"Fossies" - the Fresh Open Source Software Archive

Member "sshdfilter-1.5.7/patterns/cent5.partconf" (17 May 2007, 2280 Bytes) of package /linux/privat/old/sshdfilter-1.5.7.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


    1 # The SSHDLOG section maps sshd messages into one of several types, Invalid User, Bad password for valid user, Good password for valid user and No Id string. Each version and distribution uses different message formats, so the exact format needs to be user configurable. These are already supplied for quite a few distributions.
    2 
    3 # These patterns are for CentOS 5, very different to the others with a 
    4 # lot of pam based messages. Also, the No ssh id message doesn't work,
    5 # sshd does not give a source IP address. Also, errors messages for
    6 # unknown user names cross multiple lines, IP on first line, user name
    7 # on next line. This will need code changes.
    8 
    9 # Do not use this file!
   10 
   11 # Invalid user or Failed user
   12 #msg_invalid='^Invalid user (.*) from ([0-9a-fA-F:\.]+)'
   13 #map_invalid='push @res,$1;  push @res,$2;'
   14 
   15 msg_invalid='^Invalid user (.*) from ([0-9a-fA-F:\.]+)'
   16 map_invalid='push @res,$1;  push @res,$2;'
   17 msg_invalid='^Invalid user (.*) from ([0-9a-fA-F:\.]+)'
   18 map_invalid='push @res,$1;  push @res,$2;'
   19 msg_invalid='^User (.*) from ([0-9a-fA-F:\.]+) not allowed because not listed in AllowUsers'
   20 map_invalid='push @res,$1;  push @res,$2;'
   21 
   22 # Failed valid user
   23 msg_failed_valid='^PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=([0-9a-fA-F:\.]+) +user=(.*)'
   24 map_failed_valid='push @res,$2;  push @res,$1;'
   25 msg_failed_valid='^pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=([0-9a-fA-F:\.]+) +user=(.*)'
   26 map_failed_valid='push @res,$2;  push @res,$1;'
   27 msg_failed_valid='^Failed password for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   28 map_failed_valid='push @res,$1;  push @res,$2;'
   29 
   30 # Accepted a valid user
   31 #[7299] Feb 23 19:45:46 password auth succeeded for 'vladimir' from 127.0.0.1:33462
   32 msg_accepted_user='^Accepted [^ ]+ for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   33 map_accepted_user='push @res,$1;  push @res,$2;'
   34 
   35 # [7412] Feb 23 19:50:33 exit before auth: Failed to get remote version
   36 msg_no_id_string='^Did not receive identification string from ([0-9a-fA-F:\.]+)'
   37 map_no_id_string='push @res,$1;'
   38 
   39 # [7272] Feb 23 19:52:16 premature exit: Terminated by signal
   40 msg_quit='^Received signal ([0-9]+); terminating.'
   41 map_quit='push @res,$1;'
   42 
   43 # Do not use this file! Is a work in progress.