From b9a09af914a0cd2a701bc819878aa6cb9bae1a51 Mon Sep 17 00:00:00 2001 From: Markus Oesterle Date: Thu, 16 Apr 2015 21:33:57 +0200 Subject: [PATCH] Added changes to ChangeLog & updated sample test cases --- ChangeLog | 1 + fail2ban/tests/files/logs/sshd | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 19eacf83..239d3da9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,7 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released * firewallcmd-* actions: split output into separate lines for grepping (gh-908) * Guard unicode encode/decode issues while storing records in the database. Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting + * filter.d/sshd added regex for matching openSUSE ssh authentication failure - New Features: - New filters: diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd index a6e54196..f1f0d982 100644 --- a/fail2ban/tests/files/logs/sshd +++ b/fail2ban/tests/files/logs/sshd @@ -148,3 +148,8 @@ Apr 27 13:02:04 host sshd[29116]: User root not allowed because account is locke Apr 27 13:02:04 host sshd[29116]: input_userauth_request: invalid user root [preauth] # failJSON: { "time": "2005-04-27T13:02:04", "match": true , "host": "1.2.3.4", "desc": "No Bye-Bye" } Apr 27 13:02:04 host sshd[29116]: Received disconnect from 1.2.3.4: 11: Normal Shutdown, Thank you for playing [preauth] + +# Match sshd auth errors on OpenSUSE systems +# failJSON: { "time": "Thu Apr 16 19:02:50 2015", "match": true , "host": "222.186.21.217", "desc": "Authentification for user failed" } +2015-04-16T18:02:50.321974+00:00 host sshd[2716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.21.217 user=root +