"Fossies" - the Fresh Open Source Software Archive

Member "sshdfilter-1.5.7/patterns/su10rc1.partconf" (16 Apr 2007, 1655 Bytes) of package /linux/privat/old/sshdfilter-1.5.7.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


    1 # The SSHDLOG section maps sshd messages into one of several types, Invalid User, Bad password for valid user, Good password for valid user and No Id string. Each version and distribution uses different message formats, so the exact format needs to be user configurable. These are already supplied for quite a few distributions.
    2 
    3 # The only change over RH7.3 is the change from Illegal to Invalid.
    4 
    5 # Invalid user or Failed user
    6 msg_invalid='^Invalid user (.*) from ([0-9a-fA-F:\.]+)'
    7 map_invalid='push @res,$1;  push @res,$2;'
    8 
    9 msg_invalid='^Failed [^ ]+ for invalid user (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   10 map_invalid='push @res,$1;  push @res,$2;'
   11 
   12 msg_invalid='^User (.*) from ([0-9a-fA-F:\.]+) not allowed because not listed in AllowUsers'
   13 map_invalid='push @res,$1;  push @res,$2;'
   14 
   15 # Failed valid user
   16 msg_failed_valid='^Failed [^ ]+ for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   17 map_failed_valid='push @res,$1;  push @res,$2;'
   18 
   19 msg_failed_valid='^Postponed [^ ]+ for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   20 map_failed_valid='push @res,$1;  push @res,$2;'
   21 
   22 # Accepted a valid user
   23 #[7299] Feb 23 19:45:46 password auth succeeded for 'vladimir' from 127.0.0.1:33462
   24 msg_accepted_user='^Accepted [^ ]* for (.*) from ([0-9a-fA-F:\.]+) port [0-9]+ ssh2'
   25 map_accepted_user='push @res,$1;  push @res,$2;'
   26 
   27 
   28 # [7412] Feb 23 19:50:33 exit before auth: Failed to get remote version
   29 msg_no_id_string='^Did not receive identification string from ([0-9a-fA-F:\.]+)'
   30 map_no_id_string='push @res,$1;'
   31 
   32 # [7272] Feb 23 19:52:16 premature exit: Terminated by signal
   33 msg_quit='^Received signal ([0-9]+); terminating.'
   34 map_quit='push @res,$1;'
   35