Welcome, guest! Login / Register - Why register?
[email protected] webmail now available. Want one? Go here.
Windows getting boring or just want to try something Open Source for your next Desktop Environment?! Go Zorin OS.

Paste

Pasted by registered user jazz_bass ( 9 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf 

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file   : /var/log/sshd.log

Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']

Results
=======

Failregex: 2447 total
|- #) [# of hits] regular expression
|  1) [15] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
|  3) [804] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Failed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
|  5) [217] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
|  6) [592] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
|  8) [819] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-

Ignoreregex: 0 total

Summary
=======

Addresses found:
[1]
    80.82.83.206 (Mon Mar 18 18:00:35 2013)
    80.82.83.206 (Mon Mar 18 18:00:50 2013)
    80.82.83.206 (Mon Mar 18 18:01:05 2013)
    80.82.83.206 (Mon Mar 18 18:01:19 2013)
    80.82.83.206 (Mon Mar 18 18:01:36 2013)
    172.23.8.4 (Mon Mar 18 22:51:40 2013)
    172.23.8.4 (Mon Mar 18 22:51:54 2013)
    172.23.8.4 (Mon Mar 18 22:52:00 2013)
    172.23.8.4 (Mon Mar 18 22:52:05 2013)
    172.23.8.4 (Mon Mar 18 22:52:11 2013)
    172.23.8.4 (Mon Mar 18 22:52:15 2013)
    172.23.8.4 (Mon Mar 18 22:52:19 2013)
    172.23.8.4 (Mon Mar 18 22:52:24 2013)
    172.23.8.4 (Mon Mar 18 22:52:28 2013)
    172.23.8.4 (Mon Mar 18 22:52:32 2013)
[3]
    61.163.113.72 (Mon Mar 18 16:18:37 2013)
    61.163.113.72 (Mon Mar 18 16:59:49 2013)
    61.163.113.72 (Mon Mar 18 18:23:03 2013)
    80.14.120.240 (Mon Mar 18 19:03:37 2013)
    80.14.120.240 (Mon Mar 18 19:03:40 2013)
    80.14.120.240 (Mon Mar 18 19:03:42 2013)
    80.14.120.240 (Mon Mar 18 19:03:44 2013)
    80.14.120.240 (Mon Mar 18 19:03:47 2013)
    80.14.120.240 (Mon Mar 18 19:03:50 2013)
    80.14.120.240 (Mon Mar 18 19:03:53 2013)
    80.14.120.240 (Mon Mar 18 19:03:56 2013)
    80.14.120.240 (Mon Mar 18 19:03:58 2013)
    80.14.120.240 (Mon Mar 18 19:04:01 2013)
    80.14.120.240 (Mon Mar 18 19:04:04 2013)
    80.14.120.240 (Mon Mar 18 19:04:07 2013)
    80.14.120.240 (Mon Mar 18 19:04:09 2013)
    61.163.113.72 (Mon Mar 18 19:05:30 2013)
    61.163.113.72 (Mon Mar 18 19:46:24 2013)
    61.163.113.72 (Mon Mar 18 20:27:21 2013)
    61.163.113.72 (Mon Mar 18 21:07:48 2013)
    60.174.198.14 (Mon Mar 18 21:46:45 2013)
    60.174.198.14 (Mon Mar 18 21:46:51 2013)
    60.174.198.14 (Mon Mar 18 21:46:56 2013)
    60.174.198.14 (Mon Mar 18 21:47:01 2013)
    60.174.198.14 (Mon Mar 18 21:47:06 2013)
    61.163.113.72 (Mon Mar 18 21:47:06 2013)
    60.174.198.14 (Mon Mar 18 21:47:12 2013)
    60.174.198.14 (Mon Mar 18 21:47:17 2013)
    60.174.198.14 (Mon Mar 18 21:47:22 2013)
    60.174.198.14 (Mon Mar 18 21:47:28 2013)
    60.174.198.14 (Mon Mar 18 21:47:33 2013)
    60.174.198.14 (Mon Mar 18 21:47:42 2013)
    60.174.198.14 (Mon Mar 18 21:47:48 2013)
    60.174.198.14 (Mon Mar 18 21:47:53 2013)
    60.174.198.14 (Mon Mar 18 21:47:58 2013)
    60.174.198.14 (Mon Mar 18 21:48:03 2013)
    60.174.198.14 (Mon Mar 18 21:48:08 2013)
    60.174.198.14 (Mon Mar 18 21:48:13 2013)
    60.174.198.14 (Mon Mar 18 21:48:17 2013)
    60.174.198.14 (Mon Mar 18 21:48:23 2013)
    60.174.198.14 (Mon Mar 18 21:48:28 2013)
    60.174.198.14 (Mon Mar 18 21:48:32 2013)
    60.174.198.14 (Mon Mar 18 21:48:37 2013)
    60.174.198.14 (Mon Mar 18 21:48:41 2013)
    60.174.198.14 (Mon Mar 18 21:48:47 2013)
    60.174.198.14 (Mon Mar 18 21:48:52 2013)
    60.174.198.14 (Mon Mar 18 21:48:58 2013)
    60.174.198.14 (Mon Mar 18 21:49:02 2013)
    60.174.198.14 (Mon Mar 18 21:49:07 2013)
    60.174.198.14 (Mon Mar 18 21:49:12 2013)
    60.174.198.14 (Mon Mar 18 21:49:17 2013)
    60.174.198.14 (Mon Mar 18 21:49:22 2013)
    60.174.198.14 (Mon Mar 18 21:49:27 2013)
    60.174.198.14 (Mon Mar 18 21:49:32 2013)
    60.174.198.14 (Mon Mar 18 21:49:37 2013)
    60.174.198.14 (Mon Mar 18 21:49:41 2013)
    60.174.198.14 (Mon Mar 18 21:49:47 2013)
    60.174.198.14 (Mon Mar 18 21:49:52 2013)
    60.174.198.14 (Mon Mar 18 21:49:57 2013)
    60.174.198.14 (Mon Mar 18 21:50:02 2013)
    94.23.113.144 (Mon Mar 18 21:59:39 2013)
    94.23.113.144 (Mon Mar 18 22:31:32 2013)
    94.23.113.144 (Mon Mar 18 22:31:35 2013)
    94.23.113.144 (Mon Mar 18 22:31:36 2013)
    172.23.8.4 (Mon Mar 18 22:51:38 2013)
    172.23.8.4 (Mon Mar 18 22:51:53 2013)
    172.23.8.4 (Mon Mar 18 22:51:57 2013)
    172.23.8.4 (Mon Mar 18 22:52:03 2013)
    172.23.8.4 (Mon Mar 18 22:52:08 2013)
    172.23.8.4 (Mon Mar 18 22:52:13 2013)
    172.23.8.4 (Mon Mar 18 22:52:18 2013)
    172.23.8.4 (Mon Mar 18 22:52:22 2013)
    172.23.8.4 (Mon Mar 18 22:52:26 2013)
    172.23.8.4 (Mon Mar 18 22:52:31 2013)

Date template hits:
73197 hit(s): MONTH Day Hour:Minute:Second

Success, the total number of match is 2447

However, look at the above section 'Running tests' which could contain important
information.

 

Revise this Paste

Your Name: Code Language: