"Fossies" - the Fresh Open Source Software Archive

Member "sshdfilter-1.5.7/patterns/deb31.partconf" (16 Apr 2007, 4392 Bytes) of package /linux/privat/old/sshdfilter-1.5.7.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


    1 # The SSHDLOG section maps sshd messages into one of several types, Invalid User, Bad password for valid user, Good password for valid user and No Id string. Each version and distribution uses different message formats, so the exact format needs to be user configurable. These are already supplied for quite a few distributions.
    2 
    3 
    4 # Illegal user
    5 #Illegal user nthnth from ::ffff:127.0.0.1
    6 #input_userauth_request: illegal user nthnth
    7 #Failed none for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
    8 #Failed publickey for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
    9 #Postponed keyboard-interactive for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   10 
   11 # first wrong pass
   12 #PAM: User not known to the underlying authentication module for illegal user nthnth from localhost
   13 #Failed keyboard-interactive/pam for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   14 #Failed keyboard-interactive/pam for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   15 #Postponed keyboard-interactive for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   16 
   17 # second wrong pass
   18 #PAM: User not known to the underlying authentication module for illegal user nthnth from localhost
   19 #Failed keyboard-interactive/pam for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   20 #Failed keyboard-interactive/pam for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   21 #Postponed keyboard-interactive for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   22 
   23 # third wrong pass
   24 #PAM: Have exhasted maximum number of retries for service. for illegal user nthnth from localhost
   25 #Failed keyboard-interactive/pam for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   26 #Failed keyboard-interactive/pam for illegal user nthnth from ::ffff:127.0.0.1 port 36977 ssh2
   27 #Connection closed by ::ffff:127.0.0.1
   28 
   29 msg_invalid='^Illegal user (.*) from ([0-9a-fA-F:\.]+)'
   30 map_invalid='push @res,$1;  push @res,$2;'
   31 msg_invalid='^Failed .* for illegal user (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   32 map_invalid='push @res,$1;  push @res,$2;'
   33 msg_invalid='^User (.*) from ([0-9a-fA-F:\.]+) not allowed because not listed in AllowUsers'
   34 map_invalid='push @res,$1;  push @res,$2;'
   35 
   36 
   37 # Valid user, wrong password
   38 #PAM: Authentication failure for greg from localhost
   39 #Postponed keyboard-interactive for greg from ::ffff:127.0.0.1 port 39251 ssh2
   40 
   41 #PAM: Authentication failure for greg from localhost
   42 #Failed keyboard-interactive/pam for greg from ::ffff:127.0.0.1 port 39251 ssh2
   43 #Postponed keyboard-interactive for greg from ::ffff:127.0.0.1 port 39251 ssh2
   44 
   45 #PAM: Have exhasted maximum number of retries for service. for greg from localhost
   46 #Failed keyboard-interactive/pam for greg from ::ffff:127.0.0.1 port 39251 ssh2
   47 #Connection closed by ::ffff:127.0.0.1
   48 
   49 # These two are come from the above messages
   50 msg_failed_valid='Failed .* for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   51 map_failed_valid='push @res,$1;  push @res,$2;'
   52 msg_failed_valid='^Postponed .* for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   53 map_failed_valid='push @res,$1;  push @res,$2;'
   54 # These two come from OpenSSH_3.8.1p1 Debian-8.sarge.6. sshd says nothing, only PAM
   55 # reports an error, but uses a hostname rather than IP. Hence sshdfilter 1.5.3 now
   56 # supports hostnames as well as IPs in the messages. Had resisted doing hostname
   57 # lookups, but decoding this message would have been otherwise impossible.
   58 msg_failed_valid='error: PAM: Have exhasted maximum number of retries for service. for (.*) from ([^ ]*)'
   59 map_failed_valid='push @res,$1;  push @res,$2;'
   60 msg_failed_valid='error: PAM: Authentication failure for (.*) from ([^ ]*)'
   61 map_failed_valid='push @res,$1;  push @res,$2;'
   62 
   63 
   64 # Valid user, right password
   65 #Accepted keyboard-interactive/pam for greg from ::ffff:127.0.0.1 port 50632 ssh2
   66 #Accepted keyboard-interactive/pam for greg from ::ffff:127.0.0.1 port 50632 ssh2
   67 
   68 msg_accepted_user='^Accepted [^ ]* for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   69 map_accepted_user='push @res,$1;  push @res,$2;'
   70 
   71 
   72 # No ID
   73 #Did not receive identification string from ::ffff:127.0.0.1
   74 msg_no_id_string='^Did not receive identification string from ([0-9a-fA-F:\.]+)'
   75 map_no_id_string='push @res,$1;'
   76 
   77 
   78 # sshd exit
   79 msg_quit='^Received signal ([0-9]+); terminating.'
   80 map_quit='push @res,$1;'
   81 
   82 
   83 # Debian doesn't use these.
   84 #msg_pid_2_ip=''
   85 #map_pid_2_ip=''
   86 #msg_pid_exit=''
   87 #map_pid_exit=''
   88 
   89