Package: fail2ban
Version: 0.6.0-2
Severity: normal
I have an AllowUsers line in my sshd_config. Now when I get failed
attempts to login as one of the users not in AllowUsers (i.e. root) I get lines
like this in auth.log;
User root from XXX.XXX.XXX.XXX not allowed because not listed in AllowUsers
I have changed the line in fail2ban.conf from this:
failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?:
[iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user) .* from
(?:::f{4,6}:)?(?P<host>\S*)
to this:
failregex = : (?:(?:Authentication failure|Failed [-/\w+]+) for(?:
[iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|User .*) ?.*
from (?:::f{4,6}:)?(?P<host>\S*)
which seems to catch them, although I'm not a regex guru so I don't
know whether this has caused other side affects.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (700, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_NZ, LC_CTYPE=en_NZ (charmap=ISO-8859-1)
Versions of packages fail2ban depends on:
ii iptables 1.3.3-2 Linux kernel 2.4+ iptables adminis
ii python 2.3.5-3 An interactive high-level object-o
fail2ban recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
