Welcome, guest! Login / Register - Why register?
[email protected] webmail now available. Want one? Go here.
Windows getting boring or just want to try something Open Source for your next Desktop Environment?! Go Zorin OS.

Paste

Pasted by registered user jazz_bass ( 9 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file   : /var/log/sshd.log

Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']

Results
=======

Failregex: 15 total
|- #) [# of hits] regular expression
|  1) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
|  6) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
|  8) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-

Ignoreregex: 0 total

Summary
=======

Addresses found:
[1]
    172.23.8.4 (Mon Mar 18 23:47:25 2013)
    172.23.8.4 (Mon Mar 18 23:47:29 2013)
    172.23.8.4 (Mon Mar 18 23:47:34 2013)
    172.23.8.4 (Mon Mar 18 23:47:38 2013)
    172.23.8.4 (Mon Mar 18 23:47:43 2013)
[6]
    172.23.8.4 (Mon Mar 18 23:47:22 2013)
    172.23.8.4 (Mon Mar 18 23:47:26 2013)
    172.23.8.4 (Mon Mar 18 23:47:30 2013)
    172.23.8.4 (Mon Mar 18 23:47:35 2013)
    172.23.8.4 (Mon Mar 18 23:47:39 2013)
[8]
    172.23.8.4 (Mon Mar 18 23:47:23 2013)
    172.23.8.4 (Mon Mar 18 23:47:27 2013)
    172.23.8.4 (Mon Mar 18 23:47:32 2013)
    172.23.8.4 (Mon Mar 18 23:47:36 2013)
    172.23.8.4 (Mon Mar 18 23:47:40 2013)

Date template hits:
515 hit(s): MONTH Day Hour:Minute:Second

Success, the total number of match is 15

However, look at the above section 'Running tests' which could contain important
information.

 

Revise this Paste

Your Name: Code Language: