"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf" between
fail2ban-0.10.3.1.tar.gz and fail2ban-0.10.4.tar.gz

About: fail2ban scans log files and bans (via firewall rules) IP-addresses that makes too many access failures. It updates firewall rules to reject the IP address. Experimental version.

zzz-sshd-obsolete-multiline.conf  (fail2ban-0.10.3.1):zzz-sshd-obsolete-multiline.conf  (fail2ban-0.10.4)
skipping to change at line 19 skipping to change at line 19
[DEFAULT] [DEFAULT]
_daemon = sshd _daemon = sshd
# optional prefix (logged from several ssh versions) like "error: ", "error: PAM : " or "fatal: " # optional prefix (logged from several ssh versions) like "error: ", "error: PAM : " or "fatal: "
__pref = (?:(?:error|fatal): (?:PAM: )?)? __pref = (?:(?:error|fatal): (?:PAM: )?)?
# optional suffix (logged from several ssh versions) like " [preauth]" # optional suffix (logged from several ssh versions) like " [preauth]"
__suff = (?: (?:port \d+|on \S+|\[preauth\])){0,3}\s* __suff = (?: (?:port \d+|on \S+|\[preauth\])){0,3}\s*
__on_port_opt = (?: (?:port \d+|on \S+)){0,2} __on_port_opt = (?: (?:port \d+|on \S+)){0,2}
# close by authenticating user:
__authng_user = (?: authenticating user <F-USER>\S+|.+?</F-USER>)?
# single line prefix: # single line prefix:
__prefix_line_sl = %(__prefix_line)s%(__pref)s __prefix_line_sl = %(__prefix_line)s%(__pref)s
# multi line prefixes (for first and second lines): # multi line prefixes (for first and second lines):
__prefix_line_ml1 = (?P<__prefix>%(__prefix_line)s)%(__pref)s __prefix_line_ml1 = (?P<__prefix>%(__prefix_line)s)%(__pref)s
__prefix_line_ml2 = %(__suff)s$<SKIPLINES>^(?P=__prefix)%(__pref)s __prefix_line_ml2 = %(__suff)s$<SKIPLINES>^(?P=__prefix)%(__pref)s
# for all possible (also future) forms of "no matching (cipher|mac|MAC|compressi on method|key exchange method|host key type) found", # for all possible (also future) forms of "no matching (cipher|mac|MAC|compressi on method|key exchange method|host key type) found",
# see ssherr.c for all possible SSH_ERR_..._ALG_MATCH errors. # see ssherr.c for all possible SSH_ERR_..._ALG_MATCH errors.
__alg_match = (?:(?:\w+ (?!found\b)){0,2}\w+) __alg_match = (?:(?:\w+ (?!found\b)){0,2}\w+)
skipping to change at line 51 skipping to change at line 53
^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*%(__suff)s$ ^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*%(__suff)s$
^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*%(__suff)s$ ^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*%(__suff)s$
^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because not in any group\s*%(__suff)s$ ^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because not in any group\s*%(__suff)s$
^%(__prefix_line_sl)srefused connect from \S+ \(<HOST>\) ^%(__prefix_line_sl)srefused connect from \S+ \(<HOST>\)
^%(__prefix_line_sl)sReceived disconnect from <HOST>%(__on_port_opt)s:\ s*3: .*: Auth fail%(__suff)s$ ^%(__prefix_line_sl)sReceived disconnect from <HOST>%(__on_port_opt)s:\ s*3: .*: Auth fail%(__suff)s$
^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*%(__suff)s$ ^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*%(__suff)s$
^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because none of us er's groups are listed in AllowGroups\s*%(__suff)s$ ^%(__prefix_line_sl)sUser .+ from <HOST> not allowed because none of us er's groups are listed in AllowGroups\s*%(__suff)s$
^%(__prefix_line_ml1)s%(__pam_auth)s\(sshd:auth\):\s+authentication fai lure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s. *%(__suff)s$%(__prefix_line_ml2)sConnection closed ^%(__prefix_line_ml1)s%(__pam_auth)s\(sshd:auth\):\s+authentication fai lure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s. *%(__suff)s$%(__prefix_line_ml2)sConnection closed
^%(__prefix_line_sl)s(error: )?maximum authentication attempts exceeded for .* from <HOST>%(__on_port_opt)s(?: ssh\d*)? \[preauth\]$ ^%(__prefix_line_sl)s(error: )?maximum authentication attempts exceeded for .* from <HOST>%(__on_port_opt)s(?: ssh\d*)? \[preauth\]$
^%(__prefix_line_ml1)sUser .+ not allowed because account is locked%(__ prefix_line_ml2)sReceived disconnect from <HOST>%(__on_port_opt)s:\s*11: .+%(__s uff)s$ ^%(__prefix_line_ml1)sUser .+ not allowed because account is locked%(__ prefix_line_ml2)sReceived disconnect from <HOST>%(__on_port_opt)s:\s*11: .+%(__s uff)s$
^%(__prefix_line_ml1)sDisconnecting: Too many authentication failures(? : for .+?)?%(__suff)s%(__prefix_line_ml2)sConnection closed by <HOST>%(__suff)s$ ^%(__prefix_line_ml1)sDisconnecting: Too many authentication failures(? : for .+?)?%(__suff)s%(__prefix_line_ml2)sConnection closed by%(__authng_user)s <HOST>%(__suff)s$
^%(__prefix_line_ml1)sConnection from <HOST>%(__on_port_opt)s%(__prefix _line_ml2)sDisconnecting: Too many authentication failures(?: for .+?)?%(__suff) s$ ^%(__prefix_line_ml1)sConnection from <HOST>%(__on_port_opt)s%(__prefix _line_ml2)sDisconnecting: Too many authentication failures(?: for .+?)?%(__suff) s$
mdre-normal = mdre-normal =
mdre-ddos = ^%(__prefix_line_sl)sDid not receive identification string from <HO ST> mdre-ddos = ^%(__prefix_line_sl)sDid not receive identification string from <HO ST>
^%(__prefix_line_sl)sConnection closed by%(__authng_user)s <HOST>%( __on_port_opt)s\s+\[preauth\]\s*$
^%(__prefix_line_sl)sConnection reset by <HOST> ^%(__prefix_line_sl)sConnection reset by <HOST>
^%(__prefix_line_ml1)sSSH: Server;Ltype: (?:Authname|Version|Kex);R emote: <HOST>-\d+;[A-Z]\w+:.*%(__prefix_line_ml2)sRead from socket failed: Conne ction reset by peer%(__suff)s$ ^%(__prefix_line_ml1)sSSH: Server;Ltype: (?:Authname|Version|Kex);R emote: <HOST>-\d+;[A-Z]\w+:.*%(__prefix_line_ml2)sRead from socket failed: Conne ction reset by peer%(__suff)s$
mdre-extra = ^%(__prefix_line_sl)sReceived disconnect from <HOST>%(__on_port_opt )s:\s*14: No supported authentication methods available mdre-extra = ^%(__prefix_line_sl)sReceived disconnect from <HOST>%(__on_port_opt )s:\s*14: No supported authentication methods available
^%(__prefix_line_sl)sUnable to negotiate with <HOST>%(__on_port_opt )s: no matching <__alg_match> found. ^%(__prefix_line_sl)sUnable to negotiate with <HOST>%(__on_port_opt )s: no matching <__alg_match> found.
^%(__prefix_line_ml1)sConnection from <HOST>%(__on_port_opt)s%(__pr efix_line_ml2)sUnable to negotiate a <__alg_match> ^%(__prefix_line_ml1)sConnection from <HOST>%(__on_port_opt)s%(__pr efix_line_ml2)sUnable to negotiate a <__alg_match>
^%(__prefix_line_ml1)sConnection from <HOST>%(__on_port_opt)s%(__pr efix_line_ml2)sno matching <__alg_match> found: ^%(__prefix_line_ml1)sConnection from <HOST>%(__on_port_opt)s%(__pr efix_line_ml2)sno matching <__alg_match> found:
mdre-aggressive = %(mdre-ddos)s mdre-aggressive = %(mdre-ddos)s
%(mdre-extra)s %(mdre-extra)s
 End of changes. 3 change blocks. 
1 lines changed or deleted 4 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)