github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: tune up sshd-ddos to use common.conf and allow training spaces

pull/95/head
Yaroslav Halchenko 2012-12-07 15:17:08 -05:00
parent 51a3be2d79
commit fc27e00290
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config/filter.d/sshd-ddos.conf
View File

@ -2,11 +2,17 @@
# #
# Author: Yaroslav Halchenko # Author: Yaroslav Halchenko
# #
# $Revision$
# [INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition] [Definition]
_daemon = sshd
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The # Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can # host must be matched by a group named "host". The tag "<HOST>" can
@ -14,7 +20,7 @@
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT # Values: TEXT
# #
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$ failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

2
testcases/files/logs/sshd-ddos Normal file
View File

@ -0,0 +1,2 @@
# http://forums.powervps.com/showthread.php?t=1667
Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114