Menu
▾
▴
logwatch-devel
|
From: Johny Å. <jo...@ag...> - 2012-03-04 04:45:50
|
Here is a suggestion I implemented to turn down the noise a bit from the SSHD filter, based on the 7.4.0 release.
Feel free to use :)
--
--- sshd.orig 2012-03-04 05:08:07.000000000 +0100
+++ sshd 2012-03-04 05:21:03.000000000 +0100
@@ -546,7 +546,8 @@
}
if (keys %IllegalUsers) {
- print "\nIllegal users from:\n";
+ print "\nIllegal users with 10 or more attempts from:\n";
+ my $illegalUserCount = 0 ;
foreach my $ip (sort SortIP keys %IllegalUsers) {
my $name = LookupIP($ip);
my $totcount = 0;
@@ -554,7 +555,10 @@
$totcount += $IllegalUsers{$ip}{$user};
}
my $plural = ($totcount > 1) ? "s" : "";
- print " $name: $totcount time$plural\n";
+ $illegalUserCount += $totcount ;
+ if ($totcount >= 10) {
+ print " $name: $totcount time$plural\n";
+ }
if ($Detail >= 5) {
my $sort = CountOrder(%{$IllegalUsers{$ip}});
foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) {
@@ -564,6 +568,7 @@
}
}
}
+ print "\n $illegalUserCount illegal users attempted login\n" ;
}
if (keys %LockedAccount) {
@@ -747,10 +752,13 @@
}
if (keys %PamError) {
- print "\nError in PAM authentication:\n";
+ print "\nError in PAM authentication with 3 or more attempts:\n";
+
foreach my $Error (sort {$a cmp $b} keys %PamError) {
- print " $Error : $PamError{$Error} Time(s)\n";
- }
+ if ($PamError{$Error} >= 3 ) {
+ print " $Error : $PamError{$Error} Time(s)\n";
+ }
+ }
}
if (keys %PamChroot) {
--
|
|
From: Stefan J. <log...@lo...> - 2012-04-13 13:48:05
|
Johny Ågotnes wrote:
> Here is a suggestion I implemented to turn down the noise a bit from the
> SSHD filter, based on the 7.4.0 release.
>
> Feel free to use :)
Johny thanks, for your patch.
I think your changes might be useful in some environments, but it shouldn't be
the default. A threshold which is configurable and can be disabled would be a
better solution.
Thanks
Stefan
> --
> --- sshd.orig 2012-03-04 05:08:07.000000000 +0100
> +++ sshd 2012-03-04 05:21:03.000000000 +0100
> @@ -546,7 +546,8 @@
> }
>
> if (keys %IllegalUsers) {
> - print "\nIllegal users from:\n";
> + print "\nIllegal users with 10 or more attempts from:\n";
> + my $illegalUserCount = 0 ;
> foreach my $ip (sort SortIP keys %IllegalUsers) {
> my $name = LookupIP($ip);
> my $totcount = 0;
> @@ -554,7 +555,10 @@
> $totcount += $IllegalUsers{$ip}{$user};
> }
> my $plural = ($totcount > 1) ? "s" : "";
> - print " $name: $totcount time$plural\n";
> + $illegalUserCount += $totcount ;
> + if ($totcount >= 10) {
> + print " $name: $totcount time$plural\n";
> + }
> if ($Detail >= 5) {
> my $sort = CountOrder(%{$IllegalUsers{$ip}});
> foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) {
> @@ -564,6 +568,7 @@
> }
> }
> }
> + print "\n $illegalUserCount illegal users attempted login\n" ;
> }
>
> if (keys %LockedAccount) {
> @@ -747,10 +752,13 @@
> }
>
> if (keys %PamError) {
> - print "\nError in PAM authentication:\n";
> + print "\nError in PAM authentication with 3 or more attempts:\n";
> +
> foreach my $Error (sort {$a cmp $b} keys %PamError) {
> - print " $Error : $PamError{$Error} Time(s)\n";
> - }
> + if ($PamError{$Error} >= 3 ) {
> + print " $Error : $PamError{$Error} Time(s)\n";
> + }
> + }
> }
>
> if (keys %PamChroot) {
|
Thanks for helping keep SourceForge clean.
X