Commit Graph

93 Commits (5561423be3b2d4636f5484183c3ad470fd326d06)

Author SHA1 Message Date
sebres 5561423be3 filter.d/sshd.conf: fixed failregex format - some parts are optional, new ddos more precise rule (Connection reset by with host entry);
8 years ago
sebres 0c1707afda filter.d/sshd.conf:
8 years ago
sebres 35efca5941 Better multi-line handling introduced: single-line parsing with caching of needed failure information to process in further lines.
8 years ago
sebres 4ff8d051f4 Introduced new filter option `prefregex` for pre-filtering using single regular expression;
8 years ago
sebres 1823571e0f Merge branch 'ssh-filter-new-regexp' into 0.10
8 years ago
sebres 9d06f0ee40 sshd-amend: optional space after port part
8 years ago
sebres e8a1556562 Merge remote-tracking branch 'master' into 0.10
8 years ago
sebres 8aa9516d50 sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652)
8 years ago
sebres 3276bd6d54 sshd: additionally aggressive filter rules - no matching cipher resp. no matching key exchange method (gh-1545, gh-1117)
8 years ago
sebres 628789f9a9 sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive)
8 years ago
sebres dd373dba9f test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>;
8 years ago
sebres 7019640eb3 Merge branch 'fix-gh-1658' into 0.10
8 years ago
sebres a9523aefbb sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space).
8 years ago
sebres c9f32f75e6 Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10)
8 years ago
sebres 40cbe96352 Merge remote-tracking branch 0.10 into _0.10/fix-datedetector-grave-fix-v2
8 years ago
sebres b5433f48b7 amend after code review of merge gh-1581
8 years ago
sebres bee6e7376b Merge branch 'aclindsa:master'
8 years ago
sebres ab0ac2111c added possibility to specify more precise default date pattern:
8 years ago
Aaron Lindsay 7805f9972d filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'
8 years ago
sebres 2c54f90469 sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also.
8 years ago
sebres a544c5abac sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>"
8 years ago
jblachly e9202fa0b2 Placed failure (illumos) at end of regex
9 years ago
jblachly 25c2334bc8 SmartOS PAM Authentication failed (not failURE)
9 years ago
Yaroslav Halchenko 5d6cead996 ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269)
9 years ago
Kevin Locke 36919d9f97 ssh.conf: Fix disconnect "Auth fail" matching
9 years ago
Markus Oesterle f8c7247f42 added \s after host
10 years ago
Markus Oesterle 5f2807b41f replaced .* before rhost with regex matching all the previous fields
10 years ago
Markus Oesterle 8825a5f31b updated filter.d/sshd.conf
10 years ago
pmarrapese 96918acee4 more explicit match for sshd filter & added test
11 years ago
pmarrapese 46d6e93800 adjusted sshd filter regex to catch more verbose lines
11 years ago
Steven Hiscocks bc10b64c69 ENH: Match non "Bye Bye" for sshd locked accounts failregex
11 years ago
Daniel Black c701ac9276 DOC: document LogLevel requirement for "Connection from" regex"
11 years ago
Daniel Black 5f4d0ed576 ENH: ssh filter - "Disconnecting: Too many authentication failures.." matching Connection log message
11 years ago
Daniel Black ef82eac790 DOC: openssh real protection is pubkey
11 years ago
Daniel Black 76468942f9 MRG: complete merge from master
11 years ago
Daniel Black a8e0498389 BF: add expression for ssh filter for code 3: SSH2_DISCONNECT_KEY_EXCHANGE_FAILED. closes gh-289
11 years ago
Daniel Black 227f27ce6b ENH: added multiline filter for sshd filter
11 years ago
Daniel Black 1ac7b53cad MRG: merge from master
11 years ago
Yaroslav Halchenko bf245f9640 DOC: adding DEV Notes for for non-greedy matchin within sshd.conf
11 years ago
Yaroslav Halchenko 750e0c1e3d BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
11 years ago
Yaroslav Halchenko abb012ae5c BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy
11 years ago
Daniel Black 47d35c9d80 MRG: 0.8.11 to 0.9
11 years ago
Daniel Black 89fd792dfb DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
11 years ago
Daniel Black 778f09debe DOC/ENH: __md5hex regex defination to common.conf. Document debian bug #
11 years ago
Daniel Black f2ae20a3b8 BF: filter.d/sshd group on md5hex and () for serial needed to be escaped
11 years ago
Daniel Black 1eeb6e94bd BF: fix regex for openssh-6.3
11 years ago
Steven Hiscocks 5ca6a9aeb6 Merge branch 'systemd-journal' into 0.9
12 years ago
Steven Hiscocks 49261925d7 ENH: Add new regex for locked accounts for sshd
12 years ago
Steven Hiscocks f7d328195f NF: Add systemd journal backend
12 years ago
Yaroslav Halchenko e7cb0f8b8c ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
12 years ago