From f714c96d0e53ea93010fc3d0d8e9ff9a03497d36 Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Tue, 10 Jul 2007 20:24:44 +0000 Subject: [PATCH] - Updated regular expressions git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@598 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- CHANGELOG | 1 + config/filter.d/sshd.conf | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 85ac9a04..acf9f939 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -12,6 +12,7 @@ ver. 0.8.1 (2007/??/??) - stable - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid - Expand in ignoreregex. Thanks to Yaroslav Halchenko - Improved regular expressions. Thanks to Yaroslav Halchenko + and others - Added sendmail actions. The action started with "mail" are now deprecated. Thanks to Raphaƫl Marichez - Added "ignoreregex" support to fail2ban-regex diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf index 39416f43..98b5ceae 100644 --- a/config/filter.d/sshd.conf +++ b/config/filter.d/sshd.conf @@ -14,11 +14,12 @@ # (?:::f{4,6}:)?(?P\S+) # Values: TEXT # -failregex = Authentication failure for .* from $ - Failed [-/\w]+ for .* from $ - ROOT LOGIN REFUSED .* FROM $ - [iI](?:llegal|nvalid) user .* from $ - User .* from not allowed because not listed in AllowUsers$ +failregex = Authentication failure for .+ from (?: port \d+ ssh2)?$ + Failed [-/\w]+ for .+ from (?: port \d+ ssh2)?$ + ROOT LOGIN REFUSED .+ FROM (?: port \d+ ssh2)?$ + [iI](?:llegal|nvalid) user .+ from (?: port \d+ ssh2)?$ + User .+ from not allowed because not listed in AllowUsers$ + User .+ from not allowed because none of user's groups are listed in AllowGroups$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored.