mirror of https://github.com/fail2ban/fail2ban
30 lines
761 B
Plaintext
30 lines
761 B
Plaintext
# Fail2Ban ssh filter for at attempted exploit
|
|
#
|
|
# The regex here also relates to a exploit:
|
|
#
|
|
# http://www.securityfocus.com/bid/17958/exploit
|
|
# The example code here shows the pushing of the exploit straight after
|
|
# reading the server version. This is where the client version string normally
|
|
# pushed. As such the server will read this unparsible information as
|
|
# "Did not receive identification string".
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# common.local
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = sshd
|
|
|
|
failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
|
|
|
|
ignoreregex =
|
|
|
|
[Init]
|
|
|
|
journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
|
|
|
|
# Author: Yaroslav Halchenko
|