Date: Wed, 22 Dec 2021 13:50:17 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 260607] security/py-fail2ban regex not working in bsd-sshd filter Message-ID: <bug-260607-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260607 Bug ID: 260607 Summary: security/py-fail2ban regex not working in bsd-sshd filter Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: belot.nicolas@gmail.com CC: theis@gmx.at Flags: maintainer-feedback?(theis@gmx.at) CC: theis@gmx.at Hello, The regex ^%(__prefix_line)sDid not receive identification string from <HO= ST>$ will not match entry in /var/log/auth.log as the log entry contains tcp port number Ex : Did not receive identification string from 51.159.67.165 port 59677 we should add this regex in the filter :=20=20 ^%(__prefix_line)sDid not receive identification string from <HOST>\s.*$ In the same spirit,=20 ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!$ in my log i only see=20 ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] failed\.$ We should add a regex accordingly And at last, in my opinion, hitting the preauth timeout is suspicious, i th= ink we should add a regex to match it ^%(__prefix_line)sConnection closed by <HOST> port \d+ \[preauth\]$ Regards --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260607-7788>