- Updated regular expressions

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@598 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-10 20:24:44 +00:00 · 2007-07-10 20:24:44 +00:00 · f714c96d0e
parent 568264d6c7
commit f714c96d0e
2 changed files with 7 additions and 5 deletions
--- a/1
+++ b/1
@ -12,6 +12,7 @@ ver. 0.8.1 (2007/??/??) - stable
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
 - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
 - Improved regular expressions. Thanks to Yaroslav Halchenko
+  and others
 - Added sendmail actions. The action started with "mail" are
  now deprecated. Thanks to Raphaël Marichez
 - Added "ignoreregex" support to fail2ban-regex
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -14,11 +14,12 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = Authentication failure for .* from <HOST>$
-            Failed [-/\w]+ for .* from <HOST>$
-            ROOT LOGIN REFUSED .* FROM <HOST>$
-            [iI](?:llegal|nvalid) user .* from <HOST>$
-            User .* from <HOST> not allowed because not listed in AllowUsers$
+failregex = Authentication failure for .+ from <HOST>(?: port \d+ ssh2)?$
+            Failed [-/\w]+ for .+ from <HOST>(?: port \d+ ssh2)?$
+            ROOT LOGIN REFUSED .+ FROM <HOST>(?: port \d+ ssh2)?$
+            [iI](?:llegal|nvalid) user .+ from <HOST>(?: port \d+ ssh2)?$
+            User .+ from <HOST> not allowed because not listed in AllowUsers$
+            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.