From bf245f9640e3a957f1deb751f9eb28742f957107 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Fri, 8 Nov 2013 14:34:31 -0800
Subject: [PATCH] DOC: adding DEV Notes for for non-greedy matchin within
 sshd.conf

---
 config/filter.d/sshd.conf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index d97fd675..a36b050c 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -26,4 +26,11 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|erro
 
 ignoreregex = 
 
+# DEV Notes:
+#
+#   "Failed \S+ for .*? from <HOST>..." failregex uses non-greedy catch-all because
+#   it is coming before use of <HOST> which is not hard-anchored at the end as well,
+#   and later catch-all's could contain user-provided input, which need to be greedily
+#   matched away first.
+#
 # Author: Cyril Jaquier, Yaroslav Halchenko, Petr Voralek, Daniel Black