re)s|%(__pam_re)s%(__pid_re)s?:)
+
+# Option: failregex
@ -34,13 +34,14 @@ diff -urNad trunk~/config/filter.d/pam-generic.conf trunk/config/filter.d/pam-ge
+# Values: TEXT
+#
+failregex = \s\S+ \S+%(__pam_combs_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+
diff -urNad trunk~/config/filter.d/pam-generic.examples trunk/config/filter.d/pam-generic.examples
--- trunk~/config/filter.d/pam-generic.examples 1969-12-31 19:00:00.000000000 -0500
+++ trunk/config/filter.d/pam-generic.examples 2007-06-25 12:41:38.000000000 -0400
@@ -0,0 +1,5 @@
+++ trunk/config/filter.d/pam-generic.examples 2007-07-20 22:26:43.000000000 -0400
@@ -0,0 +1,7 @@
+Feb 7 15:10:42 example pure-ftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=sample-user rhost=192.168.1.1
+May 12 09:47:54 vaio sshd[16004]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com user=root
+May 12 09:48:03 vaio sshd[16021]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71-13-115-12.static.mdsn.wi.charter.com
+May 15 18:02:12 localhost proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=66.232.129.62 user=mark
+Nov 25 17:12:13 webmail pop(pam_unix)[4920]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.10.3 user=mailuser
+Jul 19 18:11:26 srv2 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com
+Jul 19 18:11:26 srv2 vsftpd: pam_unix: authentication failure; logname= uid=0 euid=0 tty=ftp ruser=an8767 rhost=www3.google.com