Hi,

The current configuration shipped with version 0.7.6-3ubuntu1 of
fail2ban fails to catch failed login attempts for valid users. Example
line of my /var/log/auth.log that didn't get matched:

Oct 13 10:16:34 tardis sshd[18845]: Failed password for nighty from
87.238.161.11 port 38046 ssh2

Replacing the following line in /etc/fail2ban/filter.d/sshd.conf:

(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|
nvalid))? user .*(?: from|FROM) <HOST>

with

(?:Authentication failure|Failed [-/\w+]+) for .*(?: from|FROM) <HOST>

remedies this. Just tested it from 2 remote hosts to my machine, and it
catches wrong passwords as well as empty passwords, like the old rule
did, but this time also for existing users.



I don't know if this can be considered a bug or not; are valid users
within the scope anyway? I for one feel safer, though, knowing that
password attacks against the passwords of valid users will be stopped at
the gates as well as random login attempts for invalid users.

In case of feedback, please include me in cc as I'm not subscribed.

ps: package info tells me to mail the bugs to
[EMAIL PROTECTED] but I chose to mail the address specified
under "maintainer" instead; I don't see why ubuntu-users needs this bug
report anyway... Perhaps an error in the package definition?

Kind regards,

Rial Juan

-- 
Welcome to text-only Counterstrike.
You are in a dark, outdoor map.

> go north
You have been pwned by a grue.
-- 
Ubuntu-motu mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu

Reply via email to