"Fossies" - the Fresh Open Source Software Archive

Member "sshdfilter-1.5.7/patterns/dbear.partconf" (27 May 2006, 2071 Bytes) of package /linux/privat/old/sshdfilter-1.5.7.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


    1 # The SSHDLOG section maps sshd messages into one of several types, No Id string, Invalid User, Bad password for valid user, and Good password for valid user. Each version and distribution uses different message formats, so the exact format needs to be user configurable. These are already supplied for quite a few distrobutions.
    2 
    3 
    4 msg_pid_2_ip='^\[([0-9][0-9]*)\] ............... Child connection from ([0-9a-fA-F:\.]+):[0-9]+'
    5 map_pid_2_ip='$pid2ip{$1}=$2;'
    6 
    7 # Trim the IP hash, remove sessions that have ended.
    8 # [7335] Feb 23 19:47:57 exit .*: Exited normally
    9 msg_pid_exit='^\[([0-9][0-9]*)\] ............... exit .*: Exited normally'
   10 map_pid_exit='delete $pid2ip{$1};'
   11 
   12 # Invalid user ... or Illegal user ...
   13 # [7408] Feb 23 19:49:02 login attempt for nonexistent user from
   14 # 127.0.0.1:33466
   15 msg_invalid='^\[[0-9][0-9]*\] ............... login attempt for nonexistent user from ([0-9a-fA-F:\.]+):[0-9]+'
   16 map_invalid='my $user="NA";  my $ip="$2";';
   17 
   18 # root user, same as Invalid?
   19 # [7297] Feb 23 19:45:19 root login rejected
   20 msg_invalid='^\[[0-9][0-9]*\] ............... (.*) login rejected'
   21 map_invalid='my $user="$2";  my $ip=$pid2ip{$1};'
   22 
   23 # Failed valid user
   24 #[7370] Feb 23 19:47:59 bad password attempt for 'vladimir' from 127.0.0.1:33464
   25 msg_failed_valid='^\[[0-9][0-9]*\] ............... bad password attempt for '(.*)' from ([0-9a-fA-F:\.]+):[0-9]+'
   26 map_failed_valid='my $user="$1";  my $ip="$2";'
   27 
   28 # Accepted a valid user
   29 #[7299] Feb 23 19:45:46 password auth succeeded for 'vladimir' from 127.0.0.1:33462
   30 msg_accepted_user='^\[[0-9][0-9]*\] ............... password auth secceeded for '(.*)' from ([0-9a-fA-F:\.]+):[0-9]+'
   31 map_accepted_user='my $user="$1";  my $ip="$2";'
   32 
   33 # [7412] Feb 23 19:50:33 exit before auth: Failed to get remote version
   34 msg_no_id_string='^\[([0-9][0-9]*)\] ............... exit before auth: Failed to get remote version'
   35 map_no_id_string='my $ip=$pid2ip{$1};'
   36 
   37 # [7272] Feb 23 19:52:16 premature exit: Terminated by signal
   38 msg_quit='^\[[0-9][0-9]*\] ...............  premature exit: Terminated by signal.'
   39 map_quit='my $sig="NA";'
   40