diff options
Diffstat (limited to 'security/bruteblock/files/patch-etc-ssh.conf')
| -rw-r--r-- | security/bruteblock/files/patch-etc-ssh.conf | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/security/bruteblock/files/patch-etc-ssh.conf b/security/bruteblock/files/patch-etc-ssh.conf new file mode 100644 index 000000000000..fd9be082ce49 --- /dev/null +++ b/security/bruteblock/files/patch-etc-ssh.conf @@ -0,0 +1,22 @@ +--- etc/ssh.conf.orig 2006-08-20 10:22:37.000000000 +0400 ++++ etc/ssh.conf 2009-10-14 03:46:53.000000000 +0400 +@@ -14,8 +14,17 @@ + # comment: correct user, but wrong password + #sshd[72626]: Failed password for samm from 1.2.3.4 + # +-regexp = sshd.*Illegal user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +-regexp1 = sshd.*Failed password for (?:illegal user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ++# comment: other messages ++#sshd[41945]: error: PAM: authentication error for alice from 192.168.0.1 ++#sshd[41945]: error: PAM: authentication error for illegal user root from 192.168.0.1 ++#sshd[41945]: Failed keyboard-interactive/pam for invalid user root from 192.168.0.1 port 64507 ssh2 ++#sshd[16666]: Failed unknown for illegal user asdfasdfasd from 192.168.0.1 port 52652 ssh2 ++#sshd[16666]: Did not receive identification string from 192.168.0.1 ++# ++regexp = sshd.*(?:Illegal|Invalid) user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ++regexp1 = sshd.*Failed \S+ for (?:(?:illegal|invalid) user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ++regexp2 = sshd.*error: PAM: authentication error for (?:(?:illegal|invalid) user )\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ++regexp3 = sshd.*Did not receive identification string from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) + + # Number of failed login attempts within time before we block + max_count = 4 |