From: Jim S. <jseymour@LinxNet.com> - 2022-04-10 19:12:00
|
Hi All, I have created a regular expression attack parser addition/replacement for sshguard. It can be built to use either POSIX regexps or PCREs. (For PCRE builds you'll need either libpcreposix or libpcre, depending upon whether you specify USE_PCRE or USE_NATIVE_PCRE, respectively, along with their "-dev" packages.) It can either be pretty-easily integrated directly into sshguard or, as of sshguard-2.4.2, replace the stock parser w/o any changes to sshguard's code. But NOTE: The example regex config files do NOT contain all the signatures the stock sshguards do, and contain a couple I added that 1.7.0 did not have. It can be found here: https://jimsun.linxnet.com/atre_parser.html Current state is pretty raw. There's no "configure" stuff. The only thing it's been built and run upon are Linux boxen. There's no installer. Docs are kind of hit-or-miss. In short: If you're not code-savvy, this is probably not for you at this time. I have it integrated directly into my running instances of sshguard-1.7.0, as a follow-up check to the stock parsing engine, but I haven't done anything with 2.4.2, yet. That being said: "make" (with edits) *should* build a stand-alone parser for you that can be dropped right in as a replacement for the stock parser in 2.4.2. (At lease if you're using Linux.) For the stand-alone replacement parser for 2.4.2, which is also the test/debug utility, see the atre-parser_doc.txt file at https://jimsun.linxnet.com/downloads/atre/atre-parser_doc.txt As always, with this kind of stuff: Use at your own discretion and risk. Let me know what y'all think. Questions, comments, and suggestions are welcome. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. |