HomeNot picking up failed attempts - "Invalid user ..." lines without "Failed password ..." lines

Reply to comment

Sun, 2005-11-06 02:15 — Anonymous (not verified)

Debian Sarge Required Config

Add these lines to hosts.deny:

#---- BlockHosts Additions
#---- BlockHosts Additions
sshd:ALL:spawn (/usr/bin/blockhosts.py --verbose >> /var/log/blockhosts.log 2>&1 )&:allow
proftpd:ALL: spawn (/usr/bin/blockhosts.py --verbose >> /var/log/blockhosts.log 2>&1 )&:allow

and then edit blockhosts.cfg and uncomment these lines:

HOSTS_BLOCKFILE = "/etc/hosts.deny"
LOGFILES = [ "/var/log/auth.log", ]
ALL_REGEXS = {
} ( this is the next to last line with a character on it )
"SSHD-Invalid": re.compile(r"""sshd\[(?P\d+)\]: Invalid user (?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"""),

and then edit the last line listed above to read ' Illegal user ' instead of ' Invalid user '

I hope this helps.

Reply

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <b> <span> <pre> <hr>
  • Lines and paragraphs break automatically.
  • You may use [acidfree:xx] tags to display acidfree videos or images inline.
  • [l:URL text] input tags replaced with HTML links. URL may be Drupal internal path. [ Link Filter Tips ]

More information about formatting options