Welcome, guest! Login / Register - Why register?

Paste

Pasted by registered user jazz_bass ( 7 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file   : /var/log/sshd.log

Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']

Results
=======

Failregex: 15 total
|- #) [# of hits] regular expression
|  1) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
|  6) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
|  8) [5] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-

Ignoreregex: 0 total

Summary
=======

Addresses found:
[1]
    172.23.8.4 (Mon Mar 18 23:47:25 2013)
    172.23.8.4 (Mon Mar 18 23:47:29 2013)
    172.23.8.4 (Mon Mar 18 23:47:34 2013)
    172.23.8.4 (Mon Mar 18 23:47:38 2013)
    172.23.8.4 (Mon Mar 18 23:47:43 2013)
[6]
    172.23.8.4 (Mon Mar 18 23:47:22 2013)
    172.23.8.4 (Mon Mar 18 23:47:26 2013)
    172.23.8.4 (Mon Mar 18 23:47:30 2013)
    172.23.8.4 (Mon Mar 18 23:47:35 2013)
    172.23.8.4 (Mon Mar 18 23:47:39 2013)
[8]
    172.23.8.4 (Mon Mar 18 23:47:23 2013)
    172.23.8.4 (Mon Mar 18 23:47:27 2013)
    172.23.8.4 (Mon Mar 18 23:47:32 2013)
    172.23.8.4 (Mon Mar 18 23:47:36 2013)
    172.23.8.4 (Mon Mar 18 23:47:40 2013)

Date template hits:
515 hit(s): MONTH Day Hour:Minute:Second

Success, the total number of match is 15

However, look at the above section 'Running tests' which could contain important
information.

 

Revise this Paste

Your Name: Code Language: