We found this filter on the web which is supposed to block root ssh logins: [INCLUDES]
# Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = sshd failregex = ^%(__prefix_line)sFailed (?:password|publickey) for root from <HOST>(?: port \d*)?(?: ssh\d*)?$ ignoreregex = We are trying to adapt it to work with journalctl for use on fedora 21. The journalctl lines look like this: Jan 17 20:18:47 new-spruce sshd[19177]: Failed password for root from 70.199.137.27 port 10835 ssh2 We have been using fail2ban-regex to test the filter but we have no knowledge of the regex syntax that fail2ban uses. Any help would be greatly appreciated. ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
