For capitalized nasty log entries of sshd

19 years ago · b3dd9fd5ab
parent 046f219eaf
commit b3dd9fd5ab
2 changed files with 12 additions and 1 deletions
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@ -364,4 +364,4 @@ timepattern = %%b %%d %%H:%%M:%%S
 # Notes.:  regex to match the password failures messages in the logfile.
 # Values:  TEXT  Default:  (?:Authentication failure|Failed (?:keyboard-interactive/pam|password)) for(?: illegal user)? .* from (?:::f{4,6}:)?(?P<host>\S*)
 #
-failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user) .* from (?:::f{4,6}:)?(?P<host>\S*)
+failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?:from |FROM) (?:::f{4,6}:)?(?P<host>\S*)
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,14 @@
+fail2ban (0.6.0-6) unstable; urgency=low
+
+  * Updated README.Debian with information about some cases with
+    not-as-shipped configurations of sshd on the boxes running older versions
+    of openssh server
+  * Included regexps for SSH in case iff authentication as root using keys was
+    attempted whenever PermitRootLogin is set to something else than "yes" and
+    key authentication fails.
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Fri,  3 Mar 2006 16:32:38 -0500
+
 fail2ban (0.6.0-5) unstable; urgency=low

  * Fixed Apache section: changed filepath to point at error.log, thus I had