[email protected] webmail now available. Want one? Go here.
Windows getting boring or just want to try something Open Source for your next Desktop Environment?! Go Zorin OS.
Paste
Pasted by registered user jazz_bass ( 9 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file : /var/log/sshd.log
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Results
=======
Failregex: 2447 total
|- #) [# of hits] regular expression
| 1) [15] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
| 3) [804] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Failed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
| 5) [217] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
| 6) [592] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
| 8) [819] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-
Ignoreregex: 0 total
Summary
=======
Addresses found:
[1]
80.82.83.206 (Mon Mar 18 18:00:35 2013)
80.82.83.206 (Mon Mar 18 18:00:50 2013)
80.82.83.206 (Mon Mar 18 18:01:05 2013)
80.82.83.206 (Mon Mar 18 18:01:19 2013)
80.82.83.206 (Mon Mar 18 18:01:36 2013)
172.23.8.4 (Mon Mar 18 22:51:40 2013)
172.23.8.4 (Mon Mar 18 22:51:54 2013)
172.23.8.4 (Mon Mar 18 22:52:00 2013)
172.23.8.4 (Mon Mar 18 22:52:05 2013)
172.23.8.4 (Mon Mar 18 22:52:11 2013)
172.23.8.4 (Mon Mar 18 22:52:15 2013)
172.23.8.4 (Mon Mar 18 22:52:19 2013)
172.23.8.4 (Mon Mar 18 22:52:24 2013)
172.23.8.4 (Mon Mar 18 22:52:28 2013)
172.23.8.4 (Mon Mar 18 22:52:32 2013)
[3]
61.163.113.72 (Mon Mar 18 16:18:37 2013)
61.163.113.72 (Mon Mar 18 16:59:49 2013)
61.163.113.72 (Mon Mar 18 18:23:03 2013)
80.14.120.240 (Mon Mar 18 19:03:37 2013)
80.14.120.240 (Mon Mar 18 19:03:40 2013)
80.14.120.240 (Mon Mar 18 19:03:42 2013)
80.14.120.240 (Mon Mar 18 19:03:44 2013)
80.14.120.240 (Mon Mar 18 19:03:47 2013)
80.14.120.240 (Mon Mar 18 19:03:50 2013)
80.14.120.240 (Mon Mar 18 19:03:53 2013)
80.14.120.240 (Mon Mar 18 19:03:56 2013)
80.14.120.240 (Mon Mar 18 19:03:58 2013)
80.14.120.240 (Mon Mar 18 19:04:01 2013)
80.14.120.240 (Mon Mar 18 19:04:04 2013)
80.14.120.240 (Mon Mar 18 19:04:07 2013)
80.14.120.240 (Mon Mar 18 19:04:09 2013)
61.163.113.72 (Mon Mar 18 19:05:30 2013)
61.163.113.72 (Mon Mar 18 19:46:24 2013)
61.163.113.72 (Mon Mar 18 20:27:21 2013)
61.163.113.72 (Mon Mar 18 21:07:48 2013)
60.174.198.14 (Mon Mar 18 21:46:45 2013)
60.174.198.14 (Mon Mar 18 21:46:51 2013)
60.174.198.14 (Mon Mar 18 21:46:56 2013)
60.174.198.14 (Mon Mar 18 21:47:01 2013)
60.174.198.14 (Mon Mar 18 21:47:06 2013)
61.163.113.72 (Mon Mar 18 21:47:06 2013)
60.174.198.14 (Mon Mar 18 21:47:12 2013)
60.174.198.14 (Mon Mar 18 21:47:17 2013)
60.174.198.14 (Mon Mar 18 21:47:22 2013)
60.174.198.14 (Mon Mar 18 21:47:28 2013)
60.174.198.14 (Mon Mar 18 21:47:33 2013)
60.174.198.14 (Mon Mar 18 21:47:42 2013)
60.174.198.14 (Mon Mar 18 21:47:48 2013)
60.174.198.14 (Mon Mar 18 21:47:53 2013)
60.174.198.14 (Mon Mar 18 21:47:58 2013)
60.174.198.14 (Mon Mar 18 21:48:03 2013)
60.174.198.14 (Mon Mar 18 21:48:08 2013)
60.174.198.14 (Mon Mar 18 21:48:13 2013)
60.174.198.14 (Mon Mar 18 21:48:17 2013)
60.174.198.14 (Mon Mar 18 21:48:23 2013)
60.174.198.14 (Mon Mar 18 21:48:28 2013)
60.174.198.14 (Mon Mar 18 21:48:32 2013)
60.174.198.14 (Mon Mar 18 21:48:37 2013)
60.174.198.14 (Mon Mar 18 21:48:41 2013)
60.174.198.14 (Mon Mar 18 21:48:47 2013)
60.174.198.14 (Mon Mar 18 21:48:52 2013)
60.174.198.14 (Mon Mar 18 21:48:58 2013)
60.174.198.14 (Mon Mar 18 21:49:02 2013)
60.174.198.14 (Mon Mar 18 21:49:07 2013)
60.174.198.14 (Mon Mar 18 21:49:12 2013)
60.174.198.14 (Mon Mar 18 21:49:17 2013)
60.174.198.14 (Mon Mar 18 21:49:22 2013)
60.174.198.14 (Mon Mar 18 21:49:27 2013)
60.174.198.14 (Mon Mar 18 21:49:32 2013)
60.174.198.14 (Mon Mar 18 21:49:37 2013)
60.174.198.14 (Mon Mar 18 21:49:41 2013)
60.174.198.14 (Mon Mar 18 21:49:47 2013)
60.174.198.14 (Mon Mar 18 21:49:52 2013)
60.174.198.14 (Mon Mar 18 21:49:57 2013)
60.174.198.14 (Mon Mar 18 21:50:02 2013)
94.23.113.144 (Mon Mar 18 21:59:39 2013)
94.23.113.144 (Mon Mar 18 22:31:32 2013)
94.23.113.144 (Mon Mar 18 22:31:35 2013)
94.23.113.144 (Mon Mar 18 22:31:36 2013)
172.23.8.4 (Mon Mar 18 22:51:38 2013)
172.23.8.4 (Mon Mar 18 22:51:53 2013)
172.23.8.4 (Mon Mar 18 22:51:57 2013)
172.23.8.4 (Mon Mar 18 22:52:03 2013)
172.23.8.4 (Mon Mar 18 22:52:08 2013)
172.23.8.4 (Mon Mar 18 22:52:13 2013)
172.23.8.4 (Mon Mar 18 22:52:18 2013)
172.23.8.4 (Mon Mar 18 22:52:22 2013)
172.23.8.4 (Mon Mar 18 22:52:26 2013)
172.23.8.4 (Mon Mar 18 22:52:31 2013)
Date template hits:
73197 hit(s): MONTH Day Hour:Minute:Second
Success, the total number of match is 2447
However, look at the above section 'Running tests' which could contain important
information.
Revise this Paste