Hi, The current configuration shipped with version 0.7.6-3ubuntu1 of fail2ban fails to catch failed login attempts for valid users. Example line of my /var/log/auth.log that didn't get matched:
Oct 13 10:16:34 tardis sshd[18845]: Failed password for nighty from 87.238.161.11 port 38046 ssh2 Replacing the following line in /etc/fail2ban/filter.d/sshd.conf: (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal| nvalid))? user .*(?: from|FROM) <HOST> with (?:Authentication failure|Failed [-/\w+]+) for .*(?: from|FROM) <HOST> remedies this. Just tested it from 2 remote hosts to my machine, and it catches wrong passwords as well as empty passwords, like the old rule did, but this time also for existing users. I don't know if this can be considered a bug or not; are valid users within the scope anyway? I for one feel safer, though, knowing that password attacks against the passwords of valid users will be stopped at the gates as well as random login attempts for invalid users. In case of feedback, please include me in cc as I'm not subscribed. ps: package info tells me to mail the bugs to [EMAIL PROTECTED] but I chose to mail the address specified under "maintainer" instead; I don't see why ubuntu-users needs this bug report anyway... Perhaps an error in the package definition? Kind regards, Rial Juan -- Welcome to text-only Counterstrike. You are in a dark, outdoor map. > go north You have been pwned by a grue.
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
