Psst.. new poll here.
[email protected] web/email now available. Want one? Go here.
Cannot use outlook/hotmail/live here to register as they blocking our mail servers. #microsoftdeez
Obey the Epel!
Paste
Pasted by registered user jazz_bass ( 12 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file : /var/log/sshd.log
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Results
=======
Failregex: 2447 total
|- #) [# of hits] regular expression
| 1) [15] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
| 3) [804] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Failed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
| 5) [217] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
| 6) [592] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
| 8) [819] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-
Ignoreregex: 0 total
Summary
=======
Addresses found:
[1]
80.82.83.206 (Mon Mar 18 18:00:35 2013)
80.82.83.206 (Mon Mar 18 18:00:50 2013)
80.82.83.206 (Mon Mar 18 18:01:05 2013)
80.82.83.206 (Mon Mar 18 18:01:19 2013)
80.82.83.206 (Mon Mar 18 18:01:36 2013)
172.23.8.4 (Mon Mar 18 22:51:40 2013)
172.23.8.4 (Mon Mar 18 22:51:54 2013)
172.23.8.4 (Mon Mar 18 22:52:00 2013)
172.23.8.4 (Mon Mar 18 22:52:05 2013)
172.23.8.4 (Mon Mar 18 22:52:11 2013)
172.23.8.4 (Mon Mar 18 22:52:15 2013)
172.23.8.4 (Mon Mar 18 22:52:19 2013)
172.23.8.4 (Mon Mar 18 22:52:24 2013)
172.23.8.4 (Mon Mar 18 22:52:28 2013)
172.23.8.4 (Mon Mar 18 22:52:32 2013)
[3]
61.163.113.72 (Mon Mar 18 16:18:37 2013)
61.163.113.72 (Mon Mar 18 16:59:49 2013)
61.163.113.72 (Mon Mar 18 18:23:03 2013)
80.14.120.240 (Mon Mar 18 19:03:37 2013)
80.14.120.240 (Mon Mar 18 19:03:40 2013)
80.14.120.240 (Mon Mar 18 19:03:42 2013)
80.14.120.240 (Mon Mar 18 19:03:44 2013)
80.14.120.240 (Mon Mar 18 19:03:47 2013)
80.14.120.240 (Mon Mar 18 19:03:50 2013)
80.14.120.240 (Mon Mar 18 19:03:53 2013)
80.14.120.240 (Mon Mar 18 19:03:56 2013)
80.14.120.240 (Mon Mar 18 19:03:58 2013)
80.14.120.240 (Mon Mar 18 19:04:01 2013)
80.14.120.240 (Mon Mar 18 19:04:04 2013)
80.14.120.240 (Mon Mar 18 19:04:07 2013)
80.14.120.240 (Mon Mar 18 19:04:09 2013)
61.163.113.72 (Mon Mar 18 19:05:30 2013)
61.163.113.72 (Mon Mar 18 19:46:24 2013)
61.163.113.72 (Mon Mar 18 20:27:21 2013)
61.163.113.72 (Mon Mar 18 21:07:48 2013)
60.174.198.14 (Mon Mar 18 21:46:45 2013)
60.174.198.14 (Mon Mar 18 21:46:51 2013)
60.174.198.14 (Mon Mar 18 21:46:56 2013)
60.174.198.14 (Mon Mar 18 21:47:01 2013)
60.174.198.14 (Mon Mar 18 21:47:06 2013)
61.163.113.72 (Mon Mar 18 21:47:06 2013)
60.174.198.14 (Mon Mar 18 21:47:12 2013)
60.174.198.14 (Mon Mar 18 21:47:17 2013)
60.174.198.14 (Mon Mar 18 21:47:22 2013)
60.174.198.14 (Mon Mar 18 21:47:28 2013)
60.174.198.14 (Mon Mar 18 21:47:33 2013)
60.174.198.14 (Mon Mar 18 21:47:42 2013)
60.174.198.14 (Mon Mar 18 21:47:48 2013)
60.174.198.14 (Mon Mar 18 21:47:53 2013)
60.174.198.14 (Mon Mar 18 21:47:58 2013)
60.174.198.14 (Mon Mar 18 21:48:03 2013)
60.174.198.14 (Mon Mar 18 21:48:08 2013)
60.174.198.14 (Mon Mar 18 21:48:13 2013)
60.174.198.14 (Mon Mar 18 21:48:17 2013)
60.174.198.14 (Mon Mar 18 21:48:23 2013)
60.174.198.14 (Mon Mar 18 21:48:28 2013)
60.174.198.14 (Mon Mar 18 21:48:32 2013)
60.174.198.14 (Mon Mar 18 21:48:37 2013)
60.174.198.14 (Mon Mar 18 21:48:41 2013)
60.174.198.14 (Mon Mar 18 21:48:47 2013)
60.174.198.14 (Mon Mar 18 21:48:52 2013)
60.174.198.14 (Mon Mar 18 21:48:58 2013)
60.174.198.14 (Mon Mar 18 21:49:02 2013)
60.174.198.14 (Mon Mar 18 21:49:07 2013)
60.174.198.14 (Mon Mar 18 21:49:12 2013)
60.174.198.14 (Mon Mar 18 21:49:17 2013)
60.174.198.14 (Mon Mar 18 21:49:22 2013)
60.174.198.14 (Mon Mar 18 21:49:27 2013)
60.174.198.14 (Mon Mar 18 21:49:32 2013)
60.174.198.14 (Mon Mar 18 21:49:37 2013)
60.174.198.14 (Mon Mar 18 21:49:41 2013)
60.174.198.14 (Mon Mar 18 21:49:47 2013)
60.174.198.14 (Mon Mar 18 21:49:52 2013)
60.174.198.14 (Mon Mar 18 21:49:57 2013)
60.174.198.14 (Mon Mar 18 21:50:02 2013)
94.23.113.144 (Mon Mar 18 21:59:39 2013)
94.23.113.144 (Mon Mar 18 22:31:32 2013)
94.23.113.144 (Mon Mar 18 22:31:35 2013)
94.23.113.144 (Mon Mar 18 22:31:36 2013)
172.23.8.4 (Mon Mar 18 22:51:38 2013)
172.23.8.4 (Mon Mar 18 22:51:53 2013)
172.23.8.4 (Mon Mar 18 22:51:57 2013)
172.23.8.4 (Mon Mar 18 22:52:03 2013)
172.23.8.4 (Mon Mar 18 22:52:08 2013)
172.23.8.4 (Mon Mar 18 22:52:13 2013)
172.23.8.4 (Mon Mar 18 22:52:18 2013)
172.23.8.4 (Mon Mar 18 22:52:22 2013)
172.23.8.4 (Mon Mar 18 22:52:26 2013)
172.23.8.4 (Mon Mar 18 22:52:31 2013)
Date template hits:
73197 hit(s): MONTH Day Hour:Minute:Second
Success, the total number of match is 2447
However, look at the above section 'Running tests' which could contain important
information.
Revise this Paste