Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
Date: 2011-03-23 20:36:08 +0000 (Wed, 23 Mar 2011)
ENH: dropbear filter: see http://bugs.debian.org/546913
--- branches/FAIL2BAN-0_8/config/filter.d/dropbear.conf (rev 0)
+++ branches/FAIL2BAN-0_8/config/filter.d/dropbear.conf 2011-03-23 20:36:08 UTC (rev 768)
@@ -0,0 +1,52 @@
+# Fail2Ban configuration file
+# Author: Francis Russell
+# Zak B. Elep
+# More information: http://bugs.debian.org/546913
+# Read common prefixes. If any customizations available -- read them from
+before = common.conf
+_daemon = dropbear
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+# host must be matched by a group named "host". The tag "<HOST>" can
+# be used for standard IP/hostname matching and is only an alias for
+# Values: TEXT
+# These match the unmodified dropbear messages. It isn't possible to
+# match the source of the 'exit before auth' messages from dropbear.
+failregex = ^%(__prefix_line)slogin attempt for nonexistent user ('.*' )?from <HOST>:.*\s*$
+ ^%(__prefix_line)sbad password attempt for .+ from <HOST>:.*\s*$
+# The only line we need to match with the modified dropbear.
+# NOTE: The failregex below is ONLY intended to work with a patched
+# version of Dropbear as described here:
+# The standard Dropbear output doesn't provide enough information to
+# ban all types of attack. The Dropbear patch adds IP address
+# information to the 'exit before auth' message which is always
+# produced for any form of non-successful login. It is that message
+# which this file matches.
+# failregex = ^%(__prefix_line)sexit before auth from <HOST>.*\s*$
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.