Menu
▾
▴
Re: [Sshguard-users] sshguard 1.5 not recognizing invalid user log messages from sshd on OpenBSD.
|
From: Henry Y. <he...@Ae...> - 2012-06-25 04:21:47
|
On Sun, Jun 24, 2012 at 18:03:28PM -0600, Richard Johnson wrote: > The quick patch here fixes the recognition problem if I do a direct > paste of the truncated 'invalid user staff from 122.70.128.5' portion > into sshguard when it is running in debug mode. Instead of adding a separate lower-case pattern: "Invalid user ".+" from " "invalid user ".+" from " you should be able to specify a case-insensitive pattern: (?i:i)"nvalid user ".+" from " (This is from the linux documentation for "flex" (which is the flavor of "lex" used in many/most linux systems); I'd assume that you're unlikely to still be using the original "lex". I'm no expert at lex, by the way, but I've used the case-insensitve option successfully in my own custom patterns.) > But that patch does not fix the recognition of the pattern within the > longer lines when running 'sshguard -l /var/log/authlog'. > > It also does not fix recognition of even the truncated portion of the > line mentioned above when it's appended to a separate log file and > watched with 'sshguard -l /tmp/truncatedtest'. For that, I don't know... -- Henry Yen <Hen...@Ae...> Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York (800) AEGIS-00 x949 1-800-AEGIS-00 (800-234-4700) |
