I'm running FreeBSD 6.0 production and I've been using blockhosts.py for quite awhile now and it's worked great, but I have a new problem that I'm not sure how to add the correct regex line to the .cfg in order to block.
What's happening is I've created a Group that is allowed to access this machine which stores all the valid users which can ssh or sftp into this box. The problem is I now have new messages being triggered in my /var/log/auth.log file that didn't exist prior to adding this group and so these intruders are not getting blocked as they should.
Can someone provide me a proper regexp for the following line so that they can be blocked?
Here is the line that is now being generated that I need to block:
Jan 2 11:58:17 mach sshd[35028]: User root from 67.77.243.134 not allowed because none of user's groups are listed in AllowGroups
Jan 2 11:58:18 mach sshd[35030]: reverse mapping checking getaddrinfo for nj-67-77-243-134.dyn.sprint-hsd.net failed - POSSIBLE BREAKIN ATTEMPT!
What is the proper format for a regexp that will block the first line?
I've seen similar posts for linux and the AllowUser lines but none for FreeBSD.
Any and all help would be greatly appreciated.
Xeon
Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
Copyright © 1995-2016 Avinash Chopde, avinash@aczoom.com
Works fine - use latest version
This works fine with the version released in November - version 1.0.3, probably worked fine in older versions too.
Running with the debug flag on, above line was recognized as seen here:
found failed access for SSHD-NotAllowed , IP-pid: 67.77.243.134-35028
The rule matched is "SSHD-NotAllowed" - you can see the regex in the code or in the sample blockhosts.cfg file.