Psst.. new poll here.
[email protected] webmail now available. Want one? Go here.
Cannot use outlook/hotmail/live here to register as they blocking our mail servers. #microsoftdeez
Obey the Epel!
Paste
Pasted by registered user jazz_bass ( 11 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file : /var/log/sshd.log
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Results
=======
Failregex: 15 total
|- #) [# of hits] regular expression
| 1) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
| 6) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
| 8) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-
Ignoreregex: 0 total
Summary
=======
Addresses found:
[1]
172.23.8.4 (Mon Mar 18 23:47:25 2013)
172.23.8.4 (Mon Mar 18 23:47:29 2013)
172.23.8.4 (Mon Mar 18 23:47:34 2013)
172.23.8.4 (Mon Mar 18 23:47:38 2013)
172.23.8.4 (Mon Mar 18 23:47:43 2013)
[6]
172.23.8.4 (Mon Mar 18 23:47:22 2013)
172.23.8.4 (Mon Mar 18 23:47:26 2013)
172.23.8.4 (Mon Mar 18 23:47:30 2013)
172.23.8.4 (Mon Mar 18 23:47:35 2013)
172.23.8.4 (Mon Mar 18 23:47:39 2013)
[8]
172.23.8.4 (Mon Mar 18 23:47:23 2013)
172.23.8.4 (Mon Mar 18 23:47:27 2013)
172.23.8.4 (Mon Mar 18 23:47:32 2013)
172.23.8.4 (Mon Mar 18 23:47:36 2013)
172.23.8.4 (Mon Mar 18 23:47:40 2013)
Date template hits:
515 hit(s): MONTH Day Hour:Minute:Second
Success, the total number of match is 15
However, look at the above section 'Running tests' which could contain important
information.
Revise this Paste