From: Johny Å. <jo...@ag...> - 2012-03-04 04:45:50
|
Here is a suggestion I implemented to turn down the noise a bit from the SSHD filter, based on the 7.4.0 release. Feel free to use :) -- --- sshd.orig 2012-03-04 05:08:07.000000000 +0100 +++ sshd 2012-03-04 05:21:03.000000000 +0100 @@ -546,7 +546,8 @@ } if (keys %IllegalUsers) { - print "\nIllegal users from:\n"; + print "\nIllegal users with 10 or more attempts from:\n"; + my $illegalUserCount = 0 ; foreach my $ip (sort SortIP keys %IllegalUsers) { my $name = LookupIP($ip); my $totcount = 0; @@ -554,7 +555,10 @@ $totcount += $IllegalUsers{$ip}{$user}; } my $plural = ($totcount > 1) ? "s" : ""; - print " $name: $totcount time$plural\n"; + $illegalUserCount += $totcount ; + if ($totcount >= 10) { + print " $name: $totcount time$plural\n"; + } if ($Detail >= 5) { my $sort = CountOrder(%{$IllegalUsers{$ip}}); foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) { @@ -564,6 +568,7 @@ } } } + print "\n $illegalUserCount illegal users attempted login\n" ; } if (keys %LockedAccount) { @@ -747,10 +752,13 @@ } if (keys %PamError) { - print "\nError in PAM authentication:\n"; + print "\nError in PAM authentication with 3 or more attempts:\n"; + foreach my $Error (sort {$a cmp $b} keys %PamError) { - print " $Error : $PamError{$Error} Time(s)\n"; - } + if ($PamError{$Error} >= 3 ) { + print " $Error : $PamError{$Error} Time(s)\n"; + } + } } if (keys %PamChroot) { -- |
From: Stefan J. <log...@lo...> - 2012-04-13 13:48:05
|
Johny Ågotnes wrote: > Here is a suggestion I implemented to turn down the noise a bit from the > SSHD filter, based on the 7.4.0 release. > > Feel free to use :) Johny thanks, for your patch. I think your changes might be useful in some environments, but it shouldn't be the default. A threshold which is configurable and can be disabled would be a better solution. Thanks Stefan > -- > --- sshd.orig 2012-03-04 05:08:07.000000000 +0100 > +++ sshd 2012-03-04 05:21:03.000000000 +0100 > @@ -546,7 +546,8 @@ > } > > if (keys %IllegalUsers) { > - print "\nIllegal users from:\n"; > + print "\nIllegal users with 10 or more attempts from:\n"; > + my $illegalUserCount = 0 ; > foreach my $ip (sort SortIP keys %IllegalUsers) { > my $name = LookupIP($ip); > my $totcount = 0; > @@ -554,7 +555,10 @@ > $totcount += $IllegalUsers{$ip}{$user}; > } > my $plural = ($totcount > 1) ? "s" : ""; > - print " $name: $totcount time$plural\n"; > + $illegalUserCount += $totcount ; > + if ($totcount >= 10) { > + print " $name: $totcount time$plural\n"; > + } > if ($Detail >= 5) { > my $sort = CountOrder(%{$IllegalUsers{$ip}}); > foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) { > @@ -564,6 +568,7 @@ > } > } > } > + print "\n $illegalUserCount illegal users attempted login\n" ; > } > > if (keys %LockedAccount) { > @@ -747,10 +752,13 @@ > } > > if (keys %PamError) { > - print "\nError in PAM authentication:\n"; > + print "\nError in PAM authentication with 3 or more attempts:\n"; > + > foreach my $Error (sort {$a cmp $b} keys %PamError) { > - print " $Error : $PamError{$Error} Time(s)\n"; > - } > + if ($PamError{$Error} >= 3 ) { > + print " $Error : $PamError{$Error} Time(s)\n"; > + } > + } > } > > if (keys %PamChroot) { |