On 1/25/2011 11:31 AM, Alexander Thomas wrote:
> I installed denyhosts on a Mac OS X 10.6 machine and it runs
> perfectly, except for one thing. It does not react to lines like:
>
> Jan 19 19:46:59 MyMac sshd[97655]: error: PAM: authentication error
> for root from 186.115.4.27 via 192.168.1.4
>
> This is mentioned in the FAQ so I added the following line to the .cfg
> file, but to no avail:
> FAILED_ENTRY_REGEX=error: PAM: authentication error for
> (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from
> (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
[snip]
Try:
USERDEF_FAILED_ENTRY_REGEX=authentication error for (?P<user>.*) .*from
(::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Which is just a variation of FAILED_ENTRY_REGEX2 (in regex.py) which
really should have [Aa] at the start of the word "authentication", or
better: a case insensitive compare for all the regexes.
--
René Berber
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
